A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Handbook of Applied Cryptography
Handbook of Applied Cryptography
UMAC: Fast and Secure Message Authentication
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Designing and implementing malicious hardware
LEET'08 Proceedings of the 1st Usenix Workshop on Large-Scale Exploits and Emergent Threats
Signature Schemes with Bounded Leakage Resilience
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Fault-based attack of RSA authentication
Proceedings of the Conference on Design, Automation and Test in Europe
Secure set intersection with untrusted hardware tokens
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
Achieving leakage resilience through dual system encryption
TCC'11 Proceedings of the 8th conference on Theory of cryptography
Proceedings of the forty-third annual ACM symposium on Theory of computing
Hardware trojans for inducing or amplifying side-channel leakage of cryptographic software
INTRUST'10 Proceedings of the Second international conference on Trusted Systems
Practical realisation and elimination of an ECC-Related software bug attack
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Efficient gröbner basis reductions for formal verification of galois field multipliers
DATE '12 Proceedings of the Conference on Design, Automation and Test in Europe
Hi-index | 0.00 |
In this paper we present a new kind of cryptanalytic attack which utilizes bugs in the hardware implementation of computer instructions. The best known example of such a bug is the Intel division bug, which resulted in slightly inaccurate results for extremely rare inputs. Whereas in most applications such bugs can be viewed as a minor nuisance, we show that in the case of RSA (even when protected by OAEP), Pohlig-Hellman, elliptic curve cryptography, and several other schemes, such bugs can be a security disaster: Decrypting ciphertexts on anycomputer which multiplies even one pair of numbersincorrectly can lead to full leakage of the secret key, sometimes with a single well-chosen ciphertext.