Cryptology ePrint Archive: Report 2017/1014

Attacking Deterministic Signature Schemes using Fault Attacks

Damian Poddebniak and Juraj Somorovsky and Sebastian Schinzel and Manfred Lochter and Paul Rösler

Abstract: Many digital signature schemes rely on random numbers that are unique and non-predictable per signature. Failures of random number generators may have catastrophic effects such as compromising private signature keys. In recent years, many widely-used cryptographic technologies adopted deterministic signature schemes because they are presumed to be safer to implement.

In this paper, we analyze the security of deterministic ECDSA and EdDSA signature schemes and show that the elimination of random number generators in these schemes enables new kinds of fault attacks. We formalize these attacks and introduce practical attack scenarios against EdDSA using the Rowhammer fault attack. EdDSA is used in many widely used protocols such as TLS, SSH and IPSec, and we show that these protocols are not vulnerable to our attack. We formalize the necessary requirements of protocols using these deterministic signature schemes to be vulnerable, and discuss mitigation strategies and their effect on fault attacks against deterministic signature schemes.

Category / Keywords: public-key cryptography / Deterministic signatures, EdDSA, fault attack, Rowhammer

Date: received 12 Oct 2017

Contact author: juraj somorovsky at rub de

Available format(s): PDF | BibTeX Citation

Version: 20171018:022000 (All versions of this report)

Short URL: ia.cr/2017/1014

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]