• DocumentCode
    2581414
  • Title

    In(security) Against Fault Injection Attacks for CRT-RSA Implementations

  • Author

    Berzati, Alexandre ; Canovas, C. ; Goubin, Louis

  • Author_Institution
    CEA-LETI/MINATEC, Grenoble
  • fYear
    2008
  • fDate
    10-10 Aug. 2008
  • Firstpage
    101
  • Lastpage
    107
  • Abstract
    Since its invention in 1977, the celebrated RSA primitive has remained unbroken from a mathematical point of view, and has been widely used to build provably secure encryption or signature protocols. However, the introduction in 1996 of a new model of attacks - based on fault injections - by Boneh, deMillo and Lipton suggests the use of specific countermeasures to obtain a secure RSA implementation. In the special case of CRT implementations, many protections have been proposed and most of them have been proven insufficient to ensure resistance against DFA. In the present paper, we show that the Ciet-Joye method proposed in FDTC´2005 [10] does not completely prevent fault injection attacks: for a CRT-RSA with a 1024-bit modulus, we show that 13 faulty signatures are enough to recover the secret exponent with a probability greater than 50%, which can be improved to 99% with 83 faulty signatures.
  • Keywords
    cryptography; digital signatures; protocols; CRT-RSA implementations; fault injection attacks; faulty signatures; secure encryption; signature protocols; Cathode ray tubes; Cryptography; Doped fiber amplifiers; Fault diagnosis; Performance analysis; Protection; Protocols; Public key; Security; Warranties; CRT-RSA; countermeasures; fault attacks;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Fault Diagnosis and Tolerance in Cryptography, 2008. FDTC '08. 5th Workshop on
  • Conference_Location
    Washington, DC
  • Print_ISBN
    978-0-7695-3314-8
  • Type

    conf

  • DOI
    10.1109/FDTC.2008.9
  • Filename
    4599563
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=2581414