A formal proof of countermeasures against fault injection attacks on CRT-RSA

Journal of Cryptographic Engineering

Volumn 4, Issue 3, 2014, Pages 173-185

  Rauzy, Pablo ^a   Guilley, Sylvain ^a  

^a INSTITUT TELECOM   (France)

Author keywords

BellCoRe (Bell Communications Research) attack; CRT (Chinese Remainder Theorem); Fault injection; Formal proof; OCaml; RSA (Rivest, Shamir, Adleman)

Indexed keywords

NETWORK SECURITY;

BELLCORE; CHINESE REMAINDER THEOREM; FAULT INJECTION; FORMAL PROOFS; OCAML; RSA (RIVEST, SHAMIR, ADLEMAN);

THEOREM PROVING;

EID: 84906218019     PISSN: 21908508     EISSN: 21908516     Source Type: Journal    
DOI: 10.1007/s13389-013-0065-3     Document Type: Article

References (25)

1. Aumüller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.-P.: Fault attacks on RSA with CRT: concrete results and practical countermeasures. In: Kaliski, B. S., Jr., Koç, C. K., Paar, C. (eds.) CHES. Lecture Notes in Computer Science, vol. 2523, pp. 260-275. Springer, Berlin (2002).
2. Berzati, A., Canovas-Dumas, C., Goubin, L.: A survey of differential fault analysis against classical RSA implementations. In: Joye, M., Tunstall, M. (eds.) Fault Analysis in Cryptography, Information Security and Cryptography, pp. 111-124. Springer, Berlin (2012).
3. Biham, E., Carmeli, Y., Shamir, A.: Bug attacks. In: CRYPTO. LNCS, vol. 5157, pp. 221-240. Springer, Santa Barbara (2008).
4. Boneh, D., DeMillo, R. A., Lipton, R. J.: On the importance of checking cryptographic protocols for faults. In: Proceedings of Eurocrypt'97. LNCS, vol. 1233, pp. 37-51. Springer, Konstanz (1997). doi: 10. 1007/3-540-69053-0_4.
5. Blanchet, B.: ProVerif: cryptographic protocol verifier in the formal model. http://prosecco. gforge. inria. fr/personal/bblanche/proverif/.
6. Blömer, J., Otto, M., Seifert, J. P.: A new CRT-RSA algorithm secure against Bellcore attacks. In: Jajodia, S., Atluri, V., Jaeger, T. (eds.) ACM Conference on Computer and Communications Security, pp. 311-320. ACM (2003).
7. Biham, E., Shamir, A.: Analysis, differential fault, of secret key cryptosystems. In: CRYPTO. LNCS, vol. 1294, pp. 513-525. Springer, Santa Barbara (1997). doi: 10. 1007/BFb0052259.
8. Christofi, M., Chetali, B., Goubin, L., Vigilant, D.: Formal verification of an implementation of CRT-RSA Vigilant's algorithm. J. Cryptogr. Eng. 3(3), (2013). doi: 10. 1007/s13389-013-0049-3.
9. Coron, J.-S., Giraud, C., Morin, N., Piret, G., Vigilant, D.: Fault attacks and countermeasures on vigilant's RSA-CRT Algorithm. In: Breveglieri, L., Joye, M., Koren, I., Naccache, D., Verbauwhede, I. (eds.) FDTC, pp. 89-96. IEEE Computer Society (2010).
10. Debande, N., Souissi, Y., Elaabid, M. A., Guilley, S., Danger, J.-L.: Wavelet transform based pre-processing for side channel analysis. In: HASP, pp. 32-38. IEEE, Vancouver (2012). doi: 10. 1109/MICROW. 2012. 15.
11. Garner, H. L.: Number systems and arithmetic. Adv. Comput. 6, 131-194 (1965).
12. Guo, X., Mukhopadhyay, D., Karri, R.: Provably secure concurrent error detection against differential fault analysis. Cryptology ePrint Archive, Report 2012/552. 2012. http://eprint. iacr. org/2012/552/.
13. INRIA. OCaml, a variant of the Caml language. http://caml. inria. fr/ocaml/index. en. html.
14. Joye, M., Lenstra, A. K., Quisquater, J.-J.: Chinese remaindering based cryptosystems in the presence of faults. J. Cryptol. 12(4), 241-245 (1999).
15. Joye, M.: Protecting RSA against fault attacks: the embedding method. In: Breveglieri, L., Koren, I., Naccache, D., Oswald, E., Seifert, J.-P. (eds.) FDTC, pp. 41-45. IEEE Computer Society (2009).
16. Joye, M., Paillier, P.: GCD-free algorithms for computing modular inverses. In: Walter, C. D., Koç, C. K., Paar, C. (eds.) CHES. Lecture Notes in Computer Science, vol. 2779, pp. 243-253. Springer, Berlin (2003).
17. Kocher, P. C., Jaffe, J., Jun, B.: Differential power analysis. In: Proceedings of CRYPTO'99. LNCS, vol. 1666, pp. 388-397. Springer, Berlin (1999).
18. Kim, S.-K., Kim, T. H., Han, D.-G., Hong, S.: An efficient CRT-RSA algorithm secure against power and fault attacks. J. Syst. Softw. 84, 1660-1669 (October 2011).
19. Koç, C. K.: High-speed RSA implementation, November 1994. Version 2. ftp://ftp. rsasecurity. com/pub/pdfs/tr201. pdf.
20. Rauzy, P., Guilley, S.: Formal analysis of CRT-RSA vigilant's countermeasure against the BellCoRe attack-a pledge for formal methods in the field of implementation security. In: 3rd ACM SIGPLAN Program Protection and Reverse Engineering Workshop (PPREW 2014) (2014). ISBN: 978-1-4503-2649-0.
21. Rivest, R. L., Shamir, A., Adleman, L. M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120-126 (1978).
22. Souissi, Y., Elaabid, M. A., Danger, J.-L., Guilley, S., Debande, N.: Novel applications of wavelet transforms based side-channel analysis, 26-27 September 2011. Non-Invasive Attack Testing Workshop (NIAT 2011), co-organized by NIST & AIST. Todai-ji Cultural Center, Nara, Japan. (http://csrc. nist. gov/news_events/non-invasive-attack-testing-workshop/papers/01_Souissi. pdf).
23. Shamir, A.: Method and apparatus for protecting public key schemes from timing and fault attacks, November 1999. Patent Number 5, 991, 415; also presented at the rump session of EUROCRYPT '97.
24. Tehranipoor, M., Wang, C. (eds.) Introduction to Hardware Security and Trust. Springer, Berlin (2012). ISBN: 978-1-4419-8079-3.
25. Vigilant, D.: RSA with CRT: a new cost-effective solution to thwart fault attacks. In Oswald, E., Rohatgi, P. (eds.) CHES. Lecture Notes in Computer Science, vol. 5154, pp. 130-145. Springer, Berlin (2008).