Journal of Cryptographic Engineering

, Volume 4, Issue 3, pp 173–185

A formal proof of countermeasures against fault injection attacks on CRT-RSA

Special Section on Proofs 2013

DOI: 10.1007/s13389-013-0065-3

Cite this article as:
Rauzy, P. & Guilley, S. J Cryptogr Eng (2014) 4: 173. doi:10.1007/s13389-013-0065-3


In this article, we describe a methodology that aims at either breaking or proving the security of CRT-RSA implementations against fault injection attacks. In the specific case-study of the BellCoRe attack, our work bridges a gap between formal proofs and implementation-level attacks. We apply our results to three implementations of CRT-RSA, namely the unprotected one, that of Shamir, and that of Aumüller et al. Our findings are that many attacks are possible on both the unprotected and the Shamir implementations, while the implementation of Aumüller et al.  is resistant to all single-fault attacks. It is also resistant to double-fault attacks if we consider the less powerful threat model of its authors.


RSA (Rivest, Shamir, Adleman)CRT (Chinese Remainder Theorem)Fault injectionBellCoRe (Bell Communications Research)  attack Formal proofOCaml

Copyright information

© Springer-Verlag Berlin Heidelberg 2013

Authors and Affiliations

  1. 1.Institut Mines-TélécomTélécom ParisTech, CNRS LTCI Paris France