Alessandro Barenghi, G. Bertoni, A. Palomba, Ruggero Susella
{"title":"A novel fault attack against ECDSA","authors":"Alessandro Barenghi, G. Bertoni, A. Palomba, Ruggero Susella","doi":"10.1109/HST.2011.5955015","DOIUrl":null,"url":null,"abstract":"A novel fault attack against ECDSA is proposed in this work. It allows to retrieve the secret signing key, by means of injecting faults during the computation of the signature primitive. The proposed method relies on faults injected during a multiplication employed to perform the signature recombination at the end of the ECDSA signing algorithm. Exploiting the faulty signatures, it is possible to reduce the size of the group of the discrete logarithm problem warranting the security margin up to a point where it is computationally treatable. The amount of faulty signatures requested to perform the attack is relatively small, ranging from 4 to a few tenths. The key retrieval can be applied to any key length, like those standardised by NIST, including the ones mandated for top secret documents by NSA suite B. The required post processing of the obtained faulty values is practical on a common consumer grade desktop. The procedure does not rely on any particular structure of the employed curve and may easily be extended to the regular DSA based on modular arithmetics.","PeriodicalId":300377,"journal":{"name":"2011 IEEE International Symposium on Hardware-Oriented Security and Trust","volume":"550 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-06-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"19","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 IEEE International Symposium on Hardware-Oriented Security and Trust","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/HST.2011.5955015","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 19
Abstract
A novel fault attack against ECDSA is proposed in this work. It allows to retrieve the secret signing key, by means of injecting faults during the computation of the signature primitive. The proposed method relies on faults injected during a multiplication employed to perform the signature recombination at the end of the ECDSA signing algorithm. Exploiting the faulty signatures, it is possible to reduce the size of the group of the discrete logarithm problem warranting the security margin up to a point where it is computationally treatable. The amount of faulty signatures requested to perform the attack is relatively small, ranging from 4 to a few tenths. The key retrieval can be applied to any key length, like those standardised by NIST, including the ones mandated for top secret documents by NSA suite B. The required post processing of the obtained faulty values is practical on a common consumer grade desktop. The procedure does not rely on any particular structure of the employed curve and may easily be extended to the regular DSA based on modular arithmetics.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
