Abstract : At ACISP 2004, Giraud and Knudsen presented the first fault analysis of DSA, ECDSA, XTR-DSA, Schnorr and ElGamal signatures schemes that considered faults affecting one byte. They showed that 2304 faulty signatures would be expected to reduce the number of possible keys to 240, allowing a 160-bit private key to be recovered. In this paper we show that Giraud and Knudsen's fault attack is much more efficient than originally claimed. We prove that 34.3% less faulty signatures are required to recover a private key using the same fault model. We also show that their original way of expressing the fault model under a system of equations can be improved. A more precise expression allows us to obtain another improvement of up to 47.1%, depending on the values of the key byte affected.
Dieter Gollmann; Jean-Louis Lanet; Julien Iguchi-Cartigny. 9th IFIP WG 8.8/11.2 International Conference on Smart Card Research and Advanced Applications (CARDIS), Apr 2010, Passau, Germany. Springer, Lecture Notes in Computer Science, LNCS-6035, pp.164-181, 2010, Smart Card Research and Advanced Application. 〈10.1007/978-3-642-12510-2_12〉
https://hal.inria.fr/hal-01056107
Contributeur : Hal Ifip
<>
Soumis le : jeudi 14 août 2014 - 18:25:15
Dernière modification le : vendredi 11 août 2017 - 15:20:21
Document(s) archivé(s) le : jeudi 27 novembre 2014 - 01:47:26
Christophe Giraud, Erik W. Knudsen, Michael Tunstall. Improved Fault Analysis of Signature Schemes. Dieter Gollmann; Jean-Louis Lanet; Julien Iguchi-Cartigny. 9th IFIP WG 8.8/11.2 International Conference on Smart Card Research and Advanced Applications (CARDIS), Apr 2010, Passau, Germany. Springer, Lecture Notes in Computer Science, LNCS-6035, pp.164-181, 2010, Smart Card Research and Advanced Application. 〈10.1007/978-3-642-12510-2_12〉. 〈hal-01056107〉
