The security of the Fiat-Shamir scheme in the presence of transient hardware faults

Artemios G. Voyiatzis, Dimitrios N. Serpanos

Research output: Contribution to journalArticle

1 Citation (Scopus)


Implementation cryptanalysis has emerged as a realistic threat for cryptographic systems. It consists of two classes of attacks: fault-injection and side-channel attacks. In this work, we examine the resistance of the Fiat - Shamir scheme to fault-injection attacks, since Fiat - Shamir is a popular scheme for light consumer devices, such as smartcards, in a wide range of consumer services. We prove that an existing attack, known as the Bellcore attack, is incomplete. We propose an extension to the protocol that proactively secures Fiat - Shamir systems from the Bellcore attack and we prove its strength. Finally, we introduce a new attack model, which, under stronger assumptions, can derive the secret keys from both the original Fiat - Shamir scheme as well as its proposed extension. Our approach demonstrates that countermeasures for implementation cryptanalysis must be carefully designed and that deployed systems must include appropriate protection mechanisms for all known attacks and be flexible enough to incorporate countermeasures for new ones.

Original languageEnglish
Article number31
JournalTransactions on Embedded Computing Systems
Issue number3
Publication statusPublished - 1 Apr 2008
Externally publishedYes



  • Bellcore attack
  • Cryptography
  • Fiat-Shamir identification scheme
  • Side-channel attacks
  • Smartcards

ASJC Scopus subject areas

  • Hardware and Architecture
  • Software

Cite this