2012 Workshop on Fault Diagnosis and Tolerance in Cryptography
DOI: 10.1109/fdtc.2012.13
Full text: Download
This paper presents an extension of the byte-fault attack on signature schemes presented by Giraud et al. Our work extends their attack in a number of ways, but the main focus is an alternative fault model motivated by existing fault injection results. Instead of assuming faults are uniformly distributed (i.e., a given bit is flipped with probability 1/2), we consider the case where faults are biased (i.e., the probability differs from 1/2). Our results show that injecting biased faults allows an attacker to reveal security-critical data with significantly fewer faults and/or a significantly faster search through the remaining candidates.