Fault attacks

Introduction to Fault Attacks

https://www.cosic.esat.kuleuven.be/summer_school_sardinia_2015/slides/Balasch.pdf

https://www.youtube.com/watch?v=4cGXYxSd_s4

DEFEATING ED25519 AND EDDSA USING A FAULT ATTACK

https://romailler.ch/project/eddsa-fault/

Fault attack agaisnt EdDSA demonstrated on an Arduino Nano board, allowing for partial key recovery and fake signatures.

https://github.com/kudelskisecurity/EdDSA-fault-attack

We demonstrated it on an Arduino Nano, using the Arduino Libs' Crypto Ed25519 implementation and simple voltage glitches. We were able to cause single byte random errors at the end of the computation of H(R,A,M), allowing us to efficiently brute-force the error location and value, thus recovering half of the secret key. This allowed us to generate seemingly valid signatures for any message, thanks to randomly generated rr values, in a way that is indistinguishable from the real signer to the verifier, since the value rr has to be kept secret by the signer.

How to defeat Ed25519 and EdDSA using faults

https://news.ycombinator.com/item?id=15414760

Practical fault attack against the Ed25519 and EdDSA signature schemes

https://www.romailler.ch/ddl/10.1109_FDTC.2017.12_eddsa.pdf

Fault Attacks on Nonce-based Authenticated Encryption: Application to Keyak and Ketje

https://eprint.iacr.org/2018/852.pdf

Introduction to side-channel attacks and fault attacks

https://ieeexplore.ieee.org/document/7522801