A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Cryptanalysis of a Fast Public Key Cryptosystem Presented at SAC '97
SAC '98 Proceedings of the Selected Areas in Cryptography
On the Security of RSA Padding
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Universal Padding Schemes for RSA
CRYPTO '02 Proceedings of the 22nd Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Optimal Security Proofs for PSS and Other Signature Schemes
EUROCRYPT '02 Proceedings of the International Conference on the Theory and Applications of Cryptographic Techniques: Advances in Cryptology
RSA-OAEP Is Secure under the RSA Assumption
Journal of Cryptology
Solving Linear Equations Modulo Divisors: On Factoring Given Any Bits
ASIACRYPT '08 Proceedings of the 14th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Practical Cryptanalysis of iso/iec 9796-2 and emv Signatures
CRYPTO '09 Proceedings of the 29th Annual International Cryptology Conference on Advances in Cryptology
Fault Attacks on RSA Signatures with Partially Unknown Messages
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
The exact security of digital signatures-how to sign with RSA and Rabin
EUROCRYPT'96 Proceedings of the 15th annual international conference on Theory and application of cryptographic techniques
An efficient CRT-RSA algorithm secure against power and fault attacks
Journal of Systems and Software
On the joint security of encryption and signature in EMV
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Partial key exposure: generalized framework to attack RSA
INDOCRYPT'11 Proceedings of the 12th international conference on Cryptology in India
Attacking RSA---CRT signatures with faults on montgomery multiplication
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Side channel attack to actual cryptanalysis: breaking CRT-RSA with low weight decryption exponents
CHES'12 Proceedings of the 14th international conference on Cryptographic Hardware and Embedded Systems
Recovering a sum of two squares decomposition
Journal of Symbolic Computation
Hi-index | 0.00 |
At ches 2009, Coron, Joux, Kizhvatov, Naccache and Paillier (cjknp) exhibited a fault attack against rsa signatures with partially known messages. This fault attack allows factoring the public modulus N. While the size of the unknown message part (ump) increases with the number of faulty signatures available, the complexity of cjknp's attack increases exponentially with the number of faulty signatures. This paper describes a simpler attack, whose complexity remains polynomial in the number of faults; consequently, the new attack can handle much larger umps. The new technique can factor N in a fraction of a second using ten faulty emv signatures – a target beyond cjknp's reach. We also show how to apply the attack even when N is unknown, a frequent situation in real-life attacks.