CRT RSA Algorithm Protected Against Fault Attacks
نویسندگان
چکیده
Embedded devices performing RSA signatures are subject to Fault Attacks, particularly when the Chinese Remainder Theorem is used. In most cases, the modular exponentiation and the Garner recombination algorithms are targeted. To thwart Fault Attacks, we propose a new generic method of computing modular exponentiation and we prove its security in a realistic fault model. By construction, our proposal is also protected against Simple Power Analysis. Based on our new resistant exponentiation algorithm, we present two different ways of computing CRT RSA signatures in a secure way. We show that those methods do not increase execution time and can be easily implemented on low-resource devices.
منابع مشابه
Algorithmic Countermeasures Against Fault Attacks and Power Analysis for RSA-CRT
In this work, we analyze all existing RSA-CRT countermeasures against the Bellcore attack that use binary self-secure exponentiation algorithms. We test their security against a powerful adversary by simulating fault injections in a fault model that includes random, zeroing, and skipping faults at all possible fault locations. We find that most of the countermeasures are vulnerable and do not p...
متن کاملFormal verification of an implementation of CRT-RSA algorithm
Cryptosystems are highly sensitive to physical attacks, which leads security developers to design more and more complex countermeasures. Nonetheless, no proof of flaw absence has been given for any implementation of these countermeasures. This paper aims to formally verify an implementation of one published countermeasure against fault injection attacks. More precisely, the formal verification ...
متن کاملHardware Fault Attackon RSA with CRT Revisited
In this paper, some powerful fault attacks will be pointed out which can be used to factorize the RSA modulus if CRT is employed to speedup the RSA computation. These attacks are generic and can be applicable to Shamir’s countermeasure and also applicable to a recently published enhanced countermeasure (trying to improve Shamir’s method) for RSA with CRT. These two countermeasures share some si...
متن کاملPractical Fault Countermeasures for Chinese Remaindering Based RSA
Most implementations of the widely-used RSA cryptosystem rely on Chinese remaindering (CRT) as this greatly improves the performances in both running times and memory requirements. Unfortunately, CRT-based implementations are also known to be more sensitive to fault attacks: a single fault in an RSA exponentiation may reveal the secret prime factors trough a GCD computation, that is, a total br...
متن کاملWagner's Attack on a Secure CRT-RSA Algorithm Reconsidered
At CCS 2003, a new CRT-RSA algorithm was presented in [BOS03], which was claimed to be secure against fault attacks for various fault models. At CCS 2004, David Wagner presented an attack on the proposed scheme, claiming that the so-called BOS scheme was insecure for all presented fault models [Wag04]. However, the attack itself contains a flaw which shows that although the BOS scheme is broken...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2007