Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis
IEEE Transactions on Computers
Handbook of Applied Cryptography
Handbook of Applied Cryptography
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
On Generation of Probable Primes By Incremental Search
CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Speeding up Prime Number Generation
ASIACRYPT '91 Proceedings of the International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
Efficient Generation of Prime Numbers
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
On the Implementation of a Fast Prime Generation Algorithm
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
A New Side-Channel Attack on RSA Prime Generation
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
On the importance of checking cryptographic protocols for faults
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Fast generation of prime numbers on portable devices: an update
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
Hi-index | 0.00 |
We present several new side-channel attacks against RSA key generation. Our attacks may be combined and are powerful enough to fully reveal RSA primes generated on a tamper-resistant device, unless adequate countermeasures are implemented. More precisely, we describe a DPA attack, a template attack and several fault attacks against prime generation. Our experimental results confirm the practicality of the DPA and template attacks. To the best of our knowledge, these attacks are the first of their kind and demonstrate that basic timing and SPA countermeasures may not be sufficient for high-security applications.