×

Experimenting with faults, lattices and the DSA. (English) Zbl 1081.94533

Vaudenay, Serge (ed.), Public key cryptography – PKC 2005. 8th international workshop on theory and practice in public key cryptography, Les Diablerets, Switzerland, January 23–26, 2005. Proceedings. Berlin: Springer (ISBN 3-540-24454-9/pbk). Lecture Notes in Computer Science 3386, 16-28 (2005).
Summary: We present an attack on DSA smart-cards which combines physical fault injection and lattice reduction techniques. This seems to be the first (publicly reported) physical experiment allowing to concretely pull-out DSA keys out of smart-cards. We employ a particular type of fault attack known as a glitch attack, which will be used to actively modify the DSA nonce \(k\) used for generating the signature: \(k\) will be tampered with so that a number of its least significant bytes will flip to zero. Then we apply well-known lattice attacks on El Gamal-type signatures which can recover the private key, given sufficiently many signatures such that a few bits of each corresponding \(k\) are known. In practice, when one byte of each \(k\) is zeroed, 27 signatures are sufficient to disclose the private key. The more bytes of \(k\) we can reset, the fewer signatures will be required. This paper presents the theory, methodology and results of the attack as well as possible countermeasures.
For the entire collection see [Zbl 1069.94502].

MSC:

94A60 Cryptography
94A62 Authentication, digital signatures and secret sharing
PDFBibTeX XMLCite
Full Text: DOI