Abstract
A fault attack consists in inducing hardware malfunctions in order to recover secrets from electronic devices. One of the most famous fault attack is Bellcore’s attack against RSA with CRT; it consists in inducing a fault modulo p but not modulo q at signature generation step; then by taking a gcd the attacker can recover the factorization of N = pq. The Bellcore attack applies to any encoding function that is deterministic, for example FDH. Recently, the attack was extended to randomized encodings based on the iso/iec 9796-2 signature standard. Extending the attack to other randomized encodings remains an open problem.
In this paper, we show that the Bellcore attack cannot be applied to the PSS encoding; namely we show that PSS is provably secure against random fault attacks in the random oracle model, assuming that inverting RSA is hard.
Chapter PDF
Similar content being viewed by others
References
Bellare, M., Rogaway, P.: Random oracles are practical: a paradigm for designing efficient protocols. In: Proceedings of the First Annual Conference on Computer and Communications Security. ACM, New York (1993)
Bellare, M., Rogaway, P.: The Exact security of digital signatures: How to sign with RSA and Rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996)
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. Journal of Cryptology, Springer-Verlag 14(2), 101–119 (2001)
Canetti, R., Goldreich, O., Halevi, S.: The random oracle methodology, revisited. In: STOC 1998. ACM, New York (1998)
Coppersmith, D.: Small solutions to polynomial equations, and low exponent vulnerabilities. Journal of Cryptology 10(4), 233–260 (1997)
Coron, J.S.: Optimal security proofs for pss and other signature schemes. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 272–287. Springer, Heidelberg (2002)
Coron, J.-S., Joux, A., Kizhvatov, I., Naccache, D., Paillier, P.: Fault Attacks on Randomized RSA Signatures with Partially Unknown Messages. In: CHES 2009, pp. 444–456 (2009), http://www.jscoron.fr/publications.html
emvIntegrated circuit card specifications for payment systems, Book 2. Security and Key Management. Version 4.2 (June 2008), http://www.emvco.com
Goldwasser, S., Micali, S., Rivest, R.: A digital signature scheme secure against adaptive chosen-message attacks. SIAM Journal of computing 17(2), 281–308 (1988)
IEEE P1363a, Standard Specifications For Public Key Cryptography: Additional Techniques, http://www.manta.ieee.org/groups/1363
ISO/IEC 9796-2:2002 Information technology – Security techniques – Digital signature schemes giving message recovery – Part 2: Integer factorization based mechanisms (2002)
Lenstra, A., Lenstra Jr., H., Lovász, L.: Factoring polynomials with rational coefficients. Mathematische Annalen 261, 513–534 (1982)
Nguyên, P.Q., Stern, J.: Cryptanalysis of a fast public key cryptosystem presented at SAC ’97. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, p. 213. Springer, Heidelberg (1999)
Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public key cryptosystems. CACM 21 (1978)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Coron, JS., Mandal, A. (2009). PSS Is Secure against Random Fault Attacks. In: Matsui, M. (eds) Advances in Cryptology – ASIACRYPT 2009. ASIACRYPT 2009. Lecture Notes in Computer Science, vol 5912. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-10366-7_38
Download citation
DOI: https://doi.org/10.1007/978-3-642-10366-7_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-10365-0
Online ISBN: 978-3-642-10366-7
eBook Packages: Computer ScienceComputer Science (R0)