Paper 2014/436

Synthesis of Fault Attacks on Cryptographic Implementations

Gilles Barthe, Francois Dupressoir, Pierre-Alain Fouque, Benjamin Gregoire, and Jean-Christophe Zapalowicz


Fault attacks are active attacks in which an adversary with physical access to a cryptographic device, for instance a smartcard, tampers with the execution of an algorithm to retrieve secret material. Since the seminal Bellcore attack on RSA signatures, there has been extensive work to discover new fault attacks against cryptographic schemes, and to develop countermeasures against such attacks. Originally focused on high-level algorithmic descriptions, these works increasingly focus on concrete implementations. While lowering the abstraction level leads to new fault attacks, it also makes their discovery significantly more challenging. In order to face this trend, it is therefore desirable to develop principled, tool-supported approaches that allow a systematic analysis of the security of cryptographic implementations against fault attacks. We propose, implement, and evaluate a new approach for finding fault attacks against cryptographic implementations. Our approach is based on identifying implementation-independent mathematical properties we call fault conditions. We choose them so that it is possible to recover secret data purely by computing on sufficiently many data points that satisfy a fault condition. Fault conditions capture the essence of a large number of attacks from the literature, including lattice-based attacks on RSA. Moreover, they provide a basis for discovering automatically new attacks: using fault conditions, we specify the problem of finding faulted implementations as a program synthesis problem. Using a specialized form of program synthesis, we discover multiple faulted implementations on RSA and ECDSA that realize the fault conditions, and hence lead to fault attacks. Several of the attacks found by our tool are new, and of independent interest.

Available format(s)
Publication info
Preprint. MINOR revision.
Fault Attacksautomated tools
Contact author(s)
Pierre-Alain Fouque @ ens fr
2014-06-12: received
Short URL
Creative Commons Attribution


      author = {Gilles Barthe and Francois Dupressoir and Pierre-Alain Fouque and Benjamin Gregoire and Jean-Christophe Zapalowicz},
      title = {Synthesis of Fault Attacks on Cryptographic Implementations},
      howpublished = {Cryptology ePrint Archive, Paper 2014/436},
      year = {2014},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.