Hacking the Xbox: An Introduction to Reverse Engineering
Hacking the Xbox: An Introduction to Reverse Engineering
On authenticated computing and RSA-based authentication
Proceedings of the 12th ACM conference on Computer and communications security
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
Experimenting with faults, lattices and the DSA
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Modulus fault attacks against RSA-CRT signatures
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Fault analysis of the NTRUSign digital signature scheme
Cryptography and Communications
Hi-index | 0.00 |
Seifert (ACM CCS 2005) recently described a new fault attack against an implementation of RSA signature verification. Seifert's attack differs from the seminal work of Boneh, DeMillo and Lipton (EUROCRYPT 1997) in that it targets a public-key rather than a private-key operation. Here we give a simplified analysis of Seifert's attack and gauge its practicality against RSA moduli of practical sizes. Our intent is to give practice-oriented work estimates rather than asymptotic results. We also suggest an improvement to Seifert's attack which has the following consequences: If an adversary is able to cause random faults in only 4 bits of a 1024-bit RSA modulus stored in a device, then there is a greater than 50% chance that they will be able to make that device accept a signature on a message of their choice. For 2048-bit RSA, 6 bits suffice.