Protecting RSA against fault attacks: The embedding method

Fault Diagnosis and Tolerance in Cryptography - Proceedings of the 6th International Workshop, FDTC 2009

Volumn , Issue , 2009, Pages 41-45

  Joye, Marc ^a  

^a FCA UNESP   (Brazil)

Author keywords

Countermeasures; Fault attacks; RSA cryptosystem

Indexed keywords

EMBEDDING METHOD; FAULT ATTACK; PRIVATE KEY; RSA CRYPTOSYSTEMS; SECURE IMPLEMENTATION;

CRYPTOGRAPHY; FAILURE ANALYSIS; FAULT TOLERANCE; QUALITY ASSURANCE; TECHNICAL PRESENTATIONS;

FAULT DETECTION;

EID: 77950971337     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/FDTC.2009.32     Document Type: Conference Paper

References (38)

1. C. Aumüler, P. Bier, W. Fischer, P. Hofreiter, and J-P. Seifert. Fault attack on RSA with CRT: Concrete results and practical countermeasures. In Cryptographic Hardware and Embedded Systems - CHES 2002, volume 2523 of Lecture Notes in Computer Science, pages 260-275. Springer-Verlag, 2002.
2. M. Bellare and P. Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In 1st ACM Conference on Computer and Communications Security, pages 62-73. ACM Press, 1993.
3. M. Bellare and P. Rogaway. Optimal asymmetric encryption - How to encrypt with RSA. In Advances in Cryptology EUROCRYPT '94, volume 950 of Lecture Notes in Computer Science, pages 92-111. Springer-Verlag, 1995.
4. M. Bellare and P. Rogaway. The exact security of digital signatures - How to sign with RSA and Rabin. In Advances in Cryptology - EUROCRYPT '96, volume 1070 of Lecture Notes in Computer Science, pages 399-416. Springer-Verlag, 1996.
5. A. Berzati, C. Canovas, and L. Goubin. (In)security against fault injection attacks for CRT-RSA implementations. 5th Workshop on Fault Diagnosis and Tolerance in Cryptography - FDTC 2008, pages 101-107. IEEE Computer Society Press, 2008.
6. D. Boneh, R.A. DeMillo, and R.J. Lipton. On the importance of eliminating errors in cryptographic computations. Journal of Cryptology 14(2): 101-119, 2001. Extended abstract in Proc. of EUROCRYPT'97.
7. H. Bar-El, H. Choukri, D. Naccache, M. Tunstall, and C. Whelan. The sorcerer's apprentice guide to fault attacks. Proceedings the IEEE 94(2):370-382, 2006. Earlier version in Proc. of FDTC 2004.
8. J. Blömer and M. Otto. Wagner's Attack on a secure CRT-RSA algorithm reconsidered. In Fault Diagnosis and Tolerance in Cryptography (FDTC 2006), volume 4236 of Lecture Notes in Computer Science, pages 13-23. Springer-Verlag, 2006.
9. J. Blömer, M. Otto, and J-P. Seifert. A new CRT-RSA algorithm secure against Bellcore attack. In 10th ACM Conference on Computer and Communications Security (CCS 2003), pages 311-320. ACM Press, 2003.
10. A. Boscher, R. Naciri, and E. Prouff. CRT RSA algorithm protected against fault attacks. In Information Security Theory and Practices. Smart Cards, Mobile and Ubiquitous Computing Systems (WISTP 2007), volume 4462 of Lecture Notes in Computer Science, pages 229-243. Springer-Verlag, 2007.
11. M. Ciet and M. Joye. Practical fault countermeasures for Chinese remaindering based RSA. In 2nd Workshop Fault Diagnosis and Tolerance in Cryptography (FDTC 2005), pages 124-132, 2005.
12. J.-S. Coron. Resistance against differential power analysis for elliptic curve cryptosystems. In Cryptographic Hardware and Embedded Systems - CHES '99, volume 1717 of Lecture Notes in Computer Science, pages 292-302. Springer-Verlag, 1999.
13. W. Fischer and J.-P. Seifert. Note on fast computation of secret RSA exponents. In Information Security and Privacy (ACISP 2002), volume 2384 of Lecture Notes in Computer Science, pages 136-143. Springer-Verlag, 2002.
14. G. Fumaroli and D. Vigilant. Blinded fault resistant exponentiation. In Fault Diagnosis and Tolerance in Cryptography (FDTC 2006), volume 4236 of Lecture Notes in Computer Science, pages 62-70. Springer-Verlag, 2006.
15. C. Giraud. An RSA implementation resistant to fault attacks and simple power analysis. IEEE Transactions on Computers 55(9): 1116-1120, 2006. Extended abstract in Proc. of FDTC 2005. (Pubitemid 44263810)
16. C. Giraud and H. Thiebeauld. A survey on fault attacks. In J.-J. Quisquater et al., editors, Smart Card Research and Advanced Applications VI (CARDIS 2004), pages 159-176. Kluwer Academic Publishers, 2004.
17. S. Goldwasser and S. Micali. Probabilistic encryption. Journal of Computer and Systems Sciences 28(2): 270-299, 1984.
18. M. Joye. RSA moduli with a predetermined portion: Techniques and applications. In Information Security Practice and Experience (ISPEC 2008), volume 4991 of Lecture Notes in Computer Science, pages 116-130, Springer-Verlag, 2008.
19. M. Joye, A. Lenstra, and J-J. Quisquater. Chinese remaindering based cryptosystems in the presence of faults. Journal of Cryptology 12(4): 241-245, 1999.
20. M. Joye and P. Paillier. Efficient generation of prime numbers on portable devices: An update. In Cryptographic Hardware and Embedded Systems - CHES 2006, volume 4249 of Lecture Notes in Computer Science, pages 160-173. Springer-Verlag, 2006.
21. M. Joye, P. Paillier, and S. Vaudenay. Efficient generation of prime numbers. In Cryptographic Hardware and Embedded Systems - CHES 2000, volume 1965 of Lecture Notes in Computer Science, pages 340-354. Springer-Verlag, 2000.
22. M. Joye, P. Paillier, and S-M. Yen. Secure evaluation of modular functions. In 2001 International Workshop on Cryptology and Network Security, pages 227-229, Taipei, Taiwan, 2001.
23. M. Joye and S.-M. Yen. The Montgomery powering ladder. In Cryptographic Hardware and Embedded Systems - CHES 2002, volume 2523 of Lecture Notes in Computer Science, pages 291-302. Springer-Verlag, 2002.
24. B.S. Kaliski Jr. and M.J.B. Robshaw. Comments on some new attacks on cryptographic devices. RSA Laboratories ' Bulletin, no.5, July 14, 1997.
25. C.H. Kim and J.-J. Quisquater. How can we overcome both side channel analysis and fault attacks on RSA-CRT? In 4th Workshop on Fault Diagnosis and Tolerance in Cryptography - FDTC 2007, pages 21-29. IEEE Computer Society Press, 2007.
26. A. Lenstra. Generating RSA moduli with a predetermined portion. In Advances in Cryptology - ASIACRYPT '98, volume 1514 of Lecture Notes in Computer Science, pages 1-10. Springer-Verlag, 1998.
27. P.L. Montgomery. Speeding up the Pollard and elliptic curve methods of factorization. Mathematics of Computation 48(177): 243-264, 1987.
28. J.-J. Quisquater and C. Couvreur. Fast decipherment algorithm for public-key RSA cryptosystem. Electronics Letters 18(21): 905-907, 1982. (Pubitemid 13444692)
29. C. Rackoff and D. Simon. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In Advances in Cryptology - CRYPTO '91, volume 576 of Lecture Notes in Computer Science, pages 433-444. Springer-Verlag, 1992.
30. M. Rivain. Securing RSA against fault analysis by double addition chain exponentiation. Topics in Cryptology - CTRSA 2009, volume 5473 of Lecture Notes in Computer Science, pages 459-480. Springer-Verlag, 2009.
31. R.L. Rivest, A. Shamir, and L.M. Adleman. A method for obtaining digital signature and public-key cryptosystems. Communications of the ACM 21(2): 120-126, 1978.
32. A. Shamir. Improved method and apparatus for protecting public key schemes from timing and fault attacks. US Patent, November 1999. Also presented at the Rump Session of EROCRYPT'97, 1997.
33. Sun Microsystems Inc. Application Programming Interface, Java Card™ Platform, Version 2.2.2, March 2006. Available at URL http://java.sun.com/ products/javacard/specs.html.
34. D. Vigilant. RSA with CRT: A new cost-effective solution to thwart fault attacks. In Cryptographic Hardware and Embedded Systems - CHES 2008, volume 5154 of Lecture Notes in Computer Science, pages 130-145. Springer-Verlag, 2008.
35. D. Wagner. Cryptanalysis of a provably secure CRT-RSA algorithm. In 11th ACM Conference on Computer and Communications Security (CCS 2004), pages 92-97. ACM Press, 2004.
36. S-M. Yen and D. Kim. Cryptanalysis of two protocols for RSA with CRT based on fault infection. In Fault Diagnosis and Tolerance in Cryptography (FDTC 2004), pages 381-385. IEEE Computer Society, 2006.
37. S-M. Yen, D. Kim, S. Lim, and S. Moon. RSA speedup with residue number system immune against hardware fault cryptanalysis. In Information Security and Cryptology (ICISC 2001), volume 2288 of Lecture Notes in Computer Science, pages 397-413. Springer-Verlag, 2001.
38. S-M. Yen, S. Moon, and J-C. Ha. Hardware fault attack on RSA with CRT revisited. In Information Security and Cryptology (ICISC 2002), volume 2587 of Lecture Notes in Computer Science, pages 374-388. Springer-Verlag, 2002.