Cryptanalysis of Dual CRT-RSA

RSA with Chinese Reminder Theorem Immune to Fault Cryptanalysis

This article examines the problem of fast RSA encryption with Chinese Reminder Theorem (CRT) immune against hardware fault cryptanalysis. This type of RSA scheme has been widely adopted as a standard implementation in many applications ranging from large servers to tiny smart cards. However, single error in this scheme can totally break the whole RSA scheme by factoring public modulus. It will ...

A New Attack on RSA and CRT-RSA

In RSA, the public modulus N = pq is the product of two primes of the same bit-size, the public exponent e and the private exponent d satisfy ed ≡ 1 (mod (p−1)(q−1)). In many applications of RSA, d is chosen to be small. This was cryptanalyzed by Wiener in 1990 who showed that RSA is insecure if d < N. As an alternative, Quisquater and Couvreur proposed the CRT-RSA scheme in the decryption phas...

Cryptanalysis of Two Protocols for RSA with CRT Based on Fault Infection

RSA Speedup with Chinese Remainder Theorem Immune against Hardware Fault Cryptanalysis

This article considers the problem of how to prevent the fast RSA signature and decryption computation with residue number system (or called the CRT-based approach) speedup from a hardware fault cryptanalysis in a highly reliable and efficient approach. The CRT-based speedup for RSA signature has been widely adopted as an implementation standard ranging from large servers to very tiny smart IC ...

Side Channel Attack to Actual Cryptanalysis: Breaking CRT-RSA with Low Weight Decryption Exponents

Towards the cold boot attack (a kind of side channel attack), the problems of reconstructing RSA parameters when (i) certain bits are unknown (Heninger and Shacham, Crypto 2009) and (ii) the bits are available but with some error probability (Henecka, May and Meurer, Crypto 2010) have been considered very recently. In this paper we exploit the error correction heuristic proposed by Henecka et a...