Crashing Modulus Attack on Modular Squaring for Rabin Cryptosystem
نویسندگان
چکیده
The Rabin cryptosystem has been proposed protect the unique ID (UID) in radio-frequency identification tags. The Rabin cryptosystem is a type of lightweight public key system that is theoretetically quite secure; however it is vulnerable to several side-channel attacks. In this paper, a crashing modulus attack is presented as a new fault attack on modular squaring during Rabin encryption. This attack requires only one fault in the public key if its perturbed public key can be factored. Our simulation results indicate that the attack is more than 50% successful with several faults in practical time. A complicated situation arises when reconstrucing the message, including the UID, from ciphertext, i.e., the message and the perturbed public key are not relatively prime. We present a complete and mathematically rigorous message reconstruction algorithm for such a case. Moreover, we propose an exact formula to obtain a number of candidate messages. We show that the number is not generally equal to a power of two.
منابع مشابه
Power Analysis to ECC Using Differential Power Between Multiplication and Squaring
Power analysis is a serious attack to implementation of elliptic curve cryptosystems (ECC) on smart cards. For ECC, many power analysis attacks and countermeasures have been proposed. In this paper, we propose a novel power analysis attack using differential power between modular multiplication and modular squaring. We show how this difference occurs in CMOS circuits by counting the expectation...
متن کاملA Public-Key Cryptosystem Utilizing Cyclotomic Fields
While it is well-known that the RSA public-key cryptosystem can be broken if its modulus N can be factored, it is not known whether there are other ways of breaking RSA. This paper presents a public-key scheme which necessarily requires knowledge of the factorization of its modulus in order to be broken. Rabin introduced the first system whose security is equivalent to the difficulty of factori...
متن کاملSmashing SQUASH-0
At the RFID Security Workshop 2007, Adi Shamir presented a new challenge-response protocol well suited for RFIDs, although based on the Rabin public-key cryptosystem. This protocol, which we call SQUASH-0, was using a linear mixing function which was subsequently withdrawn. Essentially, we mount an attack against SQUASH-0 with full window which could be used as a “known random coins attack” aga...
متن کاملEfficient Randomized Regular Modular Exponentiation using Combined Montgomery and Barrett Multiplications
Cryptographic operations performed on an embedded device are vulnerable to side channel analysis and particularly to differential and correlation power analysis. The basic protection against such attacks is to randomize the data all along the cryptographic computations. In this paper we present a modular multiplication algorithm which can be used for randomization. We show that we can use it to...
متن کاملFast Generation of Prime Numbers and
A very eecient recursive algorithm for generating nearly random prov-able primes is presented. The expected time for generating a prime is only slightly greater than the expected time required for generating a pseudo-prime of the same size that passes the Miller-Rabin test for only one base. Therefore our algorithm is even faster than presently-used algorithms for generating only pseudo-primes ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید
ثبت ناماگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید
ورودعنوان ژورنال:
- CoRR
دوره abs/1603.00100 شماره
صفحات -
تاریخ انتشار 2016