Skip to main content
SpringerLink
Log in

Practical Fault Injection on Deterministic Signatures: The Case of EdDSA

  • Conference paper
  • First Online:
Progress in Cryptology – AFRICACRYPT 2018 (AFRICACRYPT 2018)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10831))

Included in the following conference series:

Abstract

After recent vulnerabilities of implementations of deterministic signatures e.g. EdDSA have been revealed, it became evident that a secure deployment of those will require additional countermeasures. Nevertheless, this is not a simple task, as we show in this work. We demonstrate the easiness of fault attacks on EdDSA as implemented in the lightweight cryptographic library WolfSSL on a 32-bit micro-controller. We achieve a success rates of almost 100% by voltage glitching and electromagnetic fault injection. Even after adding certain checks as a countermeasure, the implementation remains vulnerable to fault injection. As only a single successful fault is needed to recover the key, this kind of implementation is an easy target for the attackers.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 64.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 84.00
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    https://www.riscure.com/security-tools/hardware/.

References

  1. Agoyan, M., Dutertre, J.-M., Naccache, D., Robisson, B., Tria, A.: When clocks fail: on critical paths and clock faults. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 182–193. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-12510-2_13

    Chapter  Google Scholar 

  2. Ambrose, C., Bos, J.W., Fay, B., Joye, M., Lochter, M., Murray, B.: Differential attacks on deterministic signatures. Cryptology ePrint Archive, Report 2017/975 (2017). https://eprint.iacr.org/2017/975.pdf

  3. Aumüller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.-P.: Fault attacks on RSA with CRT: concrete results and practical countermeasures. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 260–275. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_20

    Chapter  Google Scholar 

  4. Barenghi, A., Breveglieri, L., Koren, I., Pelosi, G., Regazzoni, F.: Countermeasures against fault attacks on software implemented AES. In: Proceedings of the 5th Workshop on Embedded Systems Security - WESS 2010. ACM Press (2010)

    Google Scholar 

  5. Barenghi, A., Pelosi, G.: A note on fault attacks against deterministic signature schemes (short paper). In: Ogawa, K., Yoshioka, K. (eds.) IWSEC 2016. LNCS, vol. 9836, pp. 182–192. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44524-3_11

    Chapter  Google Scholar 

  6. Beckers, A., Balasch, J., Gierlichs, B., Verbauwhede, I.: Design and implementation of a waveform-matching based triggering system. In: Standaert, F.-X., Oswald, E. (eds.) COSADE 2016. LNCS, vol. 9689, pp. 184–198. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-43283-0_11

    Chapter  Google Scholar 

  7. Bernstein, D.J.: Curve25519: new Diffie-Hellman speed records. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 207–228. Springer, Heidelberg (2006). https://doi.org/10.1007/11745853_14

    Chapter  Google Scholar 

  8. Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.Y.: High-speed high-security signatures. J. Crypt. Eng. 2(2), 77–89 (2012)

    Article  MATH  Google Scholar 

  9. Bertoni, G., Breveglieri, L., Koren, I., Maistri, P., Piuri, V.: Error analysis and detection procedures for a hardware implementation of the advanced encryption standard. IEEE Trans. Comput. 52(4), 492–505 (2003)

    Article  Google Scholar 

  10. Biehl, I., Meyer, B., Müller, V.: Differential fault attacks on elliptic curve cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 131–146. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44598-6_8

    Chapter  Google Scholar 

  11. Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_4

    Google Scholar 

  12. Carpi, R.B., Picek, S., Batina, L., Menarini, F., Jakobovic, D., Golub, M.: Glitch it if you can: parameter search strategies for successful fault injection. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 236–252. Springer, Cham (2014). https://doi.org/10.1007/978-3-319-08302-5_16

    Google Scholar 

  13. Checkoway, S., Maskiewicz, J., Garman, C., Fried, J., Cohney, S., Green, M., Heninger, N., Weinmann, R.P., Rescorla, E., Shacham, H.: A systematic analysis of the Juniper Dual EC incident. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, CCS 2016, pp. 468–479 (2016). http://doi.acm.org/10.1145/2976749.2978395

  14. Howgrave-Graham, N.A., Smart, N.P.: Lattice attacks on digital signature schemes. Des. Codes Crypt. 23(3), 283–290 (2001). https://doi.org/10.1023/A:1011214926272

    Article  MathSciNet  MATH  Google Scholar 

  15. Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1(1), 36–63 (2001)

    Article  Google Scholar 

  16. Karpovsky, M., Kulikowski, K., Taubin, A.: Robust protection against fault-injection attacks on smart cards implementing the advanced encryption standard. In: 2004 International Conference on Dependable Systems and Networks. IEEE (2004)

    Google Scholar 

  17. Kim, Y., Daly, R., Kim, J., Fallin, C., Lee, J.H., Lee, D., Wilkerson, C., Lai, K., Mutlu, O.: Flipping bits in memory without accessing them. ACM SIGARCH Comput. Archit. News 42(3), 361–372 (2014)

    Article  Google Scholar 

  18. Kravitz, D.: Digital signature algorithm. US Patent 5,231,668, 27 July 1993. https://www.google.com/patents/US5231668

  19. Perrin, T.: The XEdDSA and VXEdDSA Signature Schemes (2017). https://signal.org/docs/specifications/xeddsa/xeddsa.pdf. Accessed 11 Sept 2017

  20. Picek, S., Batina, L., Jakobovic, D., Carpi, R.B.: Evolving genetic algorithms for fault injection attacks. In: 2014 37th International Convention on Information and Communication Technology, Electronics and Microelectronics (MIPRO). IEEE, May 2014

    Google Scholar 

  21. Poddebniak, D., Somorovsky, J., Schinzel, S., Lochter, M., Rösler, P.: Attacking deterministic signature schemes using fault attacks. Cryptology ePrint Archive, Report 2017/1014 (2017). http://eprint.iacr.org/2017/1014

  22. FIPS PUB 180-4: Secure Hash Standard (SHS). Technical report, NIST, July 2015

    Google Scholar 

  23. Romailler, Y., Pelissier, S.: Practical fault attack against the Ed25519 and EdDSA signature schemes. In: 2017 Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC). IEEE, September 2017

    Google Scholar 

  24. Samwel, N., Batina, L., Bertoni, G., Daemen, J., Susella, R.: Breaking Ed25519 in WolfSSL. Cryptology ePrint Archive, Report 2017/985 (2017). http://eprint.iacr.org/2017/985

  25. Schnorr, C.P.: Efficient signature generation by smart cards. J. Crypt. 4(3), 161–174 (1991). https://doi.org/10.1007/BF00196725

    Article  MathSciNet  MATH  Google Scholar 

  26. Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_2

    Chapter  Google Scholar 

  27. Velegalati, R., Van Spyk, R., van Woudenberg, J.: Electro magnetic fault injection in practice. In: International Cryptographic Module Conference (ICMC) (2013)

    Google Scholar 

Download references

Acknowledgments

This work was supported in part by the Technology Foundation STW (Projects 13499 TYPHOON and 12624 SIDES) and The Netherlands Organization for Scientific Research NWO (project ProFIL 628.001.007) and by a project funded by DarkMatter LLC.

Author information

Authors and Affiliations

  1. Digital Security Group, Radboud University, Nijmegen, The Netherlands

    Niels Samwel & Lejla Batina

Authors
  1. Niels Samwel
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Lejla Batina
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Niels Samwel or Lejla Batina .

Editor information

Editors and Affiliations

  1. Fondation Partenariale de Sorbonne Université, Paris, France

    Antoine Joux

  2. Université de Caen, Caen, France

    Abderrahmane Nitaj

  3. Al Akhawayn University, Ifrane, Morocco

    Tajjeeddine Rachidi

Rights and permissions

Reprints and permissions

Copyright information

© 2018 Springer International Publishing AG, part of Springer Nature

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Samwel, N., Batina, L. (2018). Practical Fault Injection on Deterministic Signatures: The Case of EdDSA. In: Joux, A., Nitaj, A., Rachidi, T. (eds) Progress in Cryptology – AFRICACRYPT 2018. AFRICACRYPT 2018. Lecture Notes in Computer Science(), vol 10831. Springer, Cham. https://doi.org/10.1007/978-3-319-89339-6_17

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-89339-6_17

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-89338-9

  • Online ISBN: 978-3-319-89339-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation