Perturbating RSA Public Keys: An Improved Attack
نویسندگان
چکیده
Since its first introduction by Bellcore researchers [BDL97], fault injections have been considered as a powerful and practical way to attack cryptosystems, especially when they are implemented on embedded devices. Among published attacks, Brier et al. followed the work initiated by Seifert to raise the problem of protecting RSA public elements. We describe here a new fault attack on RSA public elements. Under a very natural fault model, we show that our attack is more efficient than previously published ones. Moreover, the general strategy described here can be applied using multiple transient fault models, increasing the practicability of the attack. Both the theoretical analysis of the success probability, and the experimental results – obtained with the GMP Library on a PC –, provide evidence that this is a real threat for all RSA implementations, and confirm the need for protection of the public key.
منابع مشابه
A Generalized Wiener Attack on RSA
We present an extension of Wiener’s attack on small RSA secret decryption exponents [10]. Wiener showed that every RSA public key tuple (N, e) with e ∈ ∗ φ(N) that satisfies ed − 1 = 0 mod φ(N) for some d < 1 3 N 1 4 yields the factorization of N = pq. Our new method finds p and q in polynomial time for every (N, e) satisfying ex + y = 0 mod φ(N) with x < 1 3 N 1 4 and |y| = O(N− 3 4 ex). In ot...
متن کاملVariants of Bleichenbacher's Low-Exponent Attack on PKCS#1 RSA Signatures
We give three variants and improvements of Bleichenbacher’s low-exponent attack from CRYPTO 2006 on PKCS#1 v1.5 RSA signatures. For each of these three variants the fake signature representatives are accepted as valid by a flawed implementation. Our attacks work against much shorter keys as Bleichenbacher’s original attack, i.e. even for usual 1024 bit RSA keys. The first two variants can be us...
متن کامل- 1 - Attack on Private Signature Keys of the
The article describes an attack on OpenPGP format, which leads to disclosure of the private signature keys of the DSA and RSA algorithms. The OpenPGP format is used in a number of applications including PGP, GNU Privacy Guard and other programs specified on the list of products compatible with OpenPGP, which is available at http://www.pgpi.org/products. Therefore all these applications must und...
متن کاملAttack on Private Signature Keys
The article describes an attack on OpenPGP format, which leads to disclosure of the private signature keys of the DSA and RSA algorithms. The OpenPGP format is used in a number of applications including PGP, GNU Privacy Guard and other programs specified on the list of products compatible with OpenPGP, which is available at http://www.pgpi.org/products. Therefore all these applications must und...
متن کاملReconstructing RSA Private Keys from Random Key Bits
We show that an RSA private key with small public exponent can be efficiently recovered given a 0.27 fraction of its bits at random. An important application of this work is to the “cold boot” attacks of Halderman et al. We make new observations about the structure of RSA keys that allow our algorithm to make use of the redundant information in the typical storage format of an RSA private key. ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2008