Fault Attacks on the Elliptic Curve ElGamal Cryptosystem

Hardware implementations of advanced cryptographic schemes gain in importance for emerging cyber-physical and autonomous systems, and their resistance against physical attacks is becoming a central requirement. This paper studies fault-injection attacks against the private key of the Elliptic Curve ElGamal cryptosystem. It extends previously introduced bit and byte fault models by models that assume faults in arbitrary s -bit portions (subtuples) of the key. We provide a mathematical proof that characterizes the set of subtuple candidates after a fault injection affecting an arbitrary number of bits s . The proof reinforces earlier findings for s = 8 and implies that the number of key subtuple candidates grows exponentially in s . We also report on fault-injection experiments, both on the software level and using an optimized hardware implementation for NIST-recommended elliptic curves.