Improved Fault Analysis of Signature Schemes

Christophe Giraud; Eric W. Knudsen; Michael Tunstall

Improved Fault Analysis of Signature Schemes

Christophe Giraud, Eric W. Knudsen, Michael Tunstall

Research output: Chapter in Book/Report/Conference proceeding › Conference Contribution (Conference Proceeding)

4 Citations (Scopus)

Abstract

At ACISP 2004, Giraud and Knudsen presented the first fault analysis of DSA, ECDSA, XTR-DSA, Schnorr and ElGamal signatures schemes that considered faults affecting one byte. They showed that 2304 faulty signatures would be expected to reduce the number of possible keys to 240, allowing a 160-bit private key to be recovered. In this paper we show that Giraud and Knudsen’s fault attack is much more efficient than originally claimed. We prove that 34.3% less faulty signatures are required to recover a private key using the same fault model. We also show that their original way of expressing the fault model under a system of equations can be improved. A more precise expression allows us to obtain another improvement of up to 47.1%, depending on the values of the key byte affected.

Translated title of the contribution	Improved Fault Analysis of Signature Schemes
Original language	English
Title of host publication	Smart Card Research and Advanced Application - CARDIS 2010
Publisher	Springer Berlin Heidelberg
Pages	164-181
Volume	6035
Publication status	Published - 2010

Bibliographical note

Other page information: 164-181
Conference Proceedings/Title of Journal: Smart Card Research and Advanced Application -- CARDIS 2010
Other identifier: 2001187

Access to Document

http://www.cs.bris.ac.uk/Publications/pub_master.jsp?id=2001187

Handle.net

Persistent link

Cite this

@inproceedings{c85a4f473c96400e9a18c07e6296d153,

title = "Improved Fault Analysis of Signature Schemes",

abstract = "At ACISP 2004, Giraud and Knudsen presented the first fault analysis of DSA, ECDSA, XTR-DSA, Schnorr and ElGamal signatures schemes that considered faults affecting one byte. They showed that 2304 faulty signatures would be expected to reduce the number of possible keys to 240, allowing a 160-bit private key to be recovered. In this paper we show that Giraud and Knudsen{\textquoteright}s fault attack is much more efficient than originally claimed. We prove that 34.3% less faulty signatures are required to recover a private key using the same fault model. We also show that their original way of expressing the fault model under a system of equations can be improved. A more precise expression allows us to obtain another improvement of up to 47.1%, depending on the values of the key byte affected. ",

author = "Christophe Giraud and Knudsen, {Eric W.} and Michael Tunstall",

note = "Other page information: 164-181 Conference Proceedings/Title of Journal: Smart Card Research and Advanced Application -- CARDIS 2010 Other identifier: 2001187",

year = "2010",

language = "English",

volume = "6035",

pages = "164--181",

booktitle = "Smart Card Research and Advanced Application - CARDIS 2010",

publisher = "Springer Berlin Heidelberg",

address = "Germany",

}

TY - GEN

T1 - Improved Fault Analysis of Signature Schemes

AU - Giraud, Christophe

AU - Knudsen, Eric W.

AU - Tunstall, Michael

N1 - Other page information: 164-181 Conference Proceedings/Title of Journal: Smart Card Research and Advanced Application -- CARDIS 2010 Other identifier: 2001187

PY - 2010

Y1 - 2010

N2 - At ACISP 2004, Giraud and Knudsen presented the first fault analysis of DSA, ECDSA, XTR-DSA, Schnorr and ElGamal signatures schemes that considered faults affecting one byte. They showed that 2304 faulty signatures would be expected to reduce the number of possible keys to 240, allowing a 160-bit private key to be recovered. In this paper we show that Giraud and Knudsen’s fault attack is much more efficient than originally claimed. We prove that 34.3% less faulty signatures are required to recover a private key using the same fault model. We also show that their original way of expressing the fault model under a system of equations can be improved. A more precise expression allows us to obtain another improvement of up to 47.1%, depending on the values of the key byte affected.

AB - At ACISP 2004, Giraud and Knudsen presented the first fault analysis of DSA, ECDSA, XTR-DSA, Schnorr and ElGamal signatures schemes that considered faults affecting one byte. They showed that 2304 faulty signatures would be expected to reduce the number of possible keys to 240, allowing a 160-bit private key to be recovered. In this paper we show that Giraud and Knudsen’s fault attack is much more efficient than originally claimed. We prove that 34.3% less faulty signatures are required to recover a private key using the same fault model. We also show that their original way of expressing the fault model under a system of equations can be improved. A more precise expression allows us to obtain another improvement of up to 47.1%, depending on the values of the key byte affected.

M3 - Conference Contribution (Conference Proceeding)

VL - 6035

SP - 164

EP - 181

BT - Smart Card Research and Advanced Application - CARDIS 2010

PB - Springer Berlin Heidelberg

ER -

Improved Fault Analysis of Signature Schemes

Abstract

Bibliographical note

Access to Document

Handle.net

Fingerprint

Cite this