Journal ArticleDOI
RSA speedup with Chinese remainder theorem immune against hardware fault cryptanalysis
Reads0
Chats0
TLDR
This article considers the problem of how to prevent RSA signature and decryption computation with a residue number system (CRT-based approach) speedup from a hardware fault cryptanalysis in a highly reliable and efficient approach and proposes two novel protocols that have comparable performance to Shamir's scheme.Abstract:
This article considers the problem of how to prevent RSA signature and decryption computation with a residue number system (CRT-based approach) speedup from a hardware fault cryptanalysis in a highly reliable and efficient approach. CRT-based speedup for an RSA signature has been widely adopted as an implementation standard ranging from large servers to very tiny smart IC cards. However, given a single erroneous computation result, hardware fault cryptanalysis can totally break the RSA system by factoring the public modulus. Countermeasures using a simple verification function (e.g., raising a signature to the power of a public key) or fault detection (e.g., an expanded modulus approach) have been reported in the literature; however, it is pointed out that very few of these existing solutions are both sound and efficient. Unreasonably, in these methods, they assume that a comparison instruction will always be fault-free when developing countermeasures against hardware fault cryptanalysis. Research shows that the expanded modulus approach proposed by Shamir (1997, 1999) is superior to the approach using a simple verification function when another physical cryptanalysis (e.g., timing cryptanalysis) is considered. So, we intend to improve Shamir's method. In this paper, the new concepts of fault infective CRT computation and fault infective CRT recombination are proposed. Based on the new concepts, two novel protocols are developed with a rigorous proof of security. Two possible parameter settings are provided for the protocols. One setting selects a small public key and the proposed protocols can have comparable performance to Shamir's scheme. The other setting has better performance than Shamir's scheme (i.e., having comparable performance to conventional CRT speedup), but with a large public key. Most importantly, we wish to emphasize the importance of developing and proving the security of physically secure protocols without relying on unreliable or unreasonable assumptions, e.g., always fault-free instructions. In this paper, related protocols are also considered and carefully examined to point out possible weaknesses.read more
Citations
More filters
Journal ArticleDOI
Fault Injection Attacks on Cryptographic Devices: Theory, Practice, and Countermeasures
TL;DR: A comprehensive description of fault injection attacks on cryptographic devices and the countermeasures that have been developed against them and a discussion on the interaction between fault injections and the corresponding countermeasures and power analysis attacks.
Journal ArticleDOI
Hardware Designer's Guide to Fault Attacks
TL;DR: An insight into the field of fault attacks and countermeasures to help the designer to protect the design against this type of implementation attacks and a guide for selecting a set of countermeasures, which provides a sufficient security level to meet the constraints of the embedded devices.
Dissertation
New RSA Vulnerabilities Using Lattice Reduction Methods
TL;DR: Die vorliegende Arbeit zeigt, dass ein Angreifer die Faktorisierung in polynomieller Zeit finden kann, falls e eine spezielle Form hat oder der Angreiser in den Besitz eines Bruchteils der Bits des geheimen Schlüssels d gelangt.
Proceedings ArticleDOI
Fault attacks for CRT based RSA: new attacks, new results and new countermeasures
TL;DR: This paper shows that if an attacker can do a double-fault attack that gives the first fault during one of the exponentiation and the other to skip the error-checking routine, then he can succeed in breaking RSA and proposes a simple and almost cost-free method to defeat it.
Posted Content
Sign Change Fault Attacks On Elliptic Curve Cryptosystems.
TL;DR: This paper presents a new type of fault attacks on elliptic curve scalar multiplications: Sign Change Attacks, which produces points which do not leave the curve and are not easily detected.
References
More filters
Journal ArticleDOI
A method for obtaining digital signatures and public-key cryptosystems
TL;DR: An encryption method is presented with the novel property that publicly revealing an encryption key does not thereby reveal the corresponding decryption key.
Book
Handbook of Applied Cryptography
TL;DR: A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of information and includes more than 200 algorithms and protocols.
Journal ArticleDOI
A public key cryptosystem and a signature scheme based on discrete logarithms
TL;DR: A new signature scheme is proposed, together with an implementation of the Diffie-Hellman key distribution scheme that achieves a public key cryptosystem that relies on the difficulty of computing discrete logarithms over finite fields.
Book ChapterDOI
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
TL;DR: By carefully measuring the amount of time required to perform private key operalions, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems.