Public-key cryptosystems provably secure against chosen ciphertext attacks
STOC '90 Proceedings of the twenty-second annual ACM symposium on Theory of computing
Attacks on Shamir's “RSA for paranoids”
Information Processing Letters
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis
IEEE Transactions on Computers
On the Power of Misbehaving Adversaries and Security Analysis of the Original EPOC
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
RSA-OAEP Is Secure under the RSA Assumption
CRYPTO '01 Proceedings of the 21st Annual International Cryptology Conference on Advances in Cryptology
Non-Interactive Zero-Knowledge Proof of Knowledge and Chosen Ciphertext Attack
CRYPTO '91 Proceedings of the 11th Annual International Cryptology Conference on Advances in Cryptology
Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1
CRYPTO '98 Proceedings of the 18th Annual International Cryptology Conference on Advances in Cryptology
Why Textbook ElGamal and RSA Encryption Are Insecure
ASIACRYPT '00 Proceedings of the 6th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Breaking Public Key Cryptosystems on Tamper Resistant Devices in the Presence of Transient Faults
Proceedings of the 5th International Workshop on Security Protocols
RSA-type Signatures in the Presence of Transient Faults
Proceedings of the 6th IMA International Conference on Cryptography and Coding
How to Enhance the Security of Public-Key Encryption at Minimum Cost
PKC '99 Proceedings of the Second International Workshop on Practice and Theory in Public Key Cryptography
On the importance of checking cryptographic protocols for faults
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
The Montgomery Powering Ladder
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
RSA Speedup with Chinese Remainder Theorem Immune against Hardware Fault Cryptanalysis
IEEE Transactions on Computers
A new CRT-RSA algorithm secure against bellcore attacks
Proceedings of the 10th ACM conference on Computer and communications security
On the implementation of the advanced encryption standard on a public-key crypto-coprocessor
CARDIS'02 Proceedings of the 5th conference on Smart Card Research and Advanced Application Conference - Volume 5
Differential fault analysis on the ARIA algorithm
Information Sciences: an International Journal
Secret External Encodings Do Not Prevent Transient Fault Analysis
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
An adversarial model for fault analysis against low-cost cryptographic devices
FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography
| Hi-index | 0.00 |
In this paper we show that, paradoxically, what looks like a "universal improvement" or a "straight-forward improvement" which enables better security and better reliability on a theoretical level, may in fact, within certain operational contexts, introduce new exposures and attacks, resulting in a weaker operational cryptosystem. We demonstrate a number of such dangerous "improvements". This implies that careful considerations should be given to the fact that an implemented cryptosystem exists within certain operational environments (which may enable certain types of tampering and other observed information channels via faults, side-channel attacks or behavior of system operators). We use our case studies to draw conclusions about certain investigations required in studying implementations and suggested improvements of cryptosystems; looking at them in the context of their operating environments (combined with their potential adversarial settings). We call these investigations observability analysis.