Abstract
The Edwards-curve Digital Signature Algorithm (EdDSA) was proposed to perform fast public-key digital signatures as a replacement for the Elliptic Curve Digital Signature Algorithm (ECDSA). Its key advantages for embedded devices are higher performance and straightforward, secure implementations. Indeed, neither branch nor lookup operations depending on the secret values are performed during a signature. These properties thwart many side-channel attacks. Nevertheless, we demonstrate here that a single-fault attack against EdDSA can recover enough private key material to forge valid signatures for any message. We demonstrate a practical application of this attack against an implementation on Arduino Nano. To the authors' best knowledge this is the first practical fault attack against EdDSA or Ed25519.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call