Efficient Identification and Signatures for Smart Cards
CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Differential Fault Analysis of Secret Key Cryptosystems
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Breaking Public Key Cryptosystems on Tamper Resistant Devices in the Presence of Transient Faults
Proceedings of the 5th International Workshop on Security Protocols
RSA-type Signatures in the Presence of Transient Faults
Proceedings of the 6th IMA International Conference on Cryptography and Coding
On the importance of checking cryptographic protocols for faults
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Experimenting with faults, lattices and the DSA
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Fault analysis of the NTRUSign digital signature scheme
Cryptography and Communications
Fault attacks on projective-to-affine coordinates conversion
COSADE'13 Proceedings of the 4th international conference on Constructive Side-Channel Analysis and Secure Design
Hi-index | 0.00 |
At ACISP 2004, Giraud and Knudsen presented the first fault analysis of DSA, ECDSA, XTR-DSA, Schnorr and ElGamal signatures schemes that considered faults affecting one byte. They showed that 2304 faulty signatures would be expected to reduce the number of possible keys to 240, allowing a 160-bit private key to be recovered. In this paper we show that Giraud and Knudsen's fault attack is much more efficient than originally claimed. We prove that 34.3% less faulty signatures are required to recover a private key using the same fault model. We also show that their original way of expressing the fault model under a system of equations can be improved. A more precise expression allows us to obtain another improvement of up to 47.1%, depending on the values of the key byte affected.