Paper 2009/503

Fault Attacks Against EMV Signatures

Jean-Sebastien Coron, David Naccache, and Mehdi Tibouchi


At CHES 2009, Coron, Joux, Kizhvatov, Naccache and Paillier (CJKNP) exhibited a fault attack against RSA signatures with partially known messages. This attack allows factoring the public modulus N. While the size of the unknown message part (UMP) increases with the number of faulty signatures available, the complexity of CJKNP's attack increases exponentially with the number of faulty signatures. This paper describes a simpler attack, whose complexity is polynomial in the number of faults; consequently, the new attack can handle much larger UMPs. The new technique can factor N in a fraction of a second using ten faulty EMV signatures -- a target beyond CJKNP's reach. We show how to apply the attack even when N is unknown, a frequent situation in real-life attacks.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Fault AttacksDigital SignaturesRSAISOIEC 9796-2EMV
Contact author(s)
mehdi tibouchi @ ens fr
2009-10-20: received
Short URL
Creative Commons Attribution


      author = {Jean-Sebastien Coron and David Naccache and Mehdi Tibouchi},
      title = {Fault Attacks Against EMV Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2009/503},
      year = {2009},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.