Paper 2019/1053

Modeling Memory Faults in Signature and Authenticated Encryption Schemes

Marc Fischlin and Felix Günther


Memory fault attacks, inducing errors in computations, have been an ever-evolving threat to cryptographic schemes since their discovery for cryptography by Boneh et al. (Eurocrypt 1997). Initially requiring physical tampering with hardware, the software-based rowhammer attack put forward by Kim et al. (ISCA 2014) enabled fault attacks also through malicious software running on the same host machine. This led to concerning novel attack vectors, for example on deterministic signature schemes, whose approach to avoid dependency on (good) randomness renders them vulnerable to fault attacks. This has been demonstrated in realistic adversarial settings in a series of recent works. However, a unified formalism of different memory fault attacks, enabling also to argue the security of countermeasures, is missing yet. In this work, we suggest a generic extension for existing security models that enables a game-based treatment of cryptographic fault resilience. Our modeling specifies exemplary memory fault attack types of different strength, ranging from random bit-flip faults to differential (rowhammer-style) faults to full adversarial control on indicated memory variables. We apply our model first to deterministic signatures to revisit known fault attacks as well as to establish provable guarantees of fault resilience for proposed fault-attack countermeasures. In a second application to nonce-misuse resistant authenticated encryption, we provide the first fault-attack treatment of the SIV mode of operation and give a provably secure fault-resilient variant.

Available format(s)
Publication info
Published elsewhere. MAJOR revision.CT-RSA 2020
fault attackssecurity modelfault resiliencedeterministic signatures
Contact author(s)
marc fischlin @ cryptoplexity de
mail @ felixguenther info
2020-01-16: revised
2019-09-18: received
See all versions
Short URL
Creative Commons Attribution


      author = {Marc Fischlin and Felix Günther},
      title = {Modeling Memory Faults in Signature and Authenticated Encryption Schemes},
      howpublished = {Cryptology ePrint Archive, Paper 2019/1053},
      year = {2019},
      doi = {10.1007/978-3-030-40186-3_4},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.