Providing sound and fault resilient signature schemes is of crucial importance for the realization of modern secure embedded systems. In this context, the use of standardized discrete logarithm signature primitives such as DSA and ECDSA has been proven frail with respect to failures in the RNG subsystem of a device, leading to the design of deterministic schemes. In this work we analyze the resistance of deterministic signature primitives to fault attacks.We devise an attack strategy relying on a relaxed fault model and show how to efficiently derive the secret key of the deterministic version of both DSA and ECDSA, employing a single correct-faulty signature pair, while we show that the EdDSA algorithm shows structural resistance against such attacks.
A note on fault attacks against deterministic signature schemes
BARENGHI, ALESSANDRO;PELOSI, GERARDO
2016-01-01
Abstract
Providing sound and fault resilient signature schemes is of crucial importance for the realization of modern secure embedded systems. In this context, the use of standardized discrete logarithm signature primitives such as DSA and ECDSA has been proven frail with respect to failures in the RNG subsystem of a device, leading to the design of deterministic schemes. In this work we analyze the resistance of deterministic signature primitives to fault attacks.We devise an attack strategy relying on a relaxed fault model and show how to efficiently derive the secret key of the deterministic version of both DSA and ECDSA, employing a single correct-faulty signature pair, while we show that the EdDSA algorithm shows structural resistance against such attacks.File | Dimensione | Formato | |
---|---|---|---|
submission45_IWSEC2016.pdf
Accesso riservato
Descrizione: article
:
Post-Print (DRAFT o Author’s Accepted Manuscript-AAM)
Dimensione
505.16 kB
Formato
Adobe PDF
|
505.16 kB | Adobe PDF | Visualizza/Apri |
I documenti in IRIS sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.