University of Luton
A fault attack consists in inducing hardware malfunctions in order to recover secrets from electronic devices. One of the most famous fault attack is Bellcore's attack against RSA with CRT; it consists in inducing a fault modulo p but not modulo q at signature generation step; then by taking a gcd the attacker can recover the factorization of N = pq. The Bellcore attack applies to any encoding function that is deterministic, for example FDH. Recently, the attack was extended to randomized encodings based on the ISO/IEC 9796-2 signature standard.