Cryptanalysis of two protocols for RSA with CRT based on fault infection

Authors:
Sung-Ming Yen;Dongryeol Kim;SangJae Moon
Affiliations:
Laboratory of Cryptography and Information Security (LCIS), Department of Computer Science and Information Engineering, National Central University, Chung-Li, Taiwan, R.O.C.;Strategy Development Team, Information Security Policy Division, Korea Information Security Agency, Seoul, Korea;School of Electronic and Electrical Engineering, Kyungpook National University, Taegu, Korea
Venue:
FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography
Year:
2006

Citing 11
Cited 2

A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis

IEEE Transactions on Computers
Handbook of Applied Cryptography

Handbook of Applied Cryptography
Differential Fault Analysis of Secret Key Cryptosystems

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Breaking Public Key Cryptosystems on Tamper Resistant Devices in the Presence of Transient Faults

Proceedings of the 5th International Workshop on Security Protocols
Fault Induction Attacks, Tamper Resistance, and Hostile Reverse Engineering in Perspective

FC '97 Proceedings of the First International Conference on Financial Cryptography
RSA-type Signatures in the Presence of Transient Faults

Proceedings of the 6th IMA International Conference on Cryptography and Coding
Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures

CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
RSA Speedup with Chinese Remainder Theorem Immune against Hardware Fault Cryptanalysis

IEEE Transactions on Computers
On the importance of checking cryptographic protocols for faults

EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Hardware fault attack on RSA with CRT revisited

ICISC'02 Proceedings of the 5th international conference on Information security and cryptology

DSA Signature Scheme Immune to the Fault Cryptanalysis

CARDIS '08 Proceedings of the 8th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
On Second-Order Fault Analysis Resistance for CRT-RSA Implementations

WISTP '09 Proceedings of the 3rd IFIP WG 11.2 International Workshop on Information Security Theory and Practice. Smart Devices, Pervasive Systems, and Ubiquitous Networks

Quantified Score

Hi-index	0.06

Visualization

Abstract

The technique of RSA private computation speedup by using Chinese Remainder Theorem (CRT) is well known and has already been widely employed in almost all RSA implementations. A recent CRT-based factorization attack exploiting hardware fault has received growing attention because of its potential vulnerability on most existing implementations. In this attack any single erroneous computation will make the RSA system be vulnerable to factorizing the public modulus. Recently, two hardware fault immune protocols for CRT speedup on RSA private computation were reported based on the concept of fault infective computation. A special property of these two protocols is that they do not assume the existence of totally fault free and tamper free comparison operation within the machine in order to enhance the reliability. However, it will be shown in this paper that these two protocols are still vulnerable to a potential computational fault attack on an auxiliary process that was not considered in the usual CRT-based factorization attack.