The security of the Fiat-Shamir scheme in the presence of transient hardware faults

Artemios G. Voyiatzis, Dimitrios N. Serpanos

Research output: Contribution to journalArticle

1 Citation (Scopus)

Abstract

Implementation cryptanalysis has emerged as a realistic threat for cryptographic systems. It consists of two classes of attacks: fault-injection and side-channel attacks. In this work, we examine the resistance of the Fiat - Shamir scheme to fault-injection attacks, since Fiat - Shamir is a popular scheme for light consumer devices, such as smartcards, in a wide range of consumer services. We prove that an existing attack, known as the Bellcore attack, is incomplete. We propose an extension to the protocol that proactively secures Fiat - Shamir systems from the Bellcore attack and we prove its strength. Finally, we introduce a new attack model, which, under stronger assumptions, can derive the secret keys from both the original Fiat - Shamir scheme as well as its proposed extension. Our approach demonstrates that countermeasures for implementation cryptanalysis must be carefully designed and that deployed systems must include appropriate protection mechanisms for all known attacks and be flexible enough to incorporate countermeasures for new ones.

Original languageEnglish
Article number31
JournalTransactions on Embedded Computing Systems
Volume7
Issue number3
DOIs
Publication statusPublished - 1 Apr 2008
Externally publishedYes

Fingerprint

Hardware
Side channel attack

Keywords

  • Bellcore attack
  • Cryptography
  • Fiat-Shamir identification scheme
  • Side-channel attacks
  • Smartcards

ASJC Scopus subject areas

  • Hardware and Architecture
  • Software

Cite this

The security of the Fiat-Shamir scheme in the presence of transient hardware faults. / Voyiatzis, Artemios G.; Serpanos, Dimitrios N.

In: Transactions on Embedded Computing Systems, Vol. 7, No. 3, 31, 01.04.2008.

Research output: Contribution to journalArticle

@article{59148e1b8277421a916cd3dd9250f219,
title = "The security of the Fiat-Shamir scheme in the presence of transient hardware faults",
abstract = "Implementation cryptanalysis has emerged as a realistic threat for cryptographic systems. It consists of two classes of attacks: fault-injection and side-channel attacks. In this work, we examine the resistance of the Fiat - Shamir scheme to fault-injection attacks, since Fiat - Shamir is a popular scheme for light consumer devices, such as smartcards, in a wide range of consumer services. We prove that an existing attack, known as the Bellcore attack, is incomplete. We propose an extension to the protocol that proactively secures Fiat - Shamir systems from the Bellcore attack and we prove its strength. Finally, we introduce a new attack model, which, under stronger assumptions, can derive the secret keys from both the original Fiat - Shamir scheme as well as its proposed extension. Our approach demonstrates that countermeasures for implementation cryptanalysis must be carefully designed and that deployed systems must include appropriate protection mechanisms for all known attacks and be flexible enough to incorporate countermeasures for new ones.",
keywords = "Bellcore attack, Cryptography, Fiat-Shamir identification scheme, Side-channel attacks, Smartcards",
author = "Voyiatzis, {Artemios G.} and Serpanos, {Dimitrios N.}",
year = "2008",
month = "4",
day = "1",
doi = "10.1145/1347375.1347384",
language = "English",
volume = "7",
journal = "ACM Transactions on Embedded Computing Systems",
issn = "1539-9087",
publisher = "Association for Computing Machinery (ACM)",
number = "3",

}

TY - JOUR

T1 - The security of the Fiat-Shamir scheme in the presence of transient hardware faults

AU - Voyiatzis, Artemios G.

AU - Serpanos, Dimitrios N.

PY - 2008/4/1

Y1 - 2008/4/1

N2 - Implementation cryptanalysis has emerged as a realistic threat for cryptographic systems. It consists of two classes of attacks: fault-injection and side-channel attacks. In this work, we examine the resistance of the Fiat - Shamir scheme to fault-injection attacks, since Fiat - Shamir is a popular scheme for light consumer devices, such as smartcards, in a wide range of consumer services. We prove that an existing attack, known as the Bellcore attack, is incomplete. We propose an extension to the protocol that proactively secures Fiat - Shamir systems from the Bellcore attack and we prove its strength. Finally, we introduce a new attack model, which, under stronger assumptions, can derive the secret keys from both the original Fiat - Shamir scheme as well as its proposed extension. Our approach demonstrates that countermeasures for implementation cryptanalysis must be carefully designed and that deployed systems must include appropriate protection mechanisms for all known attacks and be flexible enough to incorporate countermeasures for new ones.

AB - Implementation cryptanalysis has emerged as a realistic threat for cryptographic systems. It consists of two classes of attacks: fault-injection and side-channel attacks. In this work, we examine the resistance of the Fiat - Shamir scheme to fault-injection attacks, since Fiat - Shamir is a popular scheme for light consumer devices, such as smartcards, in a wide range of consumer services. We prove that an existing attack, known as the Bellcore attack, is incomplete. We propose an extension to the protocol that proactively secures Fiat - Shamir systems from the Bellcore attack and we prove its strength. Finally, we introduce a new attack model, which, under stronger assumptions, can derive the secret keys from both the original Fiat - Shamir scheme as well as its proposed extension. Our approach demonstrates that countermeasures for implementation cryptanalysis must be carefully designed and that deployed systems must include appropriate protection mechanisms for all known attacks and be flexible enough to incorporate countermeasures for new ones.

KW - Bellcore attack

KW - Cryptography

KW - Fiat-Shamir identification scheme

KW - Side-channel attacks

KW - Smartcards

UR - http://www.scopus.com/inward/record.url?scp=43949100322&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=43949100322&partnerID=8YFLogxK

U2 - 10.1145/1347375.1347384

DO - 10.1145/1347375.1347384

M3 - Article

AN - SCOPUS:43949100322

VL - 7

JO - ACM Transactions on Embedded Computing Systems

JF - ACM Transactions on Embedded Computing Systems

SN - 1539-9087

IS - 3

M1 - 31

ER -