Combined Attack on CRT-RSA

Why Public Verification Must Not Be Public?
  • Guillaume Barbu
  • Alberto Battistello
  • Guillaume Dabosville
  • Christophe Giraud
  • Guénaël Renault
  • Soline Renner
  • Rina Zeitoun
Conference paper

DOI: 10.1007/978-3-642-36362-7_13

Part of the Lecture Notes in Computer Science book series (LNCS, volume 7778)
Cite this paper as:
Barbu G. et al. (2013) Combined Attack on CRT-RSA. In: Kurosawa K., Hanaoka G. (eds) Public-Key Cryptography – PKC 2013. Lecture Notes in Computer Science, vol 7778. Springer, Berlin, Heidelberg

Abstract

This article introduces a new Combined Attack on a CRT-RSA implementation resistant against Side-Channel Analysis and Fault Injection attacks. Such implementations prevent the attacker from obtaining the signature when a fault has been induced during the computation. Indeed, such a value would allow the attacker to recover the RSA private key by computing the gcd of the public modulus and the faulty signature. The principle of our attack is to inject a fault during the signature computation and to perform a Side-Channel Analysis targeting a sensitive value processed during the Fault Injection countermeasure execution. The resulting information is then used to factorize the public modulus, leading to the disclosure of the whole RSA private key. After presenting a detailed account of our attack, we explain how its complexity can be significantly reduced by using lattice reduction techniques. We also provide simulations that confirm the efficiency of our attack as well as two different countermeasures having a very small impact on the performance of the algorithm. As it performs a Side-Channel Analysis during a Fault Injection countermeasure to retrieve the secret value, this article recalls the need for Fault Injection and Side-Channel Analysis countermeasures as monolithic implementations.

Keywords

CRT-RSA Combined Attacks Fault Injection Side-Channel Analysis Coppersmith’s methods 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© International Association for Cryptologic Research 2013

Authors and Affiliations

  • Guillaume Barbu
    • 1
  • Alberto Battistello
    • 1
  • Guillaume Dabosville
    • 2
  • Christophe Giraud
    • 1
  • Guénaël Renault
    • 3
  • Soline Renner
    • 1
    • 4
  • Rina Zeitoun
    • 2
    • 3
  1. 1.Security GroupOberthur TechnologiesPessacFrance
  2. 2.Crypto GroupOberthur TechnologiesNanterre CedexFrance
  3. 3.INRIA, Centre Paris-Rocquencourt, PolSys Project-team, CNRS, UMR 7606, LIP6UPMC, Université Paris 6Paris, Cedex 05France
  4. 4.Institut Mathématiques de BordeauxUniversité Bordeaux ITalence CedexFrance

Personalised recommendations