We present a new type of fault attacks on elliptic curve scalar multiplications: Sign Change Attacks. These attacks exploit di#erent number representations as they are often employed in modern cryptographic applications. Previously, fault attacks on elliptic curves aimed to force a device to output points which are on a cryptographically weak curve. Such attacks can easily be defended against. Our attack produces points which do not leave the curve and are not easily detected. The paper also presents a revised scalar multiplication algorithm that provably protects against Sign Change Attacks.

We study a countermeasure proposed to protect Chinese remainder theorem (CRT) computations for RSA against fault attacks. The scheme was claimed to be provably secure. However, we demonstrate that the proposal is in fact insecure: it can be broken with a simple and practical fault attack. We conclude that the proposed countermeasure is not safe for use in its present form.

Abstract. Hardware implementations of cryptographic algorithms are vulnerable to fault analysis attacks. To detect these attacks we propose an architecture based on robust nonlinear systematic (n,k)-error-detecting codes. These nonlinear codes offer advantages over linear codes since they are capable of providing uniform error detecting coverage independently of the error distributions. They make no assumptions about what faults or errors will be injected by an attacker. Architectures based on these codes have fewer undetectable errors than linear codes with the same (n,k). We also present several optimization approaches which provide for a tradeoff between the levels of robustness and required overhead for hardware implementations. 1

Abstract. In this paper we present an enhanced Differential Fault Attack that can be applied to the AES using a single fault. We demonstrate that when a single random byte fault is induced that affects the input of the eighth round, the AES key can be deduced using a two stage algorithm. The first step, would be expected to reduce the possible key hypotheses to 2 32, and the second step to a mere 2 8. Furthermore, we show that, with certain faults, this can be further reduced to two key hypotheses.

Abstract. Till recently it was impossible to have more than one single application running on a smart card. Multiapplication cards, and especially Java Cards, now make it possible to have several applications sharing the same physical piece of plastic. Today, these cards accept to load code only after an authentication. But in the future, the cards will be open an everybody should be authorized to upload an application. This raises new security problems by creating additional ways to attack Java Cards. These problems and the method to test them are the topic of this paper. The attacks will be illustrated with code samples. The method presented here can be applied right now by authorised people (e.g. Information Technology Evaluation Facility – ITSEF) to test the security of Java Cards since they have the authentication keys and tomorrow a hacker may also be able to use this method to attack cards without needing the keys. KEYWORDS: Java Card, Security, Attack. 1

Abstract. Deliberate injection of faults into cryptographic devices is an effective cryptanalysis technique against symmetric and asymmetric encryption algorithms. To protect cryptographic implementations (e.g. of the recent AES which will be our running example) against these attacks, a number of innovative countermeasures have been proposed, usually based on the use of space and time redundancies (e.g. error detection/correction techniques, repeated computations). In this paper, we take the next natural step in engineering studies where alternative methods exist, namely, we take a comparative perspective. For this purpose, we use unified security and efficiency metrics to evaluate various recent protections against fault attacks. The comparative study reveals security weaknesses in some of the countermeasures (e.g. intentional malicious fault injection that are unrealistically modelled). The study also demonstrates that, if fair performance evaluations are performed, many countermeasures are not better than the naive solutions, namely duplication or repetition. We finally suggest certain design improvements for some countermeasures, and further discuss security/efficiency tradeoffs. 1

We present an attack on DSA smart-cards which combines physical fault injection and lattice reduction techniques. This seems to be the first (publicly reported) physical experiment allowing to concretely pull-out DSA keys out of smart-cards. We employ a particular type of fault attack known as a glitch attack, which will be used to actively modify the DSA nonce k used for generating the signature: k will be tampered with so that a number of its least significant bytes will flip to zero. Then we apply well-known lattice attacks on El Gamal-type signatures which can recover the private key, given su#ciently many signatures such that a few bits of each corresponding k are known. In practice, when one byte of each k is zeroed, 27 signatures are su#cient to disclose the private key. The more bytes of k we can reset, the fewer signatures will be required. This paper presents the theory, methodology and results of the attack as well as possible countermeasures.

Seifert recently described a new fault attack against an implementation of RSA signature verification. Here we

By the end of 2004, the GSM Association reported that over 600 networks in more than 200 countries were serving more than 1.2 billion users [1]. This extraordinary development of inexpensive and flexible mobile communications is also a source of new security challenges. This paper briefly lists the forensic challenges raised by handsets and overviews the handset analysis techniques used (or usable) by law enforcement officers in the course of criminal investigations. 1.

The Secure Hash Algorithm SHA-512 is a dedicated cryptographic hash function widely considered for use in data integrity assurance and data origin authentication security services. Reconfigurable hardware devices such as Field Programmable Gate Arrays (FPGAs) offer a flexible and easily upgradeable platform for implementation of cryptographic hash functions. Owing to the iterative structure of SHA-512, even a single transient error at any stage of the hash value computation will result in large number of errors in the final hash value. Hence, detection of errors becomes a key design issue. In this paper, we present a detailed analysis of the propagation of errors to the output in the hardware implementation of SHA-512. Included in this analysis are single, transient as well as permanent faults that may appear at any stage of the hash value computation. We then propose an error detection scheme based on parity codes and hardware redundancy. We report the performance metrics such as area, memory, and throughput for the implementation of SHA-512 with error detection capability on an FPGA of ALTERA. We achieved 100 % fault coverage in the case of single faults with an area overhead of 21 % and with a reduced throughput of 11.6% with the error detection circuit.