University of Brighton
In this paper, the authors show that the fault attack described is much more efficient than originally claimed. They proved that, using the same attack model, they need 34.3% less faulty signatures to recover a 160-bit private key. Furthermore, by improving the fault model expression, they show that for some key values they obtain another improvement of up to 47.1%. Finally, they show that there is no optimal way of performing the exhaustive search in order to reduce the computation complexity of this step.