Abstract
Implementation cryptanalysis has emerged as a realistic threat for cryptographic systems. It consists of two classes of attacks: fault-injection and side-channel attacks. In this work, we examine the resistance of the Fiat - Shamir scheme to fault-injection attacks, since Fiat - Shamir is a popular scheme for light consumer devices, such as smartcards, in a wide range of consumer services. We prove that an existing attack, known as the Bellcore attack, is incomplete. We propose an extension to the protocol that proactively secures Fiat - Shamir systems from the Bellcore attack and we prove its strength. Finally, we introduce a new attack model, which, under stronger assumptions, can derive the secret keys from both the original Fiat - Shamir scheme as well as its proposed extension. Our approach demonstrates that countermeasures for implementation cryptanalysis must be carefully designed and that deployed systems must include appropriate protection mechanisms for all known attacks and be flexible enough to incorporate countermeasures for new ones.
Original language | English |
---|---|
Article number | 31 |
Journal | Transactions on Embedded Computing Systems |
Volume | 7 |
Issue number | 3 |
DOIs | |
Publication status | Published - 1 Apr 2008 |
Externally published | Yes |
Fingerprint
Keywords
- Bellcore attack
- Cryptography
- Fiat-Shamir identification scheme
- Side-channel attacks
- Smartcards
ASJC Scopus subject areas
- Hardware and Architecture
- Software
Cite this
The security of the Fiat-Shamir scheme in the presence of transient hardware faults. / Voyiatzis, Artemios G.; Serpanos, Dimitrios N.
In: Transactions on Embedded Computing Systems, Vol. 7, No. 3, 31, 01.04.2008.Research output: Contribution to journal › Article
}
TY - JOUR
T1 - The security of the Fiat-Shamir scheme in the presence of transient hardware faults
AU - Voyiatzis, Artemios G.
AU - Serpanos, Dimitrios N.
PY - 2008/4/1
Y1 - 2008/4/1
N2 - Implementation cryptanalysis has emerged as a realistic threat for cryptographic systems. It consists of two classes of attacks: fault-injection and side-channel attacks. In this work, we examine the resistance of the Fiat - Shamir scheme to fault-injection attacks, since Fiat - Shamir is a popular scheme for light consumer devices, such as smartcards, in a wide range of consumer services. We prove that an existing attack, known as the Bellcore attack, is incomplete. We propose an extension to the protocol that proactively secures Fiat - Shamir systems from the Bellcore attack and we prove its strength. Finally, we introduce a new attack model, which, under stronger assumptions, can derive the secret keys from both the original Fiat - Shamir scheme as well as its proposed extension. Our approach demonstrates that countermeasures for implementation cryptanalysis must be carefully designed and that deployed systems must include appropriate protection mechanisms for all known attacks and be flexible enough to incorporate countermeasures for new ones.
AB - Implementation cryptanalysis has emerged as a realistic threat for cryptographic systems. It consists of two classes of attacks: fault-injection and side-channel attacks. In this work, we examine the resistance of the Fiat - Shamir scheme to fault-injection attacks, since Fiat - Shamir is a popular scheme for light consumer devices, such as smartcards, in a wide range of consumer services. We prove that an existing attack, known as the Bellcore attack, is incomplete. We propose an extension to the protocol that proactively secures Fiat - Shamir systems from the Bellcore attack and we prove its strength. Finally, we introduce a new attack model, which, under stronger assumptions, can derive the secret keys from both the original Fiat - Shamir scheme as well as its proposed extension. Our approach demonstrates that countermeasures for implementation cryptanalysis must be carefully designed and that deployed systems must include appropriate protection mechanisms for all known attacks and be flexible enough to incorporate countermeasures for new ones.
KW - Bellcore attack
KW - Cryptography
KW - Fiat-Shamir identification scheme
KW - Side-channel attacks
KW - Smartcards
UR - http://www.scopus.com/inward/record.url?scp=43949100322&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=43949100322&partnerID=8YFLogxK
U2 - 10.1145/1347375.1347384
DO - 10.1145/1347375.1347384
M3 - Article
AN - SCOPUS:43949100322
VL - 7
JO - ACM Transactions on Embedded Computing Systems
JF - ACM Transactions on Embedded Computing Systems
SN - 1539-9087
IS - 3
M1 - 31
ER -