Cryptology ePrint Archive: Report 2009/503

Fault Attacks Against EMV Signatures

Jean-Sebastien Coron and David Naccache and Mehdi Tibouchi

Abstract: At CHES 2009, Coron, Joux, Kizhvatov, Naccache and Paillier (CJKNP) exhibited a fault attack against RSA signatures with partially known messages. This attack allows factoring the public modulus N. While the size of the unknown message part (UMP) increases with the number of faulty signatures available, the complexity of CJKNP's attack increases exponentially with the number of faulty signatures.

This paper describes a simpler attack, whose complexity is polynomial in the number of faults; consequently, the new attack can handle much larger UMPs. The new technique can factor N in a fraction of a second using ten faulty EMV signatures -- a target beyond CJKNP's reach.

We show how to apply the attack even when N is unknown, a frequent situation in real-life attacks.

Category / Keywords: public-key cryptography / Fault Attacks, Digital Signatures, RSA, ISO/IEC 9796-2, EMV

Date: received 18 Oct 2009

Contact author: mehdi tibouchi at ens fr

Available format(s): PDF | BibTeX Citation

Version: 20091020:114650 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]