Paper 2017/1014
Attacking Deterministic Signature Schemes using Fault Attacks
Damian Poddebniak, Juraj Somorovsky, Sebastian Schinzel, Manfred Lochter, and Paul Rösler
Abstract
Many digital signature schemes rely on random numbers that are unique and non-predictable per signature. Failures of random number generators may have catastrophic effects such as compromising private signature keys. In recent years, many widely-used cryptographic technologies adopted deterministic signature schemes because they are presumed to be safer to implement. In this paper, we analyze the security of deterministic ECDSA and EdDSA signature schemes and show that the elimination of random number generators in these schemes enables new kinds of fault attacks. We formalize these attacks and introduce practical attack scenarios against EdDSA using the Rowhammer fault attack. EdDSA is used in many widely used protocols such as TLS, SSH and IPSec, and we show that these protocols are not vulnerable to our attack. We formalize the necessary requirements of protocols using these deterministic signature schemes to be vulnerable, and discuss mitigation strategies and their effect on fault attacks against deterministic signature schemes.
Metadata
- Available format(s)
-
PDF
- Category
- Public-key cryptography
- Publication info
- Preprint. MINOR revision.
- Keywords
- Deterministic signaturesEdDSAfault attackRowhammer
- Contact author(s)
- juraj somorovsky @ rub de
- History
- 2017-10-18: received
- Short URL
- https://ia.cr/2017/1014
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2017/1014,
author = {Damian Poddebniak and Juraj Somorovsky and Sebastian Schinzel and Manfred Lochter and Paul Rösler},
title = {Attacking Deterministic Signature Schemes using Fault Attacks},
howpublished = {Cryptology {ePrint} Archive, Paper 2017/1014},
year = {2017},
url = {https://eprint.iacr.org/2017/1014}
}
