Abstract
We present an attack on DSA smart-cards which combines physical fault injection and lattice reduction techniques. This seems to be the first (publicly reported) physical experiment allowing to concretely pull-out DSA keys out of smart-cards. We employ a particular type of fault attack known as a glitch attack, which will be used to actively modify the DSA nonce k used for generating the signature: k will be tampered with so that a number of its least significant bytes will flip to zero. Then we apply well-known lattice attacks on El Gamal-type signatures which can recover the private key, given sufficiently many signatures such that a few bits of each corresponding k are known. In practice, when one byte of each k is zeroed, 27 signatures are sufficient to disclose the private key. The more bytes of k we can reset, the fewer signatures will be required. This paper presents the theory, methodology and results of the attack as well as possible countermeasures.
Keywords
Download to read the full chapter text
Chapter PDF
References
Bao, F., Deng, R., Han, Y., Jeng, A., Narasimhalu, A., Hgair, T.: Breaking Public Key Cryptosystems and Tamper Resistant Devices in the Presence of Transient Faults. In: 5-th Security Protocols Workshop. LNCS, vol. 1361, pp. 115–124. Springer, Heidelberg (1997)
Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The Sorcerers Apprentice Guide to Fault Attacks. In: Workshop on Fault Diagnosis and Tolerence in Cryptography in association with DSN 2004 – The International Conference on Dependable Systems and Networks, pp. 330–342 (2004)
Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)
Boneh, D., DeMillo, R., Lipton, R.: On the Importance of Checking Cryptographic Protocols for Faults. Journal of Cryptology 14(2), 101–119 (2001)
Boneh, D., Venkatesan, R.: Hardness of computing the most significant bits of secret keys in diffie-hellman and related schemes. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 129–142. Springer, Heidelberg (1996)
Dottax, E.: Fault Attacks on NESSIE Signature and Identification Schemes, NESSIE Technical Report (October 2002)
Giraud, C., Knudsen, E.: Fault Attacks on Signature Schemes. In: Workshop on Fault Diagnosis and Tolerence in Cryptography in association with DSN 2004 – The International Conference on Dependable Systems and Networks (2004)
Hoch, J.J., Shamir, A.: Fault analysis of stream ciphers. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 240–253. Springer, Heidelberg (2004)
Howgrave-Graham, N.A., Smart, N.P.: Lattice Attacks on Digital Signature Schemes. Design, Codes and Cryptography 23, 283–290 (2001)
Joshi, N., Wu, K., Karri, R.: Concurrent error detection schemes for involution ciphers. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 400–412. Springer, Heidelberg (2004)
May, T., Woods, M.: A New Physical Mechanism for Soft Errors in Dynamic Memories. In: Proceedings of the 16-th International Reliability Physics Symposium (April 1978)
National Institute of Standards and Technology, FIPS PUB 186-2: Digital Signature Standard (2000)
Nguyên, P.Q.: Can we trust cryptographic software? Cryptographic flaws in GNU privacy guard v1.2.3. In: Cachin, C., Camenisch, J.L. (eds.) EUROCRYPT 2004. LNCS, vol. 3027, pp. 555–570. Springer, Heidelberg (2004)
Nguyên, P.Q., Shparlinski, I.E.: The Insecurity of the Digital Signature Algorithm with Partially Known Nonces. Journal of Cryptology 15(3), 151–176 (2002)
Nguyên, P.Q., Shparlinski, I.E.: The Insecurity of the Elliptic Curve Digital Signature Algorithm with Partially Known Nonces. Design, Codes and Cryptography 30, 201–217 (2003)
Nguyên, P.Q., Stern, J.: The two faces of lattices in cryptology. In: Silverman, J.H. (ed.) CaLC 2001. LNCS, vol. 2146, pp. 146–180. Springer, Heidelberg (2001)
Schnorr, C.P., Euchner, M.: Lattice basis reduction: improved practical algorithms and solving subset sum problems. Math. Programming 66, 181–199 (1994)
Shoup, V.: Number Theory C++ Library (NTL), http://www.shoup.net/ntl/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Naccache, D., Nguyên, P.Q., Tunstall, M., Whelan, C. (2005). Experimenting with Faults, Lattices and the DSA. In: Vaudenay, S. (eds) Public Key Cryptography - PKC 2005. PKC 2005. Lecture Notes in Computer Science, vol 3386. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30580-4_3
Download citation
DOI: https://doi.org/10.1007/978-3-540-30580-4_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-24454-7
Online ISBN: 978-3-540-30580-4
eBook Packages: Computer ScienceComputer Science (R0)