Abstract
The deterministic ECDSA and EdDSA signature schemes have found plenty of applications since their publication, e.g., block chain and Internet of Thing, and have been stated in RFC 6979 and RFC 8032 by IETF respectively. Their theoretical security can be guaranteed within certain well-defined models, and since no randomness is required by the algorithms anymore their practical risks from the flaw of random number generators are mitigated. However, the situation is not really optimistic, since it has been gradually found that delicately designed fault attacks can threaten the practical security of the schemes.
In this paper, based on the random fault models of intermediate values during signature generation, we propose a lattice-based fault analysis method to the deterministic ECDSA and EdDSA algorithms. By virtue of the algebraic structures of the deterministic algorithms, we show that, when providing with some faulty signatures and an associated correct signature of the same input message, some instances of SVP or CVP problems in some lattice can be constructed to recover the signing key. The allowed faulty bits in the method are close to the size of the signing key, and obviously bigger than that allowed by the existing differential fault attacks. In addition, the lattice-based approach supports more alternative targets of fault injection, which further improves its applicability when comparing with the existing approaches.
We perform some experiments to demonstrate the effectiveness of the key recovery method. In particular, for deterministic ECDSA/EdDSA algorithm with 256-bit signing key, the key can be recovered efficiently with significant probability even if the targets are affected by 250/247 faulty bits. However, this is impractical for the existing enumerating approaches.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ambrose, C., Bos, J.W., Fay, B., Joye, M., Lochter, M., Murray, B.: Differential attacks on deterministic signatures. In: Smart, N.P. (ed.) CT-RSA 2018. LNCS, vol. 10808, pp. 339–353. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-76953-0_18
Aranha, D.F., Novaes, F.R., Takahashi, A., Tibouchi, M., Yarom, Y.: LadderLeak: breaking ECDSA with less than one bit of nonce leakage. In: Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security, pp. 225–242 (2020)
Aranha, D.F., Orlandi, C., Takahashi, A., Zaverucha, G.: Security of hedged Fiat–Shamir signatures under fault attacks. In: Canteaut, A., Ishai, Y. (eds.) EUROCRYPT 2020. LNCS, vol. 12105, pp. 644–674. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-45721-1_23
Babai, L.: On Lovászlattice reduction and the nearest lattice point problem. Combinatorica 6(1), 1–13 (1986)
Barenghi, A., Pelosi, G.: A note on fault attacks against deterministic signature schemes. In: Ogawa, K., Yoshioka, K. (eds.) IWSEC 2016. LNCS, vol. 9836, pp. 182–192. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-44524-3_11
Belgarric, P., Fouque, P.-A., Macario-Rat, G., Tibouchi, M.: Side-channel analysis of Weierstrass and Koblitz curve ECDSA on android smartphones. In: Sako, K. (ed.) CT-RSA 2016. LNCS, vol. 9610, pp. 236–252. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-29485-8_14
Benger, N., van de Pol, J., Smart, N.P., Yarom, Y.: “Ooh Aah... Just a Little Bit’’: a small amount of side channel can go a long way. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 75–92. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44709-3_5
Biehl, I., Meyer, B., Müller, V.: Differential fault attacks on elliptic curve cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 131–146. Springer, Heidelberg (2000). https://doi.org/10.1007/3-540-44598-6_8
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997). https://doi.org/10.1007/3-540-69053-0_4
Cao, W., et al.: Two lattice-based differential fault attacks against ECDSA with wNAF algorithm. In: Kwon, S., Yun, A. (eds.) ICISC 2015. LNCS, vol. 9558, pp. 297–313. Springer, Cham (2016). https://doi.org/10.1007/978-3-319-30840-1_19
Chen, Y., Nguyen, P.Q.: BKZ 2.0: better lattice security estimates. In: Lee, D.H., Wang, X. (eds.) ASIACRYPT 2011. LNCS, vol. 7073, pp. 1–20. Springer, Heidelberg (2011). https://doi.org/10.1007/978-3-642-25385-0_1
Faugère, J.-C., Goyet, C., Renault, G.: Attacking (EC)DSA given only an implicit hint. In: Knudsen, L.R., Wu, H. (eds.) SAC 2012. LNCS, vol. 7707, pp. 252–274. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-35999-6_17
Fischlin, M., Günther, F.: Modeling Memory faults in signature and authenticated encryption schemes. In: Jarecki, S. (ed.) CT-RSA 2020. LNCS, vol. 12006, pp. 56–84. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-40186-3_4
Genkin, D., Pachmanov, L., Pipman, I., Tromer, E., Yarom, Y.: ECDSA key extraction from mobile devices via nonintrusive physical side channels. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, pp. 1626–1638 (2016)
Groot Bruinderink, L., Pessl, P.: Differential fault attacks on deterministic lattice signatures. IACR Trans. Cryptographic Hardware Embed. Syst. 2018, 21–43 (2018)
Howgrave-Graham, N.A., Smart, N.P.: Lattice attacks on digital signature schemes. Des. Codes Crypt. 23(3), 283–290 (2001)
Karaklajić, D., Schmidt, J.M., Verbauwhede, I.: Hardware designer’s guide to fault attacks. IEEE Trans. Very Large Scale Integr. (VLSI) Syst. 21(12), 2295–2306 (2013)
Lenstra, A.K., Lenstra, H.W., Lovász, L.: Factoring polynomials with rational coefficients. Math. Ann. 261(4), 515–534 (1982)
Liu, M., Nguyen, P.Q.: Solving BDD by enumeration: an update. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 293–309. Springer, Heidelberg (2013). https://doi.org/10.1007/978-3-642-36095-4_19
Micciancio, D., Goldwasser, S.: Complexity of Lattice Problems: A Cryptographic Perspective, vol. 671. Springer, Boston (2002). https://doi.org/10.1007/978-1-4615-0897-7
Naccache, D., Nguyên, P.Q., Tunstall, M., Whelan, C.: Experimenting with faults, lattices and the DSA. In: Vaudenay, S. (ed.) PKC 2005. LNCS, vol. 3386, pp. 16–28. Springer, Heidelberg (2005). https://doi.org/10.1007/978-3-540-30580-4_3
Nguyen, P.Q.: Hermite’s constant and lattice algorithms. In: Nguyen, P., Vallée, B. (eds.) The LLL Algorithm. Information Security and Cryptography, pp. 19–69. Springer, Heidelberg (2010). https://doi.org/10.1007/978-3-642-02295-1_2
Nguyen, P.Q., Shparlinski, I.E.: The insecurity of the elliptic curve digital signature algorithm with partially known nonces. Des. Codes Crypt. 30(2), 201–217 (2003)
Nguên, P.Q., Stehlé, D.: Floating-point LLL revisited. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol. 3494, pp. 215–233. Springer, Heidelberg (2005). https://doi.org/10.1007/11426639_13
Nguyen, P.Q., Stern, J.: Lattice reduction in cryptology: an update. In: Bosma, W. (ed.) ANTS 2000. LNCS, vol. 1838, pp. 85–112. Springer, Heidelberg (2000). https://doi.org/10.1007/10722028_4
Nguyen, P.Q., Tibouchi, M.: Lattice-based fault attacks on signatures. In: Joye, M., Tunstall, M. (eds.) Fault Analysis in Cryptography, pp. 201–220. Springer, Heidelberg (2012). https://doi.org/10.1007/978-3-642-29656-7_12
Poddebniak, D., Somorovsky, J., Schinzel, S., Lochter, M., Rösler, P.: Attacking deterministic signature schemes using fault attacks. In: IEEE European Symposium on Security and Privacy (Euro S&P), pp. 338–352. IEEE (2018)
Romailler, Y., Pelissier, S.: Practical fault attack against the Ed25519 and EdDSA signature schemes. In: Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 17–24 (2017)
Samwel, N., Batina, L.: Practical fault injection on deterministic signatures: the case of EdDSA. In: Joux, A., Nitaj, A., Rachidi, T. (eds.) AFRICACRYPT 2018. LNCS, vol. 10831, pp. 306–321. Springer, Cham (2018). https://doi.org/10.1007/978-3-319-89339-6_17
Schmidt, J.M., Medwed, M.: A fault attack on ECDSA. In: Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC), pp. 93–99. IEEE (2009)
Schnorr, C.P., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Program. 66(1–3), 181–199 (1994)
Schnorr, C.P., Hörner, H.H.: Attacking the Chor-Rivest cryptosystem by improved lattice reduction. In: Guillou, L.C., Quisquater, J.-J. (eds.) EUROCRYPT 1995. LNCS, vol. 921, pp. 1–12. Springer, Heidelberg (1995). https://doi.org/10.1007/3-540-49264-X_1
Schnorr, C.: A hierarchy of polynomial time lattice basis reduction algorithms. Theoret. Comput. Sci. 53(2), 201–224 (1987)
Shoup, V.: Number Theory C++ Library (NTL) version 9.6.4 (2016). http://www.shoup.net/ntl/
Acknowledgment
We thank the anonymous reviewers for their careful reading and insightful comments. This work is supported by the National Natural Science Foundation of China (No. 62172395) and the National Key Research and Development Program of China (No. U1936209).
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
AAppendix
AAppendix
This appendix will introduce the attacks with the remaining targets listed in Table 1 to deterministic ECDSA and EdDSA, including the attacks with targets k, \(k^{-1}\), e, rd, \(e+rd\) and d during the calculation of s and the attacks taking the hash functions generating e and r as fault targets.
1.1 A.1Fault Attacks with Target k During the Calculation of s to Deterministic ECDSA
Suppose the adversary decides to inject a fault to k before using it during the calculation of s. Then after getting a correct signature for a message m (chosen by the adversary in advance), the adversary can try to get \(N-1\) faulty signatures with the same message m as input, and k as the target.
Step 1: inject fault to k during the calculation of s
When k is injected with a fault, we have \(k_i=k+\varepsilon _i2^{l_i}\) for \(i=1, ..., N-1\), where \(\varepsilon _i\) satisfying \(-2^w< \varepsilon _i< 2^w < n\) is a random number and \( l_i =f-w \text { or } 0\) (see Sect. 3.1). The correct signature \((r, s_0)\) and \(N-1\) faulty ones \((r, s_i)\) for the same input message m can be represented as
Step 2: recover the private key d by solving SVP
After reduction, Eq. (18) can be transformed as
Let \(A_i=({{s_i}^{ - 1} - {s_0}^{ - 1}})2^{-l_i}\bmod n\) and \(D= e + rd\mod n\). There must exist \(h_i\in \mathbb {Z}\) for \(i = 1,...,N - 1\) such that
where D is a fixed value due to the same input message m for all the signature queries.
Equation (20) is exactly Eq. (4). Then following the general strategy described in Sect. 3.2, if \({{w<f - \log \sqrt{2\pi e}}}\) and \(N \gg 1 + \frac{{f + \log \sqrt{2\pi e}}}{{f - w - \log \sqrt{2\pi e}}}\), D can be found by solving an instance of SVP and subsequently the private key d can be recovered by virtue of the equation
1.2 A.2Fault Attacks with Target \(k^{-1}\bmod n\) During the Calculation of s to Deterministic ECDSA
Suppose the adversary decides to inject a fault to \(k^{-1}\bmod n\) (after being generated by modular inversion of k) before using it during the calculation of s. Then after getting a correct signature for a message m, the adversary can try to get \(N-1\) faulty signatures with the same message m as input, and \(k^{-1}\) as the target.
Step 1: inject fault to \(k^{-1}\bmod n\) during the calculation of s
When \(k^{-1}\bmod n\) derived by k is injected with a fault, we have \(k^{-1}_i=k^{-1}+\varepsilon _i2^{l_i}\bmod n\) for \(i=1, ..., N-1\), where \(\varepsilon _i\) satisfying \(-2^w< \varepsilon _i < 2^w\) is a random number, w is a preset value and \( l_i =f-w \text { or } 0\) (see Sect. 3.1). The correct signature \((r, s_0)\) and \(N-1\) groups of faulty \((r, s_i)\) for the same input message m can be represented as
Step 2: recover the private key d by solving SVP
After reduction, Eq. (21) can be transformed as
Let \(A_i=({s_i} - {s_0})2^{-l_i} \bmod n\) and \(D={(e + rd)}^{-1}\bmod n\). There must exist \(h_i\in \mathbb {Z}\) for \(i = 1,...,N - 1\) such that
where D is a fixed value due to the same input message m for all the signature queries.
Equation (23) is exactly Eq. (4). Then following the general strategy described in Sect. 3.2, if \({{w<f - \log \sqrt{2\pi e}}}\) and \(N \gg 1 + \frac{{f + \log \sqrt{2\pi e}}}{{f - w - \log \sqrt{2\pi e}}}\), D can be found by solving an instance of SVP and subsequently the private key d can be recovered by virtue of the equation
1.3 A.3Fault Attacks with Target d During the Calculation of s to Deterministic ECDSA
Suppose the adversary decides to inject a fault to d before using it during the calculation of s. Then after getting a correct signature for a message m, the adversary can try to get \(N-1\) faulty signatures with the same message m as input, and d as the target.
Step 1: inject fault to d during the calculation of s
When d is injected with a fault, we have \(d_i=d +\varepsilon _i 2^{l_i}\) for \(i=1, ..., N-1\), where \(\varepsilon _i\) satisfying \(-2^w< \varepsilon _i < 2^w\) is a random number, w is a preset value and \( l_i =f-w \text { or } 0\) (see Sect. 3.1). The correct signature \((r, s_0)\) and \(N-1\) groups of faulty \((r, s_i)\) for the same input message m can be represented as
Step 2: recover the private key d by solving SVP
After reduction, Eq. (24) can be transformed as
Let \(A_i=\left( {{s_i} - {s_0}} \right) {r^{ - 1}}2^{-l_i}\bmod n\) and \(D=k\bmod n\). There must exist \(h_i\in \mathbb {Z}\) for \(i = 1,...,N - 1\) such that
where D is a fixed value due to the same input message m for all the signature queries.
Equation (26) is exactly Eq. (4). Then following the general strategy described in Sect. 3.2, if \({{w<f - \log \sqrt{2\pi e}}}\) and \(N \gg 1 + \frac{{f + \log \sqrt{2\pi e}}}{{f - w - \log \sqrt{2\pi e}}}\), D can be found by solving an instance of SVP and subsequently the private key d can be recovered by virtue of the equation
1.4 A.4Fault Attacks with Targets e, rd and \(e+rd\) During the Calculation of s to Deterministic ECDSA
If the targets e, rd and \(e+rd\) targets are disturbed by fault injection, a same model of key recovery can be constructed. Therefore, for simplicity, we define mv as any one of the three targets, that is, mv could be e, rd or \(e+rd\). Suppose the adversary decides to inject a fault to mv before using it during the calculation of s. Then after getting a correct signature for a message m, the adversary can try to get \(N-1\) faulty signatures with the same message m as input, and mv as the target.
Step 1: inject fault to mv during the calculation of s
When mv is injected with a fault, we have \(mv_i=mv +\varepsilon _i2^{l_i}\) for \(i=1, ..., N-1\), where \(\varepsilon _i\) satisfying \(-2^w< \varepsilon _i < 2^w\) is a random number, w is a preset value and \( l_i =f-w \text { or } 0\) (see Sect. 3.1). The correct signature \((r, s_0)\) and \(N-1\) faulty ones \((r, s_i)\) for the same input message m can be represented as
Step 2: recover the private key d by solving SVP
After reduction, Eq. (27) can be transformed as
Let \(A_i=\left( {{s_i} - {s_0}} \right) 2^{-l_i}\bmod n\) and \(D=k\bmod n\). There must exist \(h_i\in \mathbb {Z}\) for \(i = 1,...,N - 1\) such that
where D is a fixed value due to the same input message m for all the signature queries.
Equation (29) is exactly Eq. (4). Then following the general strategy described in Sect. 3.2, if \({{w<f - \log \sqrt{2\pi e}}}\) and \(N \gg 1 + \frac{{f + \log \sqrt{2\pi e}}}{{f - w - \log \sqrt{2\pi e}}}\), D can be found by solving an instance of SVP. Naturally, as mentioned above, the private key d can be recovered by virtue of D.
1.5 A.5Fault Attacks with Targets During the Calculation of e to Deterministic ECDSA
As introduced in Appendix A.4, if injecting a fault into e before using it during the calculation of s to obtain some valid \(e_i\)s satisfying \(e_i=e+\varepsilon _i2^{l_i}\) (\(-2^w< \varepsilon _i < 2^w\) and \( l_i =f-w \text { or } 0\)), then Eq. (4) can be constructed to recover the private key in deterministic ECDSA.
Similarly, besides directly injecting fault into the target “e during the calculation of s”, there still exist two other fault targets during the calculation of e which can generate some valid faulty \(e_i\)s for key recovery, including “registers before outputting the hash value H(m)” and “last modular additions before outputting the hash value H(m)”. The models of fault injection with these two targets are similar to the ones introduced in Sects. 4.3.2 and 4.3.3, and thereby Eq. (4) which is similar to that with target “e during the calculation of s”, can be constructed to recover the private key in deterministic ECDSA.
1.6 A.6Fault Attacks with targets During the Calculation of r to EdDSA
As introduced in Sect. 4.1.2, if injecting a fault into r before using it during the calculation of s to obtain some valid \(r_i\)s satisfying \(r_i=r+\varepsilon _i2^{l_i}\) (\(-2^w< \varepsilon _i < 2^w\), \({{w<f - \log \sqrt{2\pi e}}}\) and \(l_i + w \le f\)), Eq. (4) can be constructed to recover the private key in EdDSA.
Similarly, besides directly injecting fault into the target “r during the calculation of s”, there still exist another three fault targets during the calculation of r which can generate some valid faulty \(r_i\)s for key recovery, including “registers before outputting hash value H(R, P, m)”, “last modular additions before outputting hash value H(R, P, m)” and “hash value H(R, P, m) during the reduction of r”. The models of fault injection with these three targets are similar to the ones in Sects. 4.3.2, 4.3.3 and 4.3.4, and thereby Eq. (4) which is similar to that with target “r during the calculation of s”, can be constructed to recover the private key in EdDSA.
Rights and permissions
Copyright information
© 2022 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Cao, W., Shi, H., Chen, H., Chen, J., Fan, L., Wu, W. (2022). Lattice-Based Fault Attacks on Deterministic Signature Schemes of ECDSA and EdDSA. In: Galbraith, S.D. (eds) Topics in Cryptology – CT-RSA 2022. CT-RSA 2022. Lecture Notes in Computer Science(), vol 13161. Springer, Cham. https://doi.org/10.1007/978-3-030-95312-6_8
Download citation
DOI: https://doi.org/10.1007/978-3-030-95312-6_8
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-95311-9
Online ISBN: 978-3-030-95312-6
eBook Packages: Computer ScienceComputer Science (R0)