A Novel Lattice-Based Fault Injection Attack Targeting the Nonce in the SM2 Digital Signature Algorithm

A Novel Lattice-Based Fault Injection Attack Targeting the Nonce in the SM2 Digital Signature Algorithm

연구 분야: Cryptography

학회: ACM Transactions on Embedded Computing Systems, Volume 24, Issue 4

In embedded systems, particularly resource-constrained Internet of Things (IoT) devices, the SM2 Digital Signature Algorithm (SM2-DSA) standard is widely deployed for cryptographic security. While fault injection attacks can compromise digital signatures and extract private keys without physical damage, traditional approaches require precise temporal or spatial control, resulting in limited success rates and revealing insufficient research into the potential vulnerabilities of SM2-DSA. To address this issue, this article introduces a novel and efficient lattice-based fault attack method targeting SM2-DSA. The method involves injecting faults into the nonce before the fourth step of the signature operation. By leveraging both the correct and erroneous intermediate values of Q obtained from the signature and verification processes, we can deduce partial bits of the nonce. Following this, we construct a lattice attack to recover the private key. Additionally, we establish the theoretical security boundary for lattice attack against SM2-DSA. Building upon the boundary, we propose an efficient implementation scheme for the attack. Experimental results demonstrate a 100% success rate over 1,000 trials, using 61 signatures with six known bits of nonces for 256-bit SM2-DSA, with each recovery process completed in under three seconds. Finally, we propose countermeasures against this attack. Our proposed attack reveals potential security vulnerabilities in SM2-DSA implementations, providing constructive guidance for enhancing algorithmic security measures and defensive countermeasures.