Proceedings ArticleDOI
A new CRT-RSA algorithm secure against bellcore attacks
Johannes Blömer,Martin Otto,Jean-Pierre Seifert +2 more
- pp 311-320
TLDR
This paper describes a new algorithm to prevent fault attacks on RSA signature algorithms using the Chinese Remainder Theorem (CRT-RSA), and proves that the new algorithm is secure against the Bellcore attack.Abstract:
In this paper we describe a new algorithm to prevent fault attacks on RSA signature algorithms using the Chinese Remainder Theorem (CRT-RSA). This variant of the RSA signature algorithm is widely used on smartcards. Smartcards on the other hand are particularly susceptible to fault attacks like the one described in [7]. Recent results have shown that fault attacks are practical and easy to accomplish ([21], [17]).Therefore, they establish a practical need for fault attack protected CRT-RSA schemes. Starting from a careful derivation and classification of fault models, we describe a new variant of the CRT-RSA algorithm. For the most realistic fault model described, we rigorously analyze the success probability of an adversary against our new CRT-RSA algorithm. Thereby, we prove that our new algorithm is secure against the Bellcore attack.read more
Citations
More filters
BookDOI
Fault Analysis in Cryptography
Marc Joye,Michael Tunstall +1 more
TL;DR: This book deals with side-channel analysis and its relevance to fault attacks, which is the first book on this topic and will be of interest to researchers and practitioners engaged with cryptographic engineering.
Journal ArticleDOI
An RSA Implementation Resistant to Fault Attacks and to Simple Power Analysis
TL;DR: This paper focuses on a means to counteract fault attacks by presenting a new way of implementing exponentiation algorithms that can be used to obtain fast FA-resistant RSA signature generations in both the straightforward method and Chinese remainder theorem modes.
Journal ArticleDOI
Hardware Designer's Guide to Fault Attacks
TL;DR: An insight into the field of fault attacks and countermeasures to help the designer to protect the design against this type of implementation attacks and a guide for selecting a set of countermeasures, which provides a sufficient security level to meet the constraints of the embedded devices.
Book ChapterDOI
A Survey on Fault Attacks
TL;DR: What can be achieved nowadays by using fault attacks in a smart card environment is described and attacks on the most popular cryptosystems are described and the problem of induced perturbations in the smart card environments is discussed.
Proceedings ArticleDOI
Fault attacks for CRT based RSA: new attacks, new results and new countermeasures
TL;DR: This paper shows that if an attacker can do a double-fault attack that gives the first fault during one of the exponentiation and the other to skip the error-checking routine, then he can succeed in breaking RSA and proposes a simple and almost cost-free method to defeat it.
References
More filters
Proceedings Article
On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract).
TL;DR: A sound pressure level meter adapted for use in monitoring noise levels, particularly for use by law enforcement agencies wherein the device includes means for providing a logarithmic indication of the root mean square value of ambient sound pressure levels.
Book ChapterDOI
On the importance of checking cryptographic protocols for faults
TL;DR: In this article, the authors present a theoretical model for breaking various cryptographic schemes by taking advantage of random hardware faults, including RSA and Rabin signatures, and also show how various authentication protocols, such as Fiat-Shamir and Schnorr, can be broken using hardware faults.
Tamper resistance: a cautionary note
Ross Anderson,Markus G. Kuhn +1 more
TL;DR: It is concluded that trusting tamper resistance is problematic; smartcards are broken routinely, and even a device that was described by a government signals agency as 'the most secure processor generally available' turns out to be vulnerable.
Book ChapterDOI
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems
TL;DR: This paper generalizes DPA attack to elliptic curve (EC) cryptosystems and describes a DPA on EC Diffie-Hellman key exchange and EC EI-Gamal type encryption that enable to recover the private key stored inside the smart-card.
Book ChapterDOI
Optimal asymmetric encryption
Mihir Bellare,Phillip Rogaway +1 more
TL;DR: A slightly enhanced scheme is shown to have the property that the adversary can create ciphertexts only of strings for which she “knows” the corresponding plaintexts—such a scheme is not only semantically secure but also non-malleable and secure against chosen-ciphertext attack.