Fault Attacks on Public Key Elements: Application to DLP-Based Schemes

  • Authors:
  • Chong Hee Kim;Philippe Bulens;Christophe Petit;Jean-Jacques Quisquater

  • Affiliations:
  • UCL Crypto Group, Université Catholique de Louvain, Louvain-la-Neuve, Belgium 1348;UCL Crypto Group, Université Catholique de Louvain, Louvain-la-Neuve, Belgium 1348;UCL Crypto Group, Université Catholique de Louvain, Louvain-la-Neuve, Belgium 1348;UCL Crypto Group, Université Catholique de Louvain, Louvain-la-Neuve, Belgium 1348

  • Venue:
  • EuroPKI '08 Proceedings of the 5th European PKI workshop on Public Key Infrastructure: Theory and Practice
  • Year:
  • 2008

Quantified Score

Hi-index 0.00

Visualization

Abstract

Many cryptosystems suffer from fault attacks when implemented in physical devices such as smart cards. Fault attacks on secret key elements have successfully targeted many protocols relying on the Elliptic Curve Discrete Logarithm Problem (ECDLP), the Integer Factorization Problem (IFP) or the Discrete Logarithm Problem (DLP). More recently, faults attacks have also been designed against the publickey elements of ECDLP and IFP-based schemes.In this paper, we present the first fault attacks on the public key elements of DSA and ElGamal, two DLP-based signature schemes. Our attacks fully recover a 160-bit DSA secret key and a 1024-bit ElGamal secret key with ~4 ·107and ~3 ·106faulty signatures respectively. Such figures might suggest that DLP-based schemes are less prone to fault attacks than ECDLP- and IFP-based schemes. However, the integrity of public keys should always be checked in order to thwart such attacks since improvements may reduce the required amount of faulty signatures in the near future.