A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis
IEEE Transactions on Computers
RSA Speedup with Residue Number System Immune against Hardware Fault Cryptanalysis
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Power Analysis Attacks of Modular Exponentiation in Smartcards
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
A Timing Attack against RSA with the Chinese Remainder Theorem
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
The Montgomery Powering Ladder
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
A DPA Attack against the Modular Reduction within a CRT Implementation of RSA
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
RSA Speedup with Chinese Remainder Theorem Immune against Hardware Fault Cryptanalysis
IEEE Transactions on Computers
A new CRT-RSA algorithm secure against bellcore attacks
Proceedings of the 10th ACM conference on Computer and communications security
Cryptanalysis of a provably secure CRT-RSA algorithm
Proceedings of the 11th ACM conference on Computer and communications security
An RSA Implementation Resistant to Fault Attacks and to Simple Power Analysis
IEEE Transactions on Computers
How can we overcome both side channel analysis and fault attacks on RSA-CRT?
FDTC '07 Proceedings of the Workshop on Fault Diagnosis and Tolerance in Cryptography
RSA with CRT: A New Cost-Effective Solution to Thwart Fault Attacks
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
Blinded Fault Resistant Exponentiation Revisited
FDTC '09 Proceedings of the 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography
Fault attacks for CRT based RSA: new attacks, new results and new countermeasures
WISTP'07 Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems
CRT RSA algorithm protected against fault attacks
WISTP'07 Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems
Wagner’s attack on a secure CRT-RSA algorithm reconsidered
FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography
Blinded fault resistant exponentiation
FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography
An efficient CRT-RSA algorithm secure against power and fault attacks
Journal of Systems and Software
Hi-index | 0.00 |
CRT-RSA is widely deployed in embedded devices to accelerate the RSA signature generation by about four times compared to regular RSA. However, since the Bellcore attack of 1996, research into securing CRT-RSA has remained active as countermeasures are themselves attacked. In this paper, we propose a new countermeasure designed with a powerful attacker in mind. The attacker may inject multiple precise/random faults and may alter the program counter to skip one or more instructions. The strength of our countermeasure derives from combining signature validation with signature unblinding modulo n.