Fault Attacks on RSA Public Keys: Left-To-Right Implementations Are Also Vulnerable

Authors:
Alexandre Berzati;Cécile Canovas;Jean-Guillaume Dumas;Louis Goubin
Affiliations:
CEA-LETI/MINATEC, Grenoble Cedex 9, France 38054 and Versailles Saint-Quentin University, Versailles Cedex, France 78035;CEA-LETI/MINATEC, Grenoble Cedex 9, France 38054;Laboratoire Jean Kuntzmann, umr CNRS 5224, Université de Grenoble, Grenoble, France 38041;Versailles Saint-Quentin University, Versailles Cedex, France 78035
Venue:
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
Year:
2009

Citing 12
Cited 6

A course in computational algebraic number theory

A course in computational algebraic number theory
Differential Fault Analysis of Secret Key Cryptosystems

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Breaking Public Key Cryptosystems on Tamper Resistant Devices in the Presence of Transient Faults

Proceedings of the 5th International Workshop on Security Protocols
A new CRT-RSA algorithm secure against bellcore attacks

Proceedings of the 10th ACM conference on Computer and communications security
Cryptanalysis of a provably secure CRT-RSA algorithm

Proceedings of the 11th ACM conference on Computer and communications security
On authenticated computing and RSA-based authentication

Proceedings of the 12th ACM conference on Computer and communications security
A computational introduction to number theory and algebra

A computational introduction to number theory and algebra
Perturbating RSA Public Keys: An Improved Attack

CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
On the importance of checking cryptographic protocols for faults

EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Why one should also secure RSA public key elements

CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
Wagner’s attack on a secure CRT-RSA algorithm reconsidered

FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography
DFA on AES

AES'04 Proceedings of the 4th international conference on Advanced Encryption Standard

Public key perturbation of randomized RSA implementations

CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
PUF ROKs: a hardware approach to read-once keys

Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
A new and extended fault analysis on RSA

Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Modulus fault attacks against RSA-CRT signatures

CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Secret key leakage from public key perturbation of DLP-Based cryptosystems

Cryptography and Security
Fault analysis of the NTRUSign digital signature scheme

Cryptography and Communications

Quantified Score

Hi-index	0.00

Visualization

Abstract

After attacking the RSA by injecting fault and corresponding countermeasures, works appear now about the need for protecting RSA public elements against fault attacks. We provide here an extension of a recent attack [BCG08] based on the public modulus corruption. The difficulty to decompose the "Left-To-Right" exponentiation into partial multiplications is overcome by modifying the public modulus to a number with known factorization. This fault model is justified here by a complete study of faulty prime numbers with a fixed size. The good success rate of this attack combined with its practicability raises the question of using faults for changing algebraic properties of finite field based cryptosystems.