Fault attacks against EMV signatures

Authors:
Jean-Sébastien Coron;David Naccache;Mehdi Tibouchi
Affiliations:
Université du Luxembourg, Luxembourg;Département d'informatique, Groupe de Cryptographie, École normale supérieure, Paris Cedex 05, France;Département d'informatique, Groupe de Cryptographie, École normale supérieure, Paris Cedex 05, France
Venue:
CT-RSA'10 Proceedings of the 2010 international conference on Topics in Cryptology
Year:
2010

Citing 11
Cited 6

A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
Cryptanalysis of a Fast Public Key Cryptosystem Presented at SAC '97

SAC '98 Proceedings of the Selected Areas in Cryptography
On the Security of RSA Padding

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Universal Padding Schemes for RSA

CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
Merkle-Hellman Revisited: A Cryptoanalysis of the Qu-Vanstone Cryptosystem Based on Group Factorizations

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Optimal Security Proofs for PSS and Other Signature Schemes

EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
RSA-OAEP Is Secure under the RSA Assumption

Journal of Cryptology
Solving Linear Equations Modulo Divisors: On Factoring Given Any Bits

ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Practical Cryptanalysis of iso/iec 9796-2 and emv Signatures

CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Fault Attacks on RSA Signatures with Partially Unknown Messages

CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
The exact security of digital signatures-how to sign with RSA and Rabin

EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques

An efficient CRT-RSA algorithm secure against power and fault attacks

Journal of Systems and Software
On the joint security of encryption and signature in EMV

CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Partial key exposure: generalized framework to attack RSA

INDOCRYPT'11 Proceedings of the 12th international conference on Cryptology in India
Attacking RSA---CRT signatures with faults on montgomery multiplication

CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Side channel attack to actual cryptanalysis: breaking CRT-RSA with low weight decryption exponents

CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Recovering a sum of two squares decomposition

Journal of Symbolic Computation

Quantified Score

Hi-index	0.00

Visualization

Abstract

At ches 2009, Coron, Joux, Kizhvatov, Naccache and Paillier (cjknp) exhibited a fault attack against rsa signatures with partially known messages. This fault attack allows factoring the public modulus N. While the size of the unknown message part (ump) increases with the number of faulty signatures available, the complexity of cjknp's attack increases exponentially with the number of faulty signatures. This paper describes a simpler attack, whose complexity remains polynomial in the number of faults; consequently, the new attack can handle much larger umps. The new technique can factor N in a fraction of a second using ten faulty emv signatures – a target beyond cjknp's reach. We also show how to apply the attack even when N is unknown, a frequent situation in real-life attacks.