Paper 2017/1014

Attacking Deterministic Signature Schemes using Fault Attacks

Damian Poddebniak, Juraj Somorovsky, Sebastian Schinzel, Manfred Lochter, and Paul Rösler


Many digital signature schemes rely on random numbers that are unique and non-predictable per signature. Failures of random number generators may have catastrophic effects such as compromising private signature keys. In recent years, many widely-used cryptographic technologies adopted deterministic signature schemes because they are presumed to be safer to implement. In this paper, we analyze the security of deterministic ECDSA and EdDSA signature schemes and show that the elimination of random number generators in these schemes enables new kinds of fault attacks. We formalize these attacks and introduce practical attack scenarios against EdDSA using the Rowhammer fault attack. EdDSA is used in many widely used protocols such as TLS, SSH and IPSec, and we show that these protocols are not vulnerable to our attack. We formalize the necessary requirements of protocols using these deterministic signature schemes to be vulnerable, and discuss mitigation strategies and their effect on fault attacks against deterministic signature schemes.

Available format(s)
Public-key cryptography
Publication info
Preprint. MINOR revision.
Deterministic signaturesEdDSAfault attackRowhammer
Contact author(s)
juraj somorovsky @ rub de
2017-10-18: received
Short URL
Creative Commons Attribution


      author = {Damian Poddebniak and Juraj Somorovsky and Sebastian Schinzel and Manfred Lochter and Paul Rösler},
      title = {Attacking Deterministic Signature Schemes using Fault Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2017/1014},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.