RSA key generation: new attacks

Authors:
Camille Vuillaume;Takashi Endo;Paul Wooderson
Affiliations:
Renesas Electronics, Tokyo, Japan;Renesas Electronics, Tokyo, Japan;Renesas Electronics, Bourne End, UK
Venue:
COSADE'12 Proceedings of the Third international conference on Constructive Side-Channel Analysis and Secure Design
Year:
2012

Citing 11
Cited 0

Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis

IEEE Transactions on Computers
Handbook of Applied Cryptography

Handbook of Applied Cryptography
Differential Power Analysis

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
On Generation of Probable Primes By Incremental Search

CRYPTO '92 Proceedings of the 12th Annual International Cryptology Conference on Advances in Cryptology
Speeding up Prime Number Generation

ASIACRYPT '91 Proceedings of the International Conference on the Theory and Applications of Cryptology: Advances in Cryptology
Efficient Generation of Prime Numbers

CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
Template Attacks

CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
On the Implementation of a Fast Prime Generation Algorithm

CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
A New Side-Channel Attack on RSA Prime Generation

CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
On the importance of checking cryptographic protocols for faults

EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Fast generation of prime numbers on portable devices: an update

CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

We present several new side-channel attacks against RSA key generation. Our attacks may be combined and are powerful enough to fully reveal RSA primes generated on a tamper-resistant device, unless adequate countermeasures are implemented. More precisely, we describe a DPA attack, a template attack and several fault attacks against prime generation. Our experimental results confirm the practicality of the DPA and template attacks. To the best of our knowledge, these attacks are the first of their kind and demonstrate that basic timing and SPA countermeasures may not be sufficient for high-security applications.