A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Cryptanalysis of a Fast Public Key Cryptosystem Presented at SAC '97
SAC '98 Proceedings of the Selected Areas in Cryptography
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Optimal Security Proofs for PSS and Other Signature Schemes
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
The Two Faces of Lattices in Cryptology
CaLC '01 Revised Papers from the International Conference on Cryptography and Lattices
On authenticated computing and RSA-based authentication
Proceedings of the 12th ACM conference on Computer and communications security
An RSA Implementation Resistant to Fault Attacks and to Simple Power Analysis
IEEE Transactions on Computers
RSA with CRT: A New Cost-Effective Solution to Thwart Fault Attacks
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
Perturbating RSA Public Keys: An Improved Attack
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
Fault Attacks on RSA Public Keys: Left-To-Right Implementations Are Also Vulnerable
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
Securing RSA against Fault Analysis by Double Addition Chain Exponentiation
CT-RSA '09 Proceedings of the The Cryptographers' Track at the RSA Conference 2009 on Topics in Cryptology
Fault Attacks on RSA Signatures with Partially Unknown Messages
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
CRT RSA algorithm protected against fault attacks
WISTP'07 Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems
Public key perturbation of randomized RSA implementations
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Seifert's RSA fault attack: simplified analysis and generalizations
ICICS'06 Proceedings of the 8th international conference on Information and Communications Security
Why one should also secure RSA public key elements
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
Attacking RSA---CRT signatures with faults on montgomery multiplication
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Side channel attack to actual cryptanalysis: breaking CRT-RSA with low weight decryption exponents
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
| Hi-index | 0.00 |
RSA-CRT fault attacks have been an active research area since their discovery by Boneh, DeMillo and Lipton in 1997. We present alternative key-recovery attacks on RSA-CRT signatures: instead of targeting one of the sub-exponentiations in RSA-CRT, we inject faults into the public modulus before CRT interpolation, which makes a number of countermeasures against Boneh et al.'s attack ineffective. Our attacks are based on orthogonal lattice techniques and are very efficient in practice: depending on the fault model, between 5 to 45 faults suffice to recover the RSA factorization within a few seconds. Our simplest attack requires that the adversary knows the faulty moduli, but more sophisticated variants work even if the moduli are unknown, under reasonable fault models. All our attacks have been fully validated experimentally with fault-injection laser techniques.