Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis
IEEE Transactions on Computers
Enhanced Montgomery Multiplication
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Arithmetic Algorithms for Error-Coded Operands
IEEE Transactions on Computers
Hardware fault attack on RSA with CRT revisited
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
Hi-index | 0.00 |
Fault attacks have become an efficient methodology for extracting secrets stored in embedded devices, and proper countermeasures against such attacks are nowadays considered necessary. This paper describes a simple method for foiling transient fault attacks on devices that perform modular exponentiation with a secret exponent. In the considered scenario, acknowledging an error only at the end of the computations leaks out secret information, and should be avoided. To tackle this difficulty, we propose a scheme that checks, independently, each step (i.e., multiplication/squaring) of the exponentiation algorithm, and aborts the procedure as soon as an error is detected, without completing the computation.