A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
The Montgomery Powering Ladder
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Fault attacks for CRT based RSA: new attacks, new results and new countermeasures
WISTP'07 Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems
Fault attacks on the montgomery powering ladder
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
| Hi-index | 0.00 |
The Montgomery ladder exponentiation algorithm is recognized as a very efficient countermeasure against Simple Power Analysis and C Safe-Error Attacks on RSA or elliptic curve cryptosystem. In this paper, we demonstrate the vulnerability of the Montgomery ladder algorithm to fault analysis attack when an error is injected during its operation in an embedded cryptographic chip. After injecting an error, we measure the power traced and compare it with an original correct trace. As a result, we can derive the secret key of the public-key cryptosystems such as RSA by computing the correlation coefficients of two power traces for correct and faulty cryptographic operations with same input.