skip to main content
10.1145/2070425.2070438acmotherconferencesArticle/Chapter ViewAbstractPublication PagessinConference Proceedingsconference-collections
research-article

Fault attack to the elliptic curve digital signature algorithm with multiple bit faults

Published: 14 November 2011 Publication History

Abstract

Elliptic curve cryptosystems proved to be well suited for securing systems with constrained resources like embedded and portable devices. In a fault attack, errors are induced during the computation of a cryptographic primitive, and the faulty results are collected to derive information about the secret key stored into the device in a non-readable way. Scenarios where the secure devices are seized by an opponent are quite common. Consequently, it is possible for an attacker to induce changes in the working environment of the device to cause alterations in the computation of the cryptographic primitive. We introduce a new fault model and attack methodology to recover the secret key employed in implementations of the Elliptic Curve Digital Signature Algorithm. Our attack exploits the information leakage induced when altering the execution of the modular arithmetic operations used in the signature primitive and does not rely on the properties of the underlying elliptic curve mathematical structure, thus being applicable to curves defined on both prime fields and binary fields. The attack is easily reproducible with low cost fault injection technologies relying on transient errors placed within a single datapath width of the target architecture.

References

[1]
G. Agosta, A. Barenghi, F. De Santis, A. Di Biagio, and G. Pelosi. Fast Disk Encryption through GPGPU Acceleration. In PDCAT, pages 102--109. IEEE Computer Society, 2009.
[2]
G. Agosta, A. Barenghi, F. De Santis, and G. Pelosi. Record Setting Software Implementation of DES Using CUDA. In S. Latifi, editor, ITNG, pages 748--755. IEEE Computer Society, 2010.
[3]
American National Standards Institute (ANSI). Public Key Cryptography For The Financial Services Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA). Std. ANSI X9.62:2005, 2005.
[4]
F. Bao, R. H. Deng, Y. Han, A. B. Jeng, A. D. Narasimhalu, and T.-H. Ngair. Breaking Public Key Cryptosystems on Tamper Resistant Devices in the Presence of Transient Faults. In B. Christianson, B. Crispo, T. M. A. Lomas, and M. Roe, editors, Security Protocols Workshop, volume 1361 of Lecture Notes in Computer Science, pages 115--124. Springer, 1997.
[5]
A. Barenghi, G. Bertoni, L. Breveglieri, M. Pellicioli, and G. Pelosi. Low Voltage Fault Attacks to AES. In J. Plusquellic and K. Mai, editors, HOST, pages 7--12. IEEE Computer Society, 2010.
[6]
A. Barenghi, G. Bertoni, E. Parrinello, and G. Pelosi. Low Voltage Fault Attacks on the RSA Cryptosystem. In Breveglieri et al. \citeDBLP:conf/fdtc/2009, pages 23--31.
[7]
A. Barenghi, G. M. Bertoni, A. Palomba, and R. Susella. A Novel Fault Attack Against ECDSA. In 4th Annual IEEE International Symposium on Hardware-Oriented Security and Trust (HOST), 2011.
[8]
I. Biehl, B. Meyer, and V. Müller. Differential Fault Attacks on Elliptic Curve Cryptosystems. In M. Bellare, editor, CRYPTO, volume 1880 of Lecture Notes in Computer Science, pages 131--146. Springer, 2000.
[9]
L. Breveglieri, S. Gueron, I. Koren, D. Naccache, and J.-P. Seifert, editors. Fifth International Workshop on Fault Diagnosis and Tolerance in Cryptography, 2008, FDTC 2008, Washington, DC, USA, 10 August 2008. IEEE Computer Society, 2008.
[10]
L. Breveglieri, I. Koren, D. Naccache, E. Oswald, and J.-P. Seifert, editors. Sixth International Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2009, Lausanne, Switzerland, 6 September 2009. IEEE Computer Society, 2009.
[11]
M. Ciet and M. Joye. Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults. Des. Codes Cryptography, 36(1):33--43, 2005.
[12]
A. Di Biagio, A. Barenghi, G. Agosta, and G. Pelosi. Design of a Parallel AES for Graphics Hardware Using the CUDA Framework. In Proceedings of the 2009 IEEE International Symposium on Parallel&Distributed Processing, pages 1--8, Washington, DC, USA, 2009. IEEE Computer Society.
[13]
P.-A. Fouque, R. Lercier, D. Réal, and F. Valette. Fault Attack on Elliptic Curve Montgomery Ladder Implementation. In Breveglieri et al. \citeDBLP:conf/fdtc/2008, pages 92--98.
[14]
G. Hardy. An Introduction to the Theory of Numbers. Oxford Science Publications. Oxford Press, fifth edition, 1979.
[15]
M. Hutter, M. Feldhofer, and J. Wolkerstorfer. A Cryptographic Processor for Low-Resource Devices: Canning ECDSA and AES Like Sardines. In C. A. Ardagna and J. Zhou, editors, WISTP, volume 6633 of Lecture Notes in Computer Science, pages 144--159. Springer, 2011.
[16]
M. Kara-Ivaniov, E. Iceland, and A. Kipnis. Attacks on Authentication and Signature Schemes Involving Corruption of Public Key (Modulus). In Breveglieri et al. \citeDBLP:conf/fdtc/2008, pages 108--115.
[17]
D. Kirk, W. W. Hwu. Programming massively parallel processors: a hands-on approach. Applications of GPU Computing Series. Morgan Kaufmann Publishers, 2010.
[18]
I. Koren. Computer arithmetic algorithms. A. K. Peters, Ltd., 2002.
[19]
A. Menezes, S. A. Vanstone, and T. Okamoto. Reducing Elliptic Curve Logarithms to Logarithms in a Finite Field. In STOC, pages 80--89. ACM, 1991.\\{6pt}
[20]
D. Naccache, P. Q. Nguyen, M. Tunstall, and C. Whelan. Experimenting with Faults, Lattices and the DSA. In S. Vaudenay, editor, Public Key Cryptography, volume 3386 of Lecture Notes in Computer Science, pages 16--28. Springer, 2005.
[21]
National Institute of Standards and Technology (NIST) - U.S. Department of Commerce. Digital Signature Standard (DSS). Federal Information Processing Standards Publication 186--3, National Technical Information Service, Springfield, Virginia, USA 2009, http://csrc.nist.gov/publications/fips/fips186--3/fips_186--3.pdf.
[22]
J. M. Pollard. Theorems on Factorization and Primality Testing. In. Proc. of the Cambridge Philosophical Society, 76:521--528, 1974.
[23]
J.-M. Schmidt and C. Herbst. A Practical Fault Attack on Square and Multiply. In Breveglieri et al. \citeDBLP:conf/fdtc/2008, pages 53--58.
[24]
J.-M. Schmidt and M. Medwed. A Fault Attack on ECDSA. In Breveglieri et al. \citeDBLP:conf/fdtc/2009, pages 93--99.
[25]
N. Selmane, S. Guilley, and J.-L. Danger. Practical Setup Time Violation Attacks on AES. In EDCC, pages 91--96. IEEE Computer Society, 2008.
[26]
D. Shanks. Class number, a theory of factorization and genera. In Proc. of Symposia on Pure Mathematics, American Mathematical Society, 20:415--440, 1971.
[27]
S. P. Skorobogatov and R. J. Anderson. Optical Fault Induction Attacks. In B. S. Kalinski Jr., Ç. K. Koç, and C. Paar, editors, CHES, volume 2523 of Lecture Notes in Computer Science, pages 2--12. Springer, 2002.
[28]
N. P. Smart. The Discrete Logarithm Problem on Elliptic Curves of Trace One. J. Cryptology, 12(3):193--196, 1999.
[29]
P. C. van Oorschot and M. J. Wiener. Parallel Collision Search with Cryptanalytic Applications. J. Cryptology, 12(1):1--28, 1999.
[30]
C. D. Walter. Systolic Modular Multiplication. IEEE Trans. Computers, 42(3):376--378, 1993.
[31]
L. C. Washington. Elliptic Curves: Number Theory and Cryptography, Second Edition. Chapman & Hall/CRC, 2 edition, 2008.

Cited By

View all
  • (2016)A Fault-Based Secret Key Retrieval Method for ECDSAACM Journal on Emerging Technologies in Computing Systems10.1145/276713213:1(1-26)Online publication date: 20-Apr-2016
  • (2016)Multi-level formal verificationJournal of Cryptographic Engineering10.1007/s13389-016-0144-37:1(87-95)Online publication date: 22-Nov-2016
  • (2015)Exp-HEProceedings of the 12th International Conference on Embedded Software10.5555/2830865.2830883(157-166)Online publication date: 4-Oct-2015
  • Show More Cited By

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
SIN '11: Proceedings of the 4th international conference on Security of information and networks
November 2011
276 pages
ISBN:9781450310208
DOI:10.1145/2070425
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

In-Cooperation

  • SDU: Suleyman Demirel University
  • AOARD: Asian Office of Aerospace Research and Development
  • RDECOM: U.S. Army Research, Development and Engineering Command
  • US Army ITC-PAC Asian Research Office
  • AFOSR: AFOSR
  • ONRGlobal: U.S. Office of Naval Research Global
  • Macquarie University-Sydney

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 14 November 2011

Permissions

Request permissions for this article.

Check for updates

Author Tags

  1. elliptic curve digital signature algorithm
  2. fault attacks

Qualifiers

  • Research-article

Conference

SIN 2011

Acceptance Rates

Overall Acceptance Rate 102 of 289 submissions, 35%

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)8
  • Downloads (Last 6 weeks)0
Reflects downloads up to 13 Jan 2025

Other Metrics

Citations

Cited By

View all
  • (2016)A Fault-Based Secret Key Retrieval Method for ECDSAACM Journal on Emerging Technologies in Computing Systems10.1145/276713213:1(1-26)Online publication date: 20-Apr-2016
  • (2016)Multi-level formal verificationJournal of Cryptographic Engineering10.1007/s13389-016-0144-37:1(87-95)Online publication date: 22-Nov-2016
  • (2015)Exp-HEProceedings of the 12th International Conference on Embedded Software10.5555/2830865.2830883(157-166)Online publication date: 4-Oct-2015
  • (2015)Exp-HE: a family of fast exponentiation algorithms resistant to SPA, fault, and combined attacks2015 International Conference on Embedded Software (EMSOFT)10.1109/EMSOFT.2015.7318271(157-166)Online publication date: Oct-2015
  • (2012)Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and CountermeasuresProceedings of the IEEE10.1109/JPROC.2012.2188769100:11(3056-3076)Online publication date: Nov-2012

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Media

Figures

Other

Tables

Share

Share

Share this Publication link

Share on social media