RSA with CRT: A New Cost-Effective Solution to Thwart Fault Attacks
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
On Second-Order Fault Analysis Resistance for CRT-RSA Implementations
WISTP '09 Proceedings of the 3rd IFIP WG 11.2 International Workshop on Information Security Theory and Practice. Smart Devices, Pervasive Systems, and Ubiquitous Networks
Programmable and Parallel ECC Coprocessor Architecture: Tradeoffs between Area, Speed and Security
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
A new CRT-RSA algorithm resistant to powerful fault attacks
WESS '10 Proceedings of the 5th Workshop on Embedded Systems Security
Combined implementation attack resistant exponentiation
LATINCRYPT'10 Proceedings of the First international conference on Progress in cryptology: cryptology and information security in Latin America
An efficient CRT-RSA algorithm secure against power and fault attacks
Journal of Systems and Software
Memory-efficient fault countermeasures
CARDIS'11 Proceedings of the 10th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
Comprehensive analysis of software countermeasures against fault attacks
Proceedings of the Conference on Design, Automation and Test in Europe
| Hi-index | 0.01 |
RSA cryptosystem is one of the most widely used algorithms nowadays. However when it is implemented in embedded devices such as smart cards, it can be vulnerable to power analysis attacks and fault attacks. To defeat all known side channel attacks and fault attacks, several countermeasures should be used together. However due to the low computation capability of the embedded devices, we have to find the best solution or combination among countermeasures. Furthermore, we should be careful since a countermeasure may produce another new vulnerability such as Yen et. al.'s safe-error attack in a simple power analysis (SPA) countermeasure. In 2005, Giraud proposed a scheme secure against simple power analysis as well as fault attack (FA). Afterwards, Fumaroli and Vigilant proposed an exponentiation algorithm secure against differential power analysis (DPA) as well as simple power analysis and fault attack with almost 1.5 times increase in time complexity compared to Giraud's. To the authors' best knowledge, it was a first trial to prevent SPA, DPA, and FA simultaneously on exponentiation with one solution. In this paper we show Fumaroli and Vigilant's scheme can be broken by fault attacks and propose a direction to construct efficient countermeasures secure against all known side channel analyses and fault attacks on RSA-CRT with low time complexity.