Fault attacks on public key elements: Application to DLP-based schemes

Chong Hee Kim; Philippe Bulens; Christophe Petit; Jean Jacques Quisquater

doi:10.1007/978-3-540-69485-4_13

Fault attacks on public key elements: Application to DLP-based schemes

Chong Hee Kim, Philippe Bulens, Christophe Petit, Jean Jacques Quisquater

Computer Science

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Many cryptosystems suffer from fault attacks when implemented in physical devices such as smart cards. Fault attacks on secret key elements have successfully targeted many protocols relying on the Elliptic Curve Discrete Logarithm Problem (ECDLP), the Integer Factorization Problem (IFP) or the Discrete Logarithm Problem (DLP). More recently, faults attacks have also been designed against the public key elements of ECDLP and IFP-based schemes. In this paper, we present the first fault attacks on the public key elements of DSA and ElGamal, two DLP-based signature schemes. Our attacks fully recover a 160-bit DSA secret key and a 1024-bit ElGamal secret key with ∼ 4 •10 ⁷ and ∼ 3 •10⁶ faulty signatures respectively. Such figures might suggest that DLP-based schemes are less prone to fault attacks than ECDLP- and IFP-based schemes. However, the integrity of public keys should always be checked in order to thwart such attacks since improvements may reduce the required amount of faulty signatures in the near future.

Original language	English
Title of host publication	Public Key Infrastructure - 5th European PKI Workshop
Subtitle of host publication	Theory and Practice, EuroPKI 2008, Proceedings
Pages	182-195
Number of pages	14
DOIs	https://doi.org/10.1007/978-3-540-69485-4_13
Publication status	Published - 2008
Event	5th European Public Key Infrastructure Workshop: Theory and Practice, EuroPKI 2008 - Trondheim, Norway Duration: 16 Jun 2008 → 17 Jun 2008

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	5057 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	5th European Public Key Infrastructure Workshop: Theory and Practice, EuroPKI 2008
Country/Territory	Norway
City	Trondheim
Period	16/06/08 → 17/06/08

Keywords

DSA
ElGamal
Fault injection
Faults attacks
Side channel
Smart cards

ASJC Scopus subject areas

Theoretical Computer Science
General Computer Science

Access to Document

10.1007/978-3-540-69485-4_13

Cite this

Kim, C. H., Bulens, P., Petit, C., & Quisquater, J. J. (2008). Fault attacks on public key elements: Application to DLP-based schemes. In Public Key Infrastructure - 5th European PKI Workshop: Theory and Practice, EuroPKI 2008, Proceedings (pp. 182-195). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5057 LNCS). https://doi.org/10.1007/978-3-540-69485-4_13

Kim, Chong Hee ; Bulens, Philippe ; Petit, Christophe et al. / Fault attacks on public key elements : Application to DLP-based schemes. Public Key Infrastructure - 5th European PKI Workshop: Theory and Practice, EuroPKI 2008, Proceedings. 2008. pp. 182-195 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{73efdc2a06cb48198095627cda4a14cc,

title = "Fault attacks on public key elements: Application to DLP-based schemes",

abstract = "Many cryptosystems suffer from fault attacks when implemented in physical devices such as smart cards. Fault attacks on secret key elements have successfully targeted many protocols relying on the Elliptic Curve Discrete Logarithm Problem (ECDLP), the Integer Factorization Problem (IFP) or the Discrete Logarithm Problem (DLP). More recently, faults attacks have also been designed against the public key elements of ECDLP and IFP-based schemes. In this paper, we present the first fault attacks on the public key elements of DSA and ElGamal, two DLP-based signature schemes. Our attacks fully recover a 160-bit DSA secret key and a 1024-bit ElGamal secret key with ∼ 4 •10 7 and ∼ 3 •106 faulty signatures respectively. Such figures might suggest that DLP-based schemes are less prone to fault attacks than ECDLP- and IFP-based schemes. However, the integrity of public keys should always be checked in order to thwart such attacks since improvements may reduce the required amount of faulty signatures in the near future.",

keywords = "DSA, ElGamal, Fault injection, Faults attacks, Side channel, Smart cards",

author = "Kim, {Chong Hee} and Philippe Bulens and Christophe Petit and Quisquater, {Jean Jacques}",

year = "2008",

doi = "10.1007/978-3-540-69485-4_13",

language = "English",

isbn = "3540694846",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "182--195",

booktitle = "Public Key Infrastructure - 5th European PKI Workshop",

note = "5th European Public Key Infrastructure Workshop: Theory and Practice, EuroPKI 2008 ; Conference date: 16-06-2008 Through 17-06-2008",

}

Kim, CH, Bulens, P, Petit, C & Quisquater, JJ 2008, Fault attacks on public key elements: Application to DLP-based schemes. in Public Key Infrastructure - 5th European PKI Workshop: Theory and Practice, EuroPKI 2008, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5057 LNCS, pp. 182-195, 5th European Public Key Infrastructure Workshop: Theory and Practice, EuroPKI 2008, Trondheim, Norway, 16/06/08. https://doi.org/10.1007/978-3-540-69485-4_13

Fault attacks on public key elements: Application to DLP-based schemes. / Kim, Chong Hee; Bulens, Philippe; Petit, Christophe et al.
Public Key Infrastructure - 5th European PKI Workshop: Theory and Practice, EuroPKI 2008, Proceedings. 2008. p. 182-195 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5057 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

TY - GEN

T1 - Fault attacks on public key elements

T2 - 5th European Public Key Infrastructure Workshop: Theory and Practice, EuroPKI 2008

AU - Kim, Chong Hee

AU - Bulens, Philippe

AU - Petit, Christophe

AU - Quisquater, Jean Jacques

PY - 2008

Y1 - 2008

N2 - Many cryptosystems suffer from fault attacks when implemented in physical devices such as smart cards. Fault attacks on secret key elements have successfully targeted many protocols relying on the Elliptic Curve Discrete Logarithm Problem (ECDLP), the Integer Factorization Problem (IFP) or the Discrete Logarithm Problem (DLP). More recently, faults attacks have also been designed against the public key elements of ECDLP and IFP-based schemes. In this paper, we present the first fault attacks on the public key elements of DSA and ElGamal, two DLP-based signature schemes. Our attacks fully recover a 160-bit DSA secret key and a 1024-bit ElGamal secret key with ∼ 4 •10 7 and ∼ 3 •106 faulty signatures respectively. Such figures might suggest that DLP-based schemes are less prone to fault attacks than ECDLP- and IFP-based schemes. However, the integrity of public keys should always be checked in order to thwart such attacks since improvements may reduce the required amount of faulty signatures in the near future.

AB - Many cryptosystems suffer from fault attacks when implemented in physical devices such as smart cards. Fault attacks on secret key elements have successfully targeted many protocols relying on the Elliptic Curve Discrete Logarithm Problem (ECDLP), the Integer Factorization Problem (IFP) or the Discrete Logarithm Problem (DLP). More recently, faults attacks have also been designed against the public key elements of ECDLP and IFP-based schemes. In this paper, we present the first fault attacks on the public key elements of DSA and ElGamal, two DLP-based signature schemes. Our attacks fully recover a 160-bit DSA secret key and a 1024-bit ElGamal secret key with ∼ 4 •10 7 and ∼ 3 •106 faulty signatures respectively. Such figures might suggest that DLP-based schemes are less prone to fault attacks than ECDLP- and IFP-based schemes. However, the integrity of public keys should always be checked in order to thwart such attacks since improvements may reduce the required amount of faulty signatures in the near future.

KW - DSA

KW - ElGamal

KW - Fault injection

KW - Faults attacks

KW - Side channel

KW - Smart cards

UR - http://www.scopus.com/inward/record.url?scp=45849128352&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-69485-4_13

DO - 10.1007/978-3-540-69485-4_13

M3 - Conference contribution

AN - SCOPUS:45849128352

SN - 3540694846

SN - 9783540694847

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 182

EP - 195

BT - Public Key Infrastructure - 5th European PKI Workshop

Y2 - 16 June 2008 through 17 June 2008

ER -

Kim CH, Bulens P, Petit C, Quisquater JJ. Fault attacks on public key elements: Application to DLP-based schemes. In Public Key Infrastructure - 5th European PKI Workshop: Theory and Practice, EuroPKI 2008, Proceedings. 2008. p. 182-195. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-540-69485-4_13

Fault attacks on public key elements: Application to DLP-based schemes

Abstract

Publication series

Conference

Keywords

ASJC Scopus subject areas

Access to Document

Fingerprint

Cite this