Handbook of Applied Cryptography
Handbook of Applied Cryptography
Differential Fault Attacks on Elliptic Curve Cryptosystems
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
On the (Im)possibility of Obfuscating Programs
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
A new CRT-RSA algorithm secure against bellcore attacks
Proceedings of the 10th ACM conference on Computer and communications security
Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults
Designs, Codes and Cryptography
On authenticated computing and RSA-based authentication
Proceedings of the 12th ACM conference on Computer and communications security
The Black Art of Xbox Mods
Why one should also secure RSA public key elements
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
An adversarial model for fault analysis against low-cost cryptographic devices
FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography
Structure-Based RSA fault attacks
ISPEC'12 Proceedings of the 8th international conference on Information Security Practice and Experience
Hi-index | 0.01 |
Only very recently, the study of introducing faults into the public-key elements of the RSA signature scheme was initiated. Following the seminal work of Seifert on fault inductions during the RSA signature verification, Brier, Chevallier-Mames, Ciet, and Clavier considered in a recent paper the signature counterpart and showed how to recover the private exponent — even with absolutely no knowledge of the fault’s behavior. Consequently, this paper reconsiders the RSA signature verification and proposes two embassaring simple new fault attacks against the RSA verification process. Despite their trivial nature, both of our methods bear heavy practical consequences. While the first new attack of our methods simply eliminates the “somehow cumbersome” and subtle mathematical two-phase attack analysis of Seifert’s attack, the second methodology removes the so called “one-shot success” of Seifert’s attack and paves the way for a permanent and universal “mass-market” RSA signature forgery. Motivated by the obvious security threats through tampering attacks during the RSA verification process we will also consider some heuristic but practical countermeasures.