RSA with CRT: A New Cost-Effective Solution to Thwart Fault Attacks
نویسنده
چکیده
Fault attacks as introduced by Bellcore in 1996 are still a major threat toward cryptographic products supporting RSA signatures. Most often on embedded devices, the public exponent is unknown, turning resistance to fault attacks into an intricate problem. Over the past few years, several techniques for secure implementations have been published, all of which suffering from inadequacy with the constraints faced by embedded platforms. In this paper, we introduce a novel countermeasure mechanism against fault attacks in RSA signature generation. In the restricted context of security devices where execution time, memory consumption, personalization management and code size are strong constraints, our countermeasure is simply applicable with a low computational complexity. Our method extends to all cryptosystems based on modular exponentiation.
منابع مشابه
CRT RSA Algorithm Protected Against Fault Attacks
Embedded devices performing RSA signatures are subject to Fault Attacks, particularly when the Chinese Remainder Theorem is used. In most cases, the modular exponentiation and the Garner recombination algorithms are targeted. To thwart Fault Attacks, we propose a new generic method of computing modular exponentiation and we prove its security in a realistic fault model. By construction, our pro...
متن کاملOptical and EM Fault-Attacks on CRT-based RSA: Concrete Results
RSA is a well-known algorithm that is used in various cryptographic systems like smart cards and e-commerce applications. This article presents practical attacks on implementations of RSA that use the Chinese Remainder Theorem (CRT). The attacks have been performed by inducing faults into a cryptographic device through optical and electromagnetic injections. We show optical attacks using fibre-...
متن کاملFault Attacks for CRT Based RSA: New Attacks, New Results, and New Countermeasures
Nowadays RSA using Chinese Remainder Theorem (CRT) is widely used in practical applications. However there is a very powerful attack against it with a fault injection during one of its exponentiations. Many countermeasures were proposed but almost all of them are proven to be insecure. In 2005, two new countermeasures were proposed. However they still have a weakness. The final signature is sto...
متن کاملHardware Fault Attackon RSA with CRT Revisited
In this paper, some powerful fault attacks will be pointed out which can be used to factorize the RSA modulus if CRT is employed to speedup the RSA computation. These attacks are generic and can be applicable to Shamir’s countermeasure and also applicable to a recently published enhanced countermeasure (trying to improve Shamir’s method) for RSA with CRT. These two countermeasures share some si...
متن کاملOn Second-Order Fault Analysis Resistance for CRT-RSA Implementations
Since their publication in 1996, Fault Attacks have been widely studied from both theoretical and practical points of view and most of cryptographic systems have been shown vulnerable to this kind of attacks. Until recently, most of the theoretical fault attacks and countermeasures used a fault model which assumes that the attacker is able to disturb the execution of a cryptographic algorithm o...
متن کامل