Cryptanalysis of Two Protocols for RSA with CRT Based on Fault Infection
نویسندگان
چکیده
منابع مشابه
RSA Speedup with Chinese Remainder Theorem Immune against Hardware Fault Cryptanalysis
This article considers the problem of how to prevent the fast RSA signature and decryption computation with residue number system (or called the CRT-based approach) speedup from a hardware fault cryptanalysis in a highly reliable and efficient approach. The CRT-based speedup for RSA signature has been widely adopted as an implementation standard ranging from large servers to very tiny smart IC ...
متن کاملRSA with Chinese Reminder Theorem Immune to Fault Cryptanalysis
This article examines the problem of fast RSA encryption with Chinese Reminder Theorem (CRT) immune against hardware fault cryptanalysis. This type of RSA scheme has been widely adopted as a standard implementation in many applications ranging from large servers to tiny smart cards. However, single error in this scheme can totally break the whole RSA scheme by factoring public modulus. It will ...
متن کاملHardware Fault Attackon RSA with CRT Revisited
In this paper, some powerful fault attacks will be pointed out which can be used to factorize the RSA modulus if CRT is employed to speedup the RSA computation. These attacks are generic and can be applicable to Shamir’s countermeasure and also applicable to a recently published enhanced countermeasure (trying to improve Shamir’s method) for RSA with CRT. These two countermeasures share some si...
متن کاملSolving Linear Equations Modulo Unknown Divisors: Revisited
We revisit the problem of finding small solutions to a collection of linear equations modulo an unknown divisor p for a known composite integer N . In CaLC 2001, Howgrave-Graham introduced an efficient algorithm for solving univariate linear equations; since then, two forms of multivariate generalizations have been considered in the context of cryptanalysis: modular multivariate linear equation...
متن کاملA New Attack on RSA and CRT-RSA
In RSA, the public modulus N = pq is the product of two primes of the same bit-size, the public exponent e and the private exponent d satisfy ed ≡ 1 (mod (p−1)(q−1)). In many applications of RSA, d is chosen to be small. This was cryptanalyzed by Wiener in 1990 who showed that RSA is insecure if d < N. As an alternative, Quisquater and Couvreur proposed the CRT-RSA scheme in the decryption phas...
متن کامل