Reducing elliptic curve logarithms to logarithms in a finite field
STOC '91 Proceedings of the twenty-third annual ACM symposium on Theory of computing
Computer Arithmetic Algorithms
Computer Arithmetic Algorithms
Systolic Modular Multiplication
IEEE Transactions on Computers
Differential Fault Attacks on Elliptic Curve Cryptosystems
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Breaking Public Key Cryptosystems on Tamper Resistant Devices in the Presence of Transient Faults
Proceedings of the 5th International Workshop on Security Protocols
Optical Fault Induction Attacks
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults
Designs, Codes and Cryptography
Elliptic Curves: Number Theory and Cryptography, Second Edition
Elliptic Curves: Number Theory and Cryptography, Second Edition
Practical Setup Time Violation Attacks on AES
EDCC-7 '08 Proceedings of the 2008 Seventh European Dependable Computing Conference
A Practical Fault Attack on Square and Multiply
FDTC '08 Proceedings of the 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography
Fault Attack on Elliptic Curve Montgomery Ladder Implementation
FDTC '08 Proceedings of the 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography
Attacks on Authentication and Signature Schemes Involving Corruption of Public Key (Modulus)
FDTC '08 Proceedings of the 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography
Design of a parallel AES for graphics hardware using the CUDA framework
IPDPS '09 Proceedings of the 2009 IEEE International Symposium on Parallel&Distributed Processing
Fast Disk Encryption through GPGPU Acceleration
PDCAT '09 Proceedings of the 2009 International Conference on Parallel and Distributed Computing, Applications and Technologies
Low Voltage Fault Attacks on the RSA Cryptosystem
FDTC '09 Proceedings of the 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography
FDTC '09 Proceedings of the 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography
Programming Massively Parallel Processors: A Hands-on Approach
Programming Massively Parallel Processors: A Hands-on Approach
Record Setting Software Implementation of DES Using CUDA
ITNG '10 Proceedings of the 2010 Seventh International Conference on Information Technology: New Generations
A cryptographic processor for low-resource devices: canning ECDSA and AES like sardines
WISTP'11 Proceedings of the 5th IFIP WG 11.2 international conference on Information security theory and practice: security and privacy of mobile devices in wireless communication
Experimenting with faults, lattices and the DSA
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
| Hi-index | 0.00 |
Elliptic curve cryptosystems proved to be well suited for securing systems with constrained resources like embedded and portable devices. In a fault attack, errors are induced during the computation of a cryptographic primitive, and the faulty results are collected to derive information about the secret key stored into the device in a non-readable way. Scenarios where the secure devices are seized by an opponent are quite common. Consequently, it is possible for an attacker to induce changes in the working environment of the device to cause alterations in the computation of the cryptographic primitive. We introduce a new fault model and attack methodology to recover the secret key employed in implementations of the Elliptic Curve Digital Signature Algorithm. Our attack exploits the information leakage induced when altering the execution of the modular arithmetic operations used in the signature primitive and does not rely on the properties of the underlying elliptic curve mathematical structure, thus being applicable to curves defined on both prime fields and binary fields. The attack is easily reproducible with low cost fault injection technologies relying on transient errors placed within a single datapath width of the target architecture.