A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis
IEEE Transactions on Computers
Handbook of Applied Cryptography
Handbook of Applied Cryptography
RSA Speedup with Residue Number System Immune against Hardware Fault Cryptanalysis
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
Differential Fault Analysis of Secret Key Cryptosystems
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
IFIP/Sec '93 Proceedings of the IFIP TC11, Ninth International Conference on Information Security: Computer Security
Breaking Public Key Cryptosystems on Tamper Resistant Devices in the Presence of Transient Faults
Proceedings of the 5th International Workshop on Security Protocols
Low Cost Attacks on Tamper Resistant Devices
Proceedings of the 5th International Workshop on Security Protocols
Fault Induction Attacks, Tamper Resistance, and Hostile Reverse Engineering in Perspective
FC '97 Proceedings of the First International Conference on Financial Cryptography
RSA-type Signatures in the Presence of Transient Faults
Proceedings of the 6th IMA International Conference on Cryptography and Coding
Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Tamper resistance: a cautionary note
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
On the importance of checking cryptographic protocols for faults
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
An RSA Implementation Resistant to Fault Attacks and to Simple Power Analysis
IEEE Transactions on Computers
A new and extended fault analysis on RSA
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
An efficient CRT-RSA algorithm secure against power and fault attacks
Journal of Systems and Software
Cryptanalysis of two protocols for RSA with CRT based on fault infection
FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography
Incorporating error detection in an RSA architecture
FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography
Data and computational fault detection mechanism for devices that perform modular exponentiation
FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography
Side channel cryptanalysis on SEED
WISA'04 Proceedings of the 5th international conference on Information Security Applications
Attacking RSA---CRT signatures with faults on montgomery multiplication
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
| Hi-index | 0.00 |
In this paper, some powerful fault attacks will be pointed out which can be used to factorize the RSA modulus if CRT is employed to speedup the RSA computation. These attacks are generic and can be applicable to Shamir's countermeasure and also applicable to a recently published enhanced countermeasure (trying to improve Shamir's method) for RSA with CRT. These two countermeasures share some similar structure in their designs and both suffer from some of the proposed attacks. The first kind of attack proposed in this paper is to induce a fault (which can be either a computational fault or any fault when data being accessed) into an important modulo reduction operation of the above two countermeasures. Note that this hardware fault attack can neither be detected by Shamir's countermeasure nor by the recently announced enhancement. The second kind of attack proposed in this paper considers permanent fault on some stored parameters in the above two countermeasures. The result shows that some permanent faults cannot be detected. Hence, the CRT-based factorization attack still works. The proposed CRT-based fault attacks once again reveals the importance of developing a sound countermeasure against RSA with CRT.