Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis
IEEE Transactions on Computers
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
The Montgomery Powering Ladder
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
A DPA Attack against the Modular Reduction within a CRT Implementation of RSA
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
SPA-Based Adaptive Chosen-Ciphertext Attack on RSA Implementation
PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
RSA Speedup with Chinese Remainder Theorem Immune against Hardware Fault Cryptanalysis
IEEE Transactions on Computers
A new CRT-RSA algorithm secure against bellcore attacks
Proceedings of the 10th ACM conference on Computer and communications security
Cryptanalysis of a provably secure CRT-RSA algorithm
Proceedings of the 11th ACM conference on Computer and communications security
An RSA Implementation Resistant to Fault Attacks and to Simple Power Analysis
IEEE Transactions on Computers
Tamper resistance: a cautionary note
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
How can we overcome both side channel analysis and fault attacks on RSA-CRT?
FDTC '07 Proceedings of the Workshop on Fault Diagnosis and Tolerance in Cryptography
Montgomery Multiplication with Redundancy Check
FDTC '07 Proceedings of the Workshop on Fault Diagnosis and Tolerance in Cryptography
RSA with CRT: A New Cost-Effective Solution to Thwart Fault Attacks
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
In(security) Against Fault Injection Attacks for CRT-RSA Implementations
FDTC '08 Proceedings of the 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography
A New CRT-RSA Scheme Resistant to Power Analysis and Fault Attacks
ICCIT '08 Proceedings of the 2008 Third International Conference on Convergence and Hybrid Information Technology - Volume 02
On Second-Order Fault Analysis Resistance for CRT-RSA Implementations
WISTP '09 Proceedings of the 3rd IFIP WG 11.2 International Workshop on Information Security Theory and Practice. Smart Devices, Pervasive Systems, and Ubiquitous Networks
Fault Attacks on RSA Signatures with Partially Unknown Messages
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
PSS Is Secure against Random Fault Attacks
ASIACRYPT '09 Proceedings of the 15th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Protecting RSA against Fault Attacks: The Embedding Method
FDTC '09 Proceedings of the 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography
On the importance of checking cryptographic protocols for faults
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Fault attacks for CRT based RSA: new attacks, new results and new countermeasures
WISTP'07 Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems
CRT RSA algorithm protected against fault attacks
WISTP'07 Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems
Hardware fault attack on RSA with CRT revisited
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
Safe-error attack on SPA-FA resistant exponentiations using a HW modular multiplier
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
Power analysis for secret recovering and reverse engineering of public key algorithms
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Comparative Power Analysis of Modular Exponentiation Algorithms
IEEE Transactions on Computers
A new CRT-RSA algorithm resistant to powerful fault attacks
WESS '10 Proceedings of the 5th Workshop on Embedded Systems Security
FDTC '10 Proceedings of the 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography
Fault Attacks and Countermeasures on Vigilant's RSA-CRT Algorithm
FDTC '10 Proceedings of the 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography
Mycrypt'05 Proceedings of the 1st international conference on Progress in Cryptology in Malaysia
Fault attacks against EMV signatures
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Relative doubling attack against montgomery ladder
ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
| Hi-index | 0.00 |
RSA digital signatures based on the Chinese Remainder Theorem (CRT) are subject to power and fault attacks. In particular, modular exponentiation and CRT recombination are prone to both attacks. However, earlier countermeasures are susceptible to the possibility of advanced and sophisticated attacks. In this paper, we investigate state-of-the-art countermeasures against power and fault attacks from the viewpoint of security and efficiency. Then, we show possible vulnerabilities to fault attacks. Finally, we propose new modular exponentiation and CRT recombination algorithms secure against all known power and fault attacks. Our proposal improves efficiency by replacing arithmetic operations with logical ones to check errors in the CRT recombination step. In addition, since our CRT-RSA algorithm does not require knowledge of the public exponent, it guarantees a more versatile implementation.