In the field of cryptography engineering, implementation-based attacks are a major concern due to their proven feasibility. Fault injection is one attack vector, nowadays a major research line. In this paper, we present how a memory tampering-based fault attack can be used to severely limit the output space of binary GCD based modular inversion algorithm implementations. We frame the proposed attack in the context of ECDSA showing how this approach allows recovering the private key from only one signature, independent of the key size. We analyze two memory tampering proposals, illustrating how this technique can be adapted to different implementations. Besides its application to ECDSA, it can be extended to other cryptographic schemes and countermeasures where binary GCD based modular inversion algorithms are employed. In addition, we describe how memory tampering-based fault attacks can be used to mount a previously proposed fault attack on scenarios that were initially discarded, showing the importance of including memory tampering attacks in the frameworks for analyzing fault attacks and their countermeasures.

中文翻译：

---

基于二进制 GCD 的反演算法的内存篡改攻击

在密码工程领域，基于实现的攻击因其已被证明的可行性而成为主要关注点。故障注入是一种攻击媒介，现在是一个主要的研究方向。在本文中，我们介绍了如何使用基于内存篡改的故障攻击来严重限制基于二进制 GCD 的模反演算法实现的输出空间。我们在 ECDSA 的背景下构建了提议的攻击，展示了这种方法如何允许仅从一个签名中恢复私钥，而与密钥大小无关。我们分析了两个内存篡改提议，说明了该技术如何适用于不同的实现。除了应用于 ECDSA 之外，它还可以扩展到其他使用基于二进制 GCD 的模块化反演算法的密码方案和对策。此外，