Hardware Fault Attackon RSA with CRT Revisited
نویسندگان
چکیده
In this paper, some powerful fault attacks will be pointed out which can be used to factorize the RSA modulus if CRT is employed to speedup the RSA computation. These attacks are generic and can be applicable to Shamir’s countermeasure and also applicable to a recently published enhanced countermeasure (trying to improve Shamir’s method) for RSA with CRT. These two countermeasures share some similar structure in their designs and both suffer from some of the proposed attacks. The first kind of attack proposed in this paper is to induce a fault (which can be either a computational fault or any fault when data being accessed) into an important modulo reduction operation of the above two countermeasures. Note that this hardware fault attack can neither be detected by Shamir’s countermeasure nor by the recently announced enhancement. The second kind of attack proposed in this paper considers permanent fault on some stored parameters in the above two countermeasures. The result shows that some permanent faults cannot be detected. Hence, the CRT-based factorization attack still works. The proposed CRT-based fault attacks once again reveals the importance of developing a sound countermeasure against RSA with CRT.
منابع مشابه
RSA with Chinese Reminder Theorem Immune to Fault Cryptanalysis
This article examines the problem of fast RSA encryption with Chinese Reminder Theorem (CRT) immune against hardware fault cryptanalysis. This type of RSA scheme has been widely adopted as a standard implementation in many applications ranging from large servers to tiny smart cards. However, single error in this scheme can totally break the whole RSA scheme by factoring public modulus. It will ...
متن کاملRSA Speedup with Chinese Remainder Theorem Immune against Hardware Fault Cryptanalysis
This article considers the problem of how to prevent the fast RSA signature and decryption computation with residue number system (or called the CRT-based approach) speedup from a hardware fault cryptanalysis in a highly reliable and efficient approach. The CRT-based speedup for RSA signature has been widely adopted as an implementation standard ranging from large servers to very tiny smart IC ...
متن کاملFault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures
This article describes concrete results and practically validated countermeasures concerning differential fault attacks on RSA using the CRT. We investigate smartcards with an RSA coprocessor where any hardware countermeasures to defeat fault attacks have been switched off. This scenario was chosen in order to analyze the reliability of software countermeasures. We start by describing our labor...
متن کاملPractical Fault Countermeasures for Chinese Remaindering Based RSA
Most implementations of the widely-used RSA cryptosystem rely on Chinese remaindering (CRT) as this greatly improves the performances in both running times and memory requirements. Unfortunately, CRT-based implementations are also known to be more sensitive to fault attacks: a single fault in an RSA exponentiation may reveal the secret prime factors trough a GCD computation, that is, a total br...
متن کاملOn Second-Order Fault Analysis Resistance for CRT-RSA Implementations
Since their publication in 1996, Fault Attacks have been widely studied from both theoretical and practical points of view and most of cryptographic systems have been shown vulnerable to this kind of attacks. Until recently, most of the theoretical fault attacks and countermeasures used a fault model which assumes that the attacker is able to disturb the execution of a cryptographic algorithm o...
متن کامل