Title :
A novel fault attack against ECDSA
Author :
Barenghi, Alessandro ; Bertoni, Guido ; Palomba, Andrea ; Susella, Ruggero
Author_Institution :
Dipt. di Elettron. e Inf., Politec. di Milano, Milan, Italy
Abstract :
A novel fault attack against ECDSA is proposed in this work. It allows to retrieve the secret signing key, by means of injecting faults during the computation of the signature primitive. The proposed method relies on faults injected during a multiplication employed to perform the signature recombination at the end of the ECDSA signing algorithm. Exploiting the faulty signatures, it is possible to reduce the size of the group of the discrete logarithm problem warranting the security margin up to a point where it is computationally treatable. The amount of faulty signatures requested to perform the attack is relatively small, ranging from 4 to a few tenths. The key retrieval can be applied to any key length, like those standardised by NIST, including the ones mandated for top secret documents by NSA suite B. The required post processing of the obtained faulty values is practical on a common consumer grade desktop. The procedure does not rely on any particular structure of the employed curve and may easily be extended to the regular DSA based on modular arithmetics.
Keywords :
digital signatures; public key cryptography; ECDSA; ECDSA signing algorithm; discrete logarithm problem; elliptic curve digital signature algorithm; fault attack; faulty signatures; secret signing key; Elliptic curve cryptography; Elliptic curves; Equations; Generators; Mathematical model;
Conference_Titel :
Hardware-Oriented Security and Trust (HOST), 2011 IEEE International Symposium on
Conference_Location :
San Diego CA
Print_ISBN :
978-1-4577-1059-9
DOI :
10.1109/HST.2011.5955015
