PSS Is Secure against Random Fault Attacks

Authors:
Jean-Sébastien Coron;Avradip Mandal
Affiliations:
University of Luxembourg,;University of Luxembourg,
Venue:
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Year:
2009

Citing 8
Cited 3

A digital signature scheme secure against adaptive chosen-message attacks

SIAM Journal on Computing - Special issue on cryptography
Random oracles are practical: a paradigm for designing efficient protocols

CCS '93 Proceedings of the 1st ACM conference on Computer and communications security
The random oracle methodology, revisited (preliminary version)

STOC '98 Proceedings of the thirtieth annual ACM symposium on Theory of computing
A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
Cryptanalysis of a Fast Public Key Cryptosystem Presented at SAC '97

SAC '98 Proceedings of the Selected Areas in Cryptography
Optimal Security Proofs for PSS and Other Signature Schemes

EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Fault Attacks on RSA Signatures with Partially Unknown Messages

CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
The exact security of digital signatures-how to sign with RSA and Rabin

EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques

On the impossibility of instantiating PSS in the standard model

PKC'11 Proceedings of the 14th international conference on Practice and theory in public key cryptography conference on Public key cryptography
An efficient CRT-RSA algorithm secure against power and fault attacks

Journal of Systems and Software
Attacking RSA---CRT signatures with faults on montgomery multiplication

CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

A fault attack consists in inducing hardware malfunctions in order to recover secrets from electronic devices. One of the most famous fault attack is Bellcore's attack against RSA with CRT; it consists in inducing a fault modulo p but not modulo q at signature generation step; then by taking a gcd the attacker can recover the factorization of N = pq . The Bellcore attack applies to any encoding function that is deterministic, for example FDH. Recently, the attack was extended to randomized encodings based on the iso/iec 9796-2 signature standard. Extending the attack to other randomized encodings remains an open problem. In this paper, we show that the Bellcore attack cannot be applied to the PSS encoding; namely we show that PSS is provably secure against random fault attacks in the random oracle model, assuming that inverting RSA is hard.