Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures
نویسندگان
چکیده
This article describes concrete results and practically validated countermeasures concerning differential fault attacks on RSA using the CRT. We investigate smartcards with an RSA coprocessor where any hardware countermeasures to defeat fault attacks have been switched off. This scenario was chosen in order to analyze the reliability of software countermeasures. We start by describing our laboratory setting for the attacks. Hereafter, we describe the experiments and results of a straightforward implementation of a well-known countermeasure. This implementation turned out to be not sufficient. With the data obtained by these experiments we developed a practical error model. This enabled us to specify enhanced software countermeasures for which we were not able to produce any successful attacks on the investigated chips. Nevertheless, we are convinced that only sophisticated hardware countermeasures (sensors, filters, etc.) in combination with software countermeasures will be able to provide security.
منابع مشابه
Fault Attacks for CRT Based RSA: New Attacks, New Results, and New Countermeasures
Nowadays RSA using Chinese Remainder Theorem (CRT) is widely used in practical applications. However there is a very powerful attack against it with a fault injection during one of its exponentiations. Many countermeasures were proposed but almost all of them are proven to be insecure. In 2005, two new countermeasures were proposed. However they still have a weakness. The final signature is sto...
متن کاملPractical Fault Countermeasures for Chinese Remaindering Based RSA
Most implementations of the widely-used RSA cryptosystem rely on Chinese remaindering (CRT) as this greatly improves the performances in both running times and memory requirements. Unfortunately, CRT-based implementations are also known to be more sensitive to fault attacks: a single fault in an RSA exponentiation may reveal the secret prime factors trough a GCD computation, that is, a total br...
متن کاملOn Second-Order Fault Analysis Resistance for CRT-RSA Implementations
Since their publication in 1996, Fault Attacks have been widely studied from both theoretical and practical points of view and most of cryptographic systems have been shown vulnerable to this kind of attacks. Until recently, most of the theoretical fault attacks and countermeasures used a fault model which assumes that the attacker is able to disturb the execution of a cryptographic algorithm o...
متن کاملHardware Fault Attackon RSA with CRT Revisited
In this paper, some powerful fault attacks will be pointed out which can be used to factorize the RSA modulus if CRT is employed to speedup the RSA computation. These attacks are generic and can be applicable to Shamir’s countermeasure and also applicable to a recently published enhanced countermeasure (trying to improve Shamir’s method) for RSA with CRT. These two countermeasures share some si...
متن کاملOptical and EM Fault-Attacks on CRT-based RSA: Concrete Results
RSA is a well-known algorithm that is used in various cryptographic systems like smart cards and e-commerce applications. This article presents practical attacks on implementations of RSA that use the Chinese Remainder Theorem (CRT). The attacks have been performed by inducing faults into a cryptographic device through optical and electromagnetic injections. We show optical attacks using fibre-...
متن کامل