The security of the Fiat-Shamir scheme in the presence of transient hardware faults

Artemios G. Voyiatzis; Dimitrios N. Serpanos

doi:10.1145/1347375.1347384

The security of the Fiat-Shamir scheme in the presence of transient hardware faults

Artemios G. Voyiatzis, Dimitrios N. Serpanos

Research output: Contribution to journal › Article

1 Citation (Scopus)

Abstract

Implementation cryptanalysis has emerged as a realistic threat for cryptographic systems. It consists of two classes of attacks: fault-injection and side-channel attacks. In this work, we examine the resistance of the Fiat - Shamir scheme to fault-injection attacks, since Fiat - Shamir is a popular scheme for light consumer devices, such as smartcards, in a wide range of consumer services. We prove that an existing attack, known as the Bellcore attack, is incomplete. We propose an extension to the protocol that proactively secures Fiat - Shamir systems from the Bellcore attack and we prove its strength. Finally, we introduce a new attack model, which, under stronger assumptions, can derive the secret keys from both the original Fiat - Shamir scheme as well as its proposed extension. Our approach demonstrates that countermeasures for implementation cryptanalysis must be carefully designed and that deployed systems must include appropriate protection mechanisms for all known attacks and be flexible enough to incorporate countermeasures for new ones.

Original language	English
Article number	31
Journal	Transactions on Embedded Computing Systems
Volume	7
Issue number	3
DOIs	https://doi.org/10.1145/1347375.1347384
Publication status	Published - 1 Apr 2008
Externally published	Yes

Fingerprint

Hardware

Side channel attack

Keywords

Bellcore attack
Cryptography
Fiat-Shamir identification scheme
Side-channel attacks
Smartcards

ASJC Scopus subject areas

Hardware and Architecture
Software

Cite this

Voyiatzis, A. G., & Serpanos, D. N. (2008). The security of the Fiat-Shamir scheme in the presence of transient hardware faults. Transactions on Embedded Computing Systems, 7(3), [31]. https://doi.org/10.1145/1347375.1347384

The security of the Fiat-Shamir scheme in the presence of transient hardware faults. / Voyiatzis, Artemios G.; Serpanos, Dimitrios N.

In: Transactions on Embedded Computing Systems, Vol. 7, No. 3, 31, 01.04.2008.

Research output: Contribution to journal › Article

Voyiatzis, AG & Serpanos, DN 2008, 'The security of the Fiat-Shamir scheme in the presence of transient hardware faults', Transactions on Embedded Computing Systems, vol. 7, no. 3, 31. https://doi.org/10.1145/1347375.1347384

Voyiatzis AG, Serpanos DN. The security of the Fiat-Shamir scheme in the presence of transient hardware faults. Transactions on Embedded Computing Systems. 2008 Apr 1;7(3). 31. https://doi.org/10.1145/1347375.1347384

Voyiatzis, Artemios G. ; Serpanos, Dimitrios N. / The security of the Fiat-Shamir scheme in the presence of transient hardware faults. In: Transactions on Embedded Computing Systems. 2008 ; Vol. 7, No. 3.

@article{59148e1b8277421a916cd3dd9250f219,

title = "The security of the Fiat-Shamir scheme in the presence of transient hardware faults",

abstract = "Implementation cryptanalysis has emerged as a realistic threat for cryptographic systems. It consists of two classes of attacks: fault-injection and side-channel attacks. In this work, we examine the resistance of the Fiat - Shamir scheme to fault-injection attacks, since Fiat - Shamir is a popular scheme for light consumer devices, such as smartcards, in a wide range of consumer services. We prove that an existing attack, known as the Bellcore attack, is incomplete. We propose an extension to the protocol that proactively secures Fiat - Shamir systems from the Bellcore attack and we prove its strength. Finally, we introduce a new attack model, which, under stronger assumptions, can derive the secret keys from both the original Fiat - Shamir scheme as well as its proposed extension. Our approach demonstrates that countermeasures for implementation cryptanalysis must be carefully designed and that deployed systems must include appropriate protection mechanisms for all known attacks and be flexible enough to incorporate countermeasures for new ones.",

keywords = "Bellcore attack, Cryptography, Fiat-Shamir identification scheme, Side-channel attacks, Smartcards",

author = "Voyiatzis, {Artemios G.} and Serpanos, {Dimitrios N.}",

year = "2008",

month = "4",

day = "1",

doi = "10.1145/1347375.1347384",

language = "English",

volume = "7",

journal = "ACM Transactions on Embedded Computing Systems",

issn = "1539-9087",

publisher = "Association for Computing Machinery (ACM)",

number = "3",

}

TY - JOUR

T1 - The security of the Fiat-Shamir scheme in the presence of transient hardware faults

AU - Voyiatzis, Artemios G.

AU - Serpanos, Dimitrios N.

PY - 2008/4/1

Y1 - 2008/4/1

N2 - Implementation cryptanalysis has emerged as a realistic threat for cryptographic systems. It consists of two classes of attacks: fault-injection and side-channel attacks. In this work, we examine the resistance of the Fiat - Shamir scheme to fault-injection attacks, since Fiat - Shamir is a popular scheme for light consumer devices, such as smartcards, in a wide range of consumer services. We prove that an existing attack, known as the Bellcore attack, is incomplete. We propose an extension to the protocol that proactively secures Fiat - Shamir systems from the Bellcore attack and we prove its strength. Finally, we introduce a new attack model, which, under stronger assumptions, can derive the secret keys from both the original Fiat - Shamir scheme as well as its proposed extension. Our approach demonstrates that countermeasures for implementation cryptanalysis must be carefully designed and that deployed systems must include appropriate protection mechanisms for all known attacks and be flexible enough to incorporate countermeasures for new ones.

AB - Implementation cryptanalysis has emerged as a realistic threat for cryptographic systems. It consists of two classes of attacks: fault-injection and side-channel attacks. In this work, we examine the resistance of the Fiat - Shamir scheme to fault-injection attacks, since Fiat - Shamir is a popular scheme for light consumer devices, such as smartcards, in a wide range of consumer services. We prove that an existing attack, known as the Bellcore attack, is incomplete. We propose an extension to the protocol that proactively secures Fiat - Shamir systems from the Bellcore attack and we prove its strength. Finally, we introduce a new attack model, which, under stronger assumptions, can derive the secret keys from both the original Fiat - Shamir scheme as well as its proposed extension. Our approach demonstrates that countermeasures for implementation cryptanalysis must be carefully designed and that deployed systems must include appropriate protection mechanisms for all known attacks and be flexible enough to incorporate countermeasures for new ones.

KW - Bellcore attack

KW - Cryptography

KW - Fiat-Shamir identification scheme

KW - Side-channel attacks

KW - Smartcards

UR - http://www.scopus.com/inward/record.url?scp=43949100322&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=43949100322&partnerID=8YFLogxK

U2 - 10.1145/1347375.1347384

DO - 10.1145/1347375.1347384

M3 - Article

AN - SCOPUS:43949100322

VL - 7

JO - ACM Transactions on Embedded Computing Systems

JF - ACM Transactions on Embedded Computing Systems

SN - 1539-9087

IS - 3

M1 - 31

ER -

Access to Document

10.1145/1347375.1347384