Cryptanalysis using Fault Injection and Countermeasures on DSA

오류주입을 이용한 DSA 서명 알고리즘 공격 및 대응책

  • Jung, Chul-Jo (Dept. of Information Security, Hoseo University) ;
  • Oh, Doo-Hwan (Dept. of Information Security, Hoseo University) ;
  • Choi, Doo-Sik (Dept. of Information Security, Hoseo University) ;
  • Kim, Hwan-Koo (Dept. of Information Security, Hoseo University) ;
  • Ha, Jae-Cheol (Dept. of Information Security, Hoseo University)
  • 정철조 (호서대학교 정보보호학과) ;
  • 오두환 (호서대학교 정보보호학과) ;
  • 최두식 (호서대학교 정보보호학과) ;
  • 김환구 (호서대학교 정보보호학과) ;
  • 하재철 (호서대학교 정보보호학과)
  • Received : 2010.07.02
  • Accepted : 2010.08.10
  • Published : 2010.08.31


The international standard signature algorithm DSA has been guaranteed its security based on discrete logarithm problem. Recently, the DSA was known to be vulnerable to some fault analysis attacks in which the secret key stored inside of the device can be extracted by occurring some faults when the device performs signature algorithm. After analyzing an existing fault attack presented by Bao et al., this paper proposed a new fault analysis attack by disturbing the random number. Furthermore, we presented a countermeasure to compute DSA signature that has its immunity in the two types of fault attacks. The security and efficiency of the proposed countermeasure were verified by computer simulations.


Digital Signature Algorithm(DSA);Fault Injection Analysis;Cryptographic Device


  1. E. Biham, A. Shamir, "Differential Fault Analysis of Secret Key Cryptosystems," CRYPTO-1997, LNCS vol. 1294, pp. 513-525, 1997.
  2. D. Boneh, R. A. DeMillo and R. J. Lipton, "On the Importance of Checking Cryptographic Protocols for Faults," EUROCRYPT-1997, LNCS vol. 1233, pp. 37-51, 1997
  3. C. H. Kim and J. -J. Quisquater, "New Differential Fault Analysis on AES Key Schedule: Two Faults are enough", CARDIS-2008, LNCS 5189, pp. 48-60, 2008.
  4. S. Yen, S. Kim, S. Lim, and S. Moon, "RSA speedup with Chinese Remainder Theorem Immune Against Hardware Fault Cryptanalysis," IEEE Transaction on Computer, Special issue on CHES, vol. 52, no. 4, pp. 461-472, 2003.
  5. F. Bao, R. H. Deng, Y. Han, A Jeng, A. D. Narasimhalu, T. Ngair, "Breaking Public Key Cryptosystems on Tamper Resistant Devices in the Presence of Transient Faults", International Workshop on Security Protocols-1997, LNCS, vol. 1361, pp. 115-124, 1997
  6. National institute of standards and technology. Digital Signature Standard, NIST FIPS PUB 186-2, 2000.
  7. M. Nikodem, "DSA Signature Scheme Immune to the Fault Cryptanalysis", CARDIS-2008, LNCS, vol. 5189. pp. 61-73, 2008
  8. C. Giraud and E. Knudsen, "Fault Attacks on Signature Schemes," ACISP-2004, LNCS vol. 3108, pp. 478-491, 2004.
  9. D. Naccache, P. Nguyen, M. Tunstall and C. Whelan, "Experimenting with Faults, Lattices and the DSA," PKC-2005, LNCS vol. 3386, pp. 16-28, 2005.
  10. J. Schmidt, M. Medwed, "A Fault Attack on ECDSA", Fault Diagnosis and Tolerance in Cryptography, FDTC-2007, pp. 93-99, 2009.
  11. N. Howgrave-Graham and N. P. Smart. "Lattice Attacks on Digital Signature Schemes", Designs, Codes and Cryptography, vol. 23, no. 3, pp. 283-290, 2001.
  12. M. Nikodem, "Error Prevention, Detection and Diffusion Algorithms for Cryptographic Hardware", International Conference on Dependability of Computer System (DepCos-RELCOMEX'07), pp. 127-134, IEEE-CS, 2007.
  13. T. Romer and J. P. Serfert, " Information Leakage Attack against Smart Card Implementation of the Elliptic Curve Digital Signature Algorithm," International Conference on Research in Smart Cards, E-smart-2001, LNCS vol. 2140, pp. 211-219, 2001.