RSA with CRT: A New Cost-Effective Solution to Thwart Fault Attacks

  • David Vigilant
Conference paper

DOI: 10.1007/978-3-540-85053-3_9

Volume 5154 of the book series Lecture Notes in Computer Science (LNCS)
Cite this paper as:
Vigilant D. (2008) RSA with CRT: A New Cost-Effective Solution to Thwart Fault Attacks. In: Oswald E., Rohatgi P. (eds) Cryptographic Hardware and Embedded Systems – CHES 2008. CHES 2008. Lecture Notes in Computer Science, vol 5154. Springer, Berlin, Heidelberg


Fault attacks as introduced by Bellcore in 1996 are still a major threat toward cryptographic products supporting RSA signatures. Most often on embedded devices, the public exponent is unknown, turning resistance to fault attacks into an intricate problem. Over the past few years, several techniques for secure implementations have been published, all of which suffering from inadequacy with the constraints faced by embedded platforms. In this paper, we introduce a novel countermeasure mechanism against fault attacks in RSA signature generation. In the restricted context of security devices where execution time, memory consumption, personalization management and code size are strong constraints, our countermeasure is simply applicable with a low computational complexity. Our method extends to all cryptosystems based on modular exponentiation.


Bellcore attack Chinese Remainder Theorem Fault attacks RSA Software countermeasure Modular exponentiation 
Download to read the full conference paper text

Copyright information

© Springer-Verlag Berlin Heidelberg 2008

Authors and Affiliations

  • David Vigilant
    • 1
  1. 1.Cryptography Engineering, Gemalto Security Labs