Differential Fault Attacks on Elliptic Curve Cryptosystems
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Differential Fault Analysis of Secret Key Cryptosystems
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Public-Key Cryptosystems from Lattice Reduction Problems
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
NSS: An NTRU Lattice-Based Signature Scheme
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
Cryptanalysis of the Revised NTRU Signature Scheme
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Cryptanalysis of the NTRU Signature Scheme (NSS) from Eurocrypt 2001
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Optical Fault Induction Attacks
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
RSA Speedup with Chinese Remainder Theorem Immune against Hardware Fault Cryptanalysis
IEEE Transactions on Computers
A new CRT-RSA algorithm secure against bellcore attacks
Proceedings of the 10th ACM conference on Computer and communications security
On authenticated computing and RSA-based authentication
Proceedings of the 12th ACM conference on Computer and communications security
Fault-Tolerant Systems
Comparison of innovative signature algorithms for WSNs
WiSec '08 Proceedings of the first ACM conference on Wireless network security
Perturbating RSA Public Keys: An Improved Attack
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
An Introduction to Mathematical Cryptography
An Introduction to Mathematical Cryptography
Fault Attacks on RSA Public Keys: Left-To-Right Implementations Are Also Vulnerable
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
On the importance of checking cryptographic protocols for faults
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Fault attacks for CRT based RSA: new attacks, new results and new countermeasures
WISTP'07 Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems
Hypercubic lattice reduction and analysis of GGH and NTRU signatures
EUROCRYPT'03 Proceedings of the 22nd international conference on Theory and applications of cryptographic techniques
NTRUSign: digital signatures using the NTRU lattice
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
Seifert's RSA fault attack: simplified analysis and generalizations
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Why one should also secure RSA public key elements
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
Wagner’s attack on a secure CRT-RSA algorithm reconsidered
FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography
Fault cryptanalysis of elgamal signature scheme
EUROCAST'05 Proceedings of the 10th international conference on Computer Aided Systems Theory
Learning a parallelepiped: cryptanalysis of GGH and NTRU signatures
EUROCRYPT'06 Proceedings of the 24th annual international conference on The Theory and Applications of Cryptographic Techniques
Improved fault analysis of signature schemes
CARDIS'10 Proceedings of the 9th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Application
| Hi-index | 0.00 |
We present a fault analysis of the NTRUSign digital signature scheme. The utilized fault model is the one in which the attacker is assumed to be able to fault a small number of coefficients in a specific polynomial during the signing process but cannot control the exact location of the injected transient faults. For NTRUsign with parameters (N, q驴=驴p l , $\mathcal{B}$ , standard, $\mathcal{N}$ ), when the attacker is able to skip the norm-bound signature checking step, our attack needs one fault, succeeds with probability $\approx 1-\frac{1}{p}$ and requires O((qN) t ) steps when the number of faulted polynomial coefficients is upper bounded by t. The attack is also applicable to NTRUSign utilizing the transpose NTRU lattice but it requires double the number of fault injections. Different countermeasures against the proposed attack are investigated.