Observability analysis – Detecting when improved cryptosystems fail

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 2271, Issue , 2002, Pages 17-29

  Joye, Marc ^a   Quisquater, Jean Jacques ^b   Yen, Sung Ming ^c   Yung, Moti ^d  

^a GEMPLUS   (France)

^b Microelectronics Laboratory   (Belgium)

^c NATIONAL CENTRAL UNIVERSITY   (Taiwan)

^d CertCo   (United States)

Author keywords

Cryptanalysis; Cryptosystems; Fault analysis; Implementations; Observability; Robustness; Security analysis; Side channel attacks

Indexed keywords

CRYPTOGRAPHY; OBSERVABILITY; ROBUSTNESS (CONTROL SYSTEMS);

CRYPTANALYSIS; FAULT ANALYSIS; IMPLEMENTATIONS; INFORMATION CHANNELS; OBSERVABILITY ANALYSIS; OPERATING ENVIRONMENT; OPERATIONAL ENVIRONMENTS; SECURITY ANALYSIS;

SIDE CHANNEL ATTACK;

EID: 84944881697     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: 10.1007/3-540-45760-7_2     Document Type: Conference Paper

References (32)

1. RSA Laboratories. PKCS #1 v2.0: RSA cryptography standard, October 1, 1998. Available at http://www.rsasecurity.com/rsalabs/pkcs/.
2. RSA Laboratories. PKCS #1 v2.1: RSA cryptography standard, Draft 2, January 5, 2001. Available at http://www.rsasecurity.com/rsalabs/pkcs/.
3. F. Bao, R. Deng, Y. Han, A. Jeng, A. D. Narasimhalu, and T.-H. Ngair. Breaking public key cryptosystems on tamper resistant devices in the presence of transient faults. In B. Christianson, B. Crispo, M. Lomas, and M. Roe, eds, Security Protocols, vol. 1361 of Lecture Notes in Computer Science, pp. 115–124, Springer-Verlag, 1998.
4. Mihir Bellare and Phillip Rogaway. Optimal asymmetric encryption — How to encrypt with RSA. In A. De Santis, ed., Advances in Cryptology – EUROCRYPT’94, vol. 950 of Lecture Notes in Computer Science, pp. 92–111, Springer-Verlag, 1995.
5. Daniel Bleichenbacher. A chosen ciphertext attack against protocols based on the RSA encryption standard RSA PKCS #1. In H. Krawczyk, ed., Advances in Cryptology – CRYPTO’98, vol. 1462 of Lecture Notes in Computer Science, pp. 1–12, Springer-Verlag, 1998.
6. Daniel Bleichenbacher, Burt Kaliski, and Jessica Staddon. Recent results on PKCS #1: RSA encryption standard. RSA Laboratories’ Bulletin, no. 7, June 1998.
7. Dan Boneh. Twenty years of attacks on the RSA cryptosystem. Notices of the AMS, 46(2):203–213, 1999.
8. Dan Boneh, Richard A. DeMillo and Richard J. Lipton. On the importance of checking cryptographic protocols for faults. In W. Fumy, ed., Advances in Cryptology – EUROCRYPT’97, vol. 1233 of Lecture Notes in Computer Science, pp. 37–51, Springer-Verlag, 1997.
9. Dan Boneh, Antoine Joux, and Phong Q. Nguyen. Why Textbook El Gamal and RSA encryption are insecure. In T. Okamoto, ed., Advances in Cryptology – ASIACRYPT2000, vol. 1976 of Lecture Notes in Computer Science, pp. 30–43, Springer-Verlag, 2000.
10. Don Coppersmith. Small solutions to polynomial equations, and low exponent RSA vulnerabilities. Journal of Cryptology, 10(4):233–260, 1997.
11. Eiichiro Fujisaki and Tatsuaki Okamoto. How to enhance the security of public-key encryption at minimum cost. In H. Imai and Y. Zheng, eds., Public Key Cryptography, vol. 1560 of Lecture Notes in Computer Science, pp. 53–68, Springer-Verlag, 1999.
12. Eiichiro Fujisaki, Tatsuaki Okamoto, David Pointcheval, and Jacques Stern. RSA– OAEP is secure under the RSA assumption. In J. Kilian, ed., Advances in Cryptology – CRYPTO2001, vol. 2139 of Lecture Notes in Computer Science, Springer- Verlag, 2001.
13. Henri Gilbert, Dipankar Gupta, Andrew Odlyzko, and Jean-Jacques Quisquater. Attacks on Shamir’s ‘RSA for paranoids’. Information Processing Letters, 68:197–199, 1998.
14. Shafi Goldwasser and Silvio Micali. Probabilistic encryption. Journal of Computer and System Sciences, 28:270–299, 1984.
15. Marc Joye, Arjen K. Lenstra, and Jean-Jacques Quisquater. Chinese remaindering cryptosystems in the presence of faults. Journal of Cryptology, 12(4):241-245, 1999.
16. Marc Joye, Pascal Paillier, and Sung-Ming Yen. Secure evaluation of modular functions. In R.J. Hwang and C.K. Wu, eds., Proc. of the 2001 International Workshop on Cryptology and Network Security (CNS 2001), pp. 227–229, Taipei, Taiwan, September 26–28, 2001.
17. Marc Joye, Jean-Jacques Quisquater, Feng Bao, and Robert H. Deng. RSA-type signatures in the presence of transient faults. In M. Darnell, ed., Cryptography and Coding, vol. 1355 of Lecture Notes in Computer Science, pp. 155–160, Springer- Verlag, 1997.
18. Marc Joye, Jean-Jacques Quisquater, and Moti Yung. On the power of misbehaving adversaries and security analysis of the original EPOC. In D. Naccache, ed., Topics in Cryptology – CT-RSA 2001, vol. 2020 of Lecture Notes in Computer Science, pp. 208–222, Springer-Verlag, 2001.
19. Burton S. Kaliski Jr. Comments on a new attack on cryptographic devices. RSA Laboratories Technical Note, October 23, 1996.
20. Çetin K. Koç. RSA hardware implementation. Technical Report TR 801, RSA Laboratories, April 1996.
21. Paul Kocher, Joshua Jaffe, and Benjamin Jun. Differential power analysis. In M. Wiener, editor, Advances in Cryptology – CRYPTO’99, vol. 1666 of Lecture Notes in Computer Science, pp. 388–397, Springer-Verlag, 1999.
22. James Manger. A chosen ciphertext attack on RSA optimal asymmetric encryption padding (OAEP) as standardized in PKCS #1. In J. Kilian, ed., Advances in Cryptology – CRYPTO2001, vol. 2139 of Lecture Notes in Computer Science, pp. 230–238, Springer-Verlag, 2001.
23. Moni Naor and Moti Yung. Public-key cryptosystems provably secure against chosen ciphertext attacks. In Proc. of the 22nd ACM Annual Symposium on the Theory of Computing (STOC’90), pp. 427–437, ACM Press, 1990.
24. Andrew Odlyzko. The future of integer factorization. Cryptobytes, 1(2):5–12, 1995.
25. Jean-Jacques Quisquater and Chantal Couvreur. Fast decipherment algorithm for RSA public-key cryptosystem. Electronics Letters, 18:905–907, 1982.
26. Charles Rackoff and Daniel R. Simon. Non-interactive zero-knowledge proof of knowledge and chosen ciphertext attack. In J. Feigenbaum, ed., Advances in Cryptology – CRYPTO’91, vol. 576 of Lecture Notes in Computer Science, pp. 433–444, Springer-Verlag, 1992.
27. Ronald L. Rivest, Adi Shamir, and Leonard M. Adleman. A method for obtaining digital signatures and public key cryptosystems. Communications of the ACM, 21(2):120–126, 1978.
28. Adi Shamir. RSA for paranoids. Cryptobytes, 1(2):1–4, 1995.
29. Adi Shamir. Patent US 5.991.415: Method and apparatus for protecting public key schemes from timing and fault attacks, 12 May 1997.
30. Adi Shamir. How to check modular exponentiation. Presented at the rump session of EUROCRYPT’97, Konstanz, Germany, 11–15th May 1997.
31. Victor Shoup. OAEP reconsidered. In J. Kilian, ed., Advances in Cryptology – CRYPTO2001, vol. 2139 of Lecture Notes in Computer Science, Springer-Verlag, 2001.
32. Sung-Ming Yen and Marc Joye. Checking before output may not be enough against fault-based cryptanalysis. IEEE Transactions on Computers, 49(9):967–970, 2000.