A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis
IEEE Transactions on Computers
Handbook of Applied Cryptography
Handbook of Applied Cryptography
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Differential Fault Analysis of Secret Key Cryptosystems
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
IFIP/Sec '93 Proceedings of the IFIP TC11, Ninth International Conference on Information Security: Computer Security
Breaking Public Key Cryptosystems on Tamper Resistant Devices in the Presence of Transient Faults
Proceedings of the 5th International Workshop on Security Protocols
Low Cost Attacks on Tamper Resistant Devices
Proceedings of the 5th International Workshop on Security Protocols
Fault Induction Attacks, Tamper Resistance, and Hostile Reverse Engineering in Perspective
FC '97 Proceedings of the First International Conference on Financial Cryptography
RSA-type Signatures in the Presence of Transient Faults
Proceedings of the 6th IMA International Conference on Cryptography and Coding
A Timing Attack against RSA with the Chinese Remainder Theorem
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
Montgomery Exponentiation with no Final Subtractions: Improved Results
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
Tamper resistance: a cautionary note
WOEC'96 Proceedings of the 2nd conference on Proceedings of the Second USENIX Workshop on Electronic Commerce - Volume 2
On the importance of checking cryptographic protocols for faults
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
A new CRT-RSA algorithm secure against bellcore attacks
Proceedings of the 10th ACM conference on Computer and communications security
Memories: A Survey of Their Secure Uses in Smart Cards
SISW '03 Proceedings of the Second IEEE International Security in Storage Workshop
Cryptanalysis of a provably secure CRT-RSA algorithm
Proceedings of the 11th ACM conference on Computer and communications security
An RSA Implementation Resistant to Fault Attacks and to Simple Power Analysis
IEEE Transactions on Computers
On the implementation of the advanced encryption standard on a public-key crypto-coprocessor
CARDIS'02 Proceedings of the 5th conference on Smart Card Research and Advanced Application Conference - Volume 5
RSA with CRT: A New Cost-Effective Solution to Thwart Fault Attacks
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
Permanent fault attack on the parameters of RSA with CRT
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
Fault attacks for CRT based RSA: new attacks, new results and new countermeasures
WISTP'07 Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems
CRT RSA algorithm protected against fault attacks
WISTP'07 Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems
Hardware fault attack on RSA with CRT revisited
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
Safe-error attack on SPA-FA resistant exponentiations using a HW modular multiplier
ICISC'07 Proceedings of the 10th international conference on Information security and cryptology
A new CRT-RSA algorithm resistant to powerful fault attacks
WESS '10 Proceedings of the 5th Workshop on Embedded Systems Security
Combined implementation attack resistant exponentiation
LATINCRYPT'10 Proceedings of the First international conference on Progress in cryptology: cryptology and information security in Latin America
To infinity and beyond: combined attack on ECC using points of low order
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
A CRT-based RSA countermeasure against physical cryptanalysis
HPCC'05 Proceedings of the First international conference on High Performance Computing and Communications
Wagner’s attack on a secure CRT-RSA algorithm reconsidered
FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography
Hi-index | 0.00 |
This article considers the problem of how to prevent the fast RSA signature and decryption computation with residue number system (or called the CRT-based approach) speedup from a hardware fault cryptanalysis in a highly reliable and efficient approach. The CRT-based speedup for RSA signature has been widely adopted as an implementation standard ranging from large servers to very tiny smart IC cards. However, given a single erroneous computation result, a hardware fault cryptanalysis can totally break the RSA system by factoring the public modulus. Some countermeasures by using a simple verification function (e.g., raising a signature to the power of public key) or fault detection (e.g., an expanded modulus approach) have been reported in the literature, however it will be pointed out in this paper that very few of these existing solutions are both sound and efficient. Unreasonably, in these methods, they assume that a comparison instruction will always be fault free when developing countermeasures against hardware fault cryptanalysis. Researches show that the expanded modulus approach proposed by Shamir is superior to the approach of using a simple verification function when other physical cryptanalysis (e.g., timing cryptanalysis) is considered. So, we intend to improve Shamir's method. In this paper, the new concept of fault infective CRT computation and fault infective CRT recombination are proposed. Based on the new concept, two novel protocols are developed with rigorous proof of security. Two possible parameter settings are provided for the protocols. One setting is to select a small public key e and the proposed protocols can have comparable performance to Shamir's scheme. The other setting is to have better performance than Shamir's scheme (i.e., having comparable performance to conventional CRT speedup) but with a large public key. Most importantly, we wish to emphasize the importance of developing and proving the security of physically secure protocols without relying on unreliable or unreasonable assumptions, e.g., always fault free instructions.