Differential Attacks on Deterministic Signatures
نویسندگان
چکیده
Deterministic signature schemes are becoming more popular, as illustrated by the deterministic variant of ECDSA and the popular EdDSA scheme, since eliminating the need for high-quality randomness might have some advantages in certain use-cases. In this paper we outline a range of differential fault attacks and a di erential power analysis attack against such deterministic schemes. This shows, contrary to some earlier works, that such signature schemes are not naturally protected against such advanced attacks. We discuss di erent countermeasures and propose to include entropy for lowcost protection against these attacks in scenarios where these attack vectors are a real threat: this does not require to change the key generation or the veri cation methods and results in a signature scheme which o ers high performance and security for a wide range of use-cases.
منابع مشابه
Fault Attacks on Randomized RSA Signatures
Fault attacks exploit hardware malfunctions or induce them to recover secret keys embedded in a secure device such as a smart card. In the late 90’s, Boneh, DeMillo and Lipton [6] and other authors introduced fault-based attacks on crt-rsa which allow the attacker to factor the signer’s modulus when the message padding function is deterministic. Since then, extending fault attacks to randomized...
متن کاملFault Attacks on RSA Signatures with Partially Unknown Messages
Fault attacks exploit hardware malfunctions to recover secrets from embedded electronic devices. In the late 90’s, Boneh, DeMillo and Lipton [6] introduced fault-based attacks on crt-rsa. These attacks factor the signer’s modulus when the message padding function is deterministic. However, the attack does not apply when the message is partially unknown, for example when it contains some randomn...
متن کاملTotal break of Zorro using linear and differential attacks
An AES-like lightweight block cipher, namely Zorro, was proposed in CHES 2013. While it has a 16-byte state, it uses only 4 S-Boxes per round. This weak nonlinearity was widely criticized, insofar as it has been directly exploited in all the attacks on Zorro reported by now, including the weak key, reduced round, and even full round attacks. In this paper, using some properties discovered by Wa...
متن کاملMaking RSA-PSS Provably Secure against Non-random Faults
RSA–CRT is the most widely used implementation for RSA signatures. However, deterministic and many probabilistic RSA signatures based on CRT are vulnerable to fault attacks. Nevertheless, Coron and Mandal (Asiacrypt 2009) show that the randomized PSS padding protects RSA signatures against random faults. In contrast, Fouque et al. (CHES 2012) show that PSS padding does not protect against certa...
متن کاملOn the Multiple Fault Attacks on RSA Signatures with LSBs of Messages Unknown
In CHES 2009, Coron, Joux, Kizhvatov, Naccache and Paillier (CJKNP) introduced a fault attack on RSA signatures with partially unknown messages. They factored RSA modulus N using a single faulty signature and increased the bound of unknown messages by multiple fault attack, however, the complexity multiple fault attack is exponential in the number of faulty signatures. At RSA 2010, it was impro...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2017 شماره
صفحات -
تاریخ انتشار 2017