Data and computational fault detection mechanism for devices that perform modular exponentiation

Authors:
Shay Gueron
Affiliations:
Applied Security Research Group, The Center for Computational Mathematics and Scientific Computation, University of Haifa, Haifa, Israel
Venue:
FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography
Year:
2006

Citing 5
Cited 0

Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis

IEEE Transactions on Computers
Enhanced Montgomery Multiplication

CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures

CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Arithmetic Algorithms for Error-Coded Operands

IEEE Transactions on Computers
Hardware fault attack on RSA with CRT revisited

ICISC'02 Proceedings of the 5th international conference on Information security and cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

Fault attacks have become an efficient methodology for extracting secrets stored in embedded devices, and proper countermeasures against such attacks are nowadays considered necessary. This paper describes a simple method for foiling transient fault attacks on devices that perform modular exponentiation with a secret exponent. In the considered scenario, acknowledging an error only at the end of the computations leaks out secret information, and should be avoided. To tackle this difficulty, we propose a scheme that checks, independently, each step (i.e., multiplication/squaring) of the exponentiation algorithm, and aborts the procedure as soon as an error is detected, without completing the computation.