Fault attacks on the montgomery powering ladder

Authors:
Jörn-Marc Schmidt;Marcel Medwed
Affiliations:
Graz University of Technology, Institute for Applied Information Processing and Communications, Graz, Austria;Graz University of Technology, Institute for Applied Information Processing and Communications, Graz, Austria and Université catholique de Louvain, Crypto Group, Belgium
Venue:
ICISC'10 Proceedings of the 13th international conference on Information security and cryptology
Year:
2010

Citing 12
Cited 0

Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis

IEEE Transactions on Computers
Handbook of Applied Cryptography

Handbook of Applied Cryptography
Differential Power Analysis

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
The Montgomery Powering Ladder

CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Optical Fault Induction Attacks

CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
A Practical Fault Attack on Square and Multiply

FDTC '08 Proceedings of the 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography
A new fault cryptanalysis on montgomery ladder exponentiation algorithm

Proceedings of the 2nd International Conference on Interaction Sciences: Information Technology, Culture and Human
A Fault Attack on ECDSA

FDTC '09 Proceedings of the 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography
On the importance of checking cryptographic protocols for faults

EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Attacking right-to-left modular exponentiation with timely random faults

FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography
Blinded fault resistant exponentiation

FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography

Quantified Score

Hi-index	0.00

Visualization

Abstract

Security-aware embedded devices which are likely to operate in hostile environments need protection against physical attacks. For the RSA public-key algorithm, protected versions of the Montgomery powering ladder have gained popularity as countermeasures for such attacks. In this paper, we present a general fault attack against RSA implementations which use the Montgomery powering ladder. In a first step, we discuss under which realistic fault assumptions our observation can be used to attack basic implementations. In a second step, we extend our attack to a scenario, where the message is blinded at the beginning of the exponentiation algorithm. To the best of our knowledge this is the first fault attack on a blinded Montgomery powering ladder.