Skip to main content
SpringerLink
Log in

Algorithmic Countermeasures Against Fault Attacks and Power Analysis for RSA-CRT

  • Conference paper
  • First Online:
Constructive Side-Channel Analysis and Secure Design (COSADE 2016)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9689))

Abstract

In this work, we analyze all existing RSA-CRT countermeasures against the Bellcore attack that use binary self-secure exponentiation algorithms. We test their security against a powerful adversary by simulating fault injections in a fault model that includes random, zeroing, and skipping faults at all possible fault locations. We find that most of the countermeasures are vulnerable and do not provide sufficient security against all attacks in this fault model. After investigating how additional measures can be included to counter all possible fault injections, we present three countermeasures which prevent both power analysis and many kinds of fault attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Aumüller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.: Fault attacks on RSA with CRT: concrete results and practical countermeasures. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 260–275. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  2. Baek, Y.: Regular 2\({}^{\text{ w }}\)-ary right-to-left exponentiation algorithm with very efficient DPA and FA countermeasures. Int. J. Inf. Sec. 9(5), 363–370 (2010)

    Article  MathSciNet  Google Scholar 

  3. Blömer, J., Gomes Da Silva, R., Gunther, P., Kramer, J., Seifert, J.P.: A practical second-order fault attack against a real-world pairing implementation. In: Fault Diagnosis and Tolerance in Cryptography (FDTC 2014), pp. 123–136. IEEE (2014)

    Google Scholar 

  4. Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  5. Boscher, A., Handschuh, H., Trichina, E.: Blinded fault resistant exponentiationrevisited. In: Fault Diagnosis and Tolerance in Cryptography (FDTC 2009), pp. 3–9.IEEE (2009)

    Google Scholar 

  6. Boscher, A., Naciri, R., Prouff, E.: CRT RSA algorithm protected against fault attacks. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.-J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 229–243. Springer, Heidelberg (2007)

    Google Scholar 

  7. Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  8. Fumaroli, G., Vigilant, D.: Blinded fault resistant exponentiation. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.-P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 62–70. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  9. Giraud, C.: An RSA implementation resistant to fault attacks and to simple power analysis. IEEE Trans. Comput. 55(9), 1116–1120 (2006)

    Article  Google Scholar 

  10. Joye, M., Karroumi, M.: Memory-efficient fault countermeasures. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol. 7079, pp. 84–101. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  11. Joye, M., Lenstra, A.K., Quisquater, J.: Chinese remaindering based cryptosystems in the presence of faults. J. Cryptol. 12(4), 241–245 (1999)

    Article  MATH  Google Scholar 

  12. Joye, M., Paillier, P., Yen, S.M.: Secure evaluation of modular functions. In: 2001 International Workshop on Cryptology and Network Security (2001)

    Google Scholar 

  13. Joye, M., Yen, S.: The Montgomery powering ladder. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  14. Kim, C.H., Quisquater, J.: How can we overcome both side channel analysis and fault attacks on RSA-CRT? In: Fault Diagnosis and Tolerance in Cryptography (FDTC 2007), pp. 21–29. IEEE (2007)

    Google Scholar 

  15. Kiss, A., Krämer, J., Rauzy, P., Seifert, J.P.: Algorithmic countermeasures against fault attacks and power analysis for RSA-CRT. Cryptology ePrint Archive, Report 2016/238 (2016). http://eprint.iacr.org/2016/238

    Google Scholar 

  16. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  17. Krämer, J., Nedospasov, D., Seifert, J.-P.: Weaknesses in current RSA signature schemes. In: Kim, H. (ed.) ICISC 2011. LNCS, vol. 7259, pp. 155–168. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  18. Le, D.-P., Rivain, M., Tan, C.H.: On double exponentiation for securing RSA against fault analysis. In: Benaloh, J. (ed.) CT-RSA 2014. LNCS, vol. 8366, pp. 152–168. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  19. Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Math. Comput. 48(177), 243–264 (1987)

    Article  MathSciNet  MATH  Google Scholar 

  20. Quisquater, J.J., Couvreur, C.: Fast decipherment algorithm for RSA public-key cryptosystem. Electron. Lett. 18(21), 905–907 (1982)

    Article  Google Scholar 

  21. Rauzy, P., Guilley, S.: Countermeasures against high-order fault-injection attacks on CRT-RSA. In: Fault Diagnosis and Tolerance in Cryptography (FDTC 2014), pp. 68–82. IEEE (2014)

    Google Scholar 

  22. Rivain, M.: Securing RSA against fault analysis by double addition chain exponentiation. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 459–480. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  23. Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)

    Article  MathSciNet  MATH  Google Scholar 

  24. Shamir, A.: Method and apparatus for protecting public key schemes from timing and fault attacks, US Patent 5,991,415 (1999)

    Google Scholar 

  25. Witteman, M.: A DPA attack on RSA in CRT mode (2009)

    Google Scholar 

  26. Yen, S., Joye, M.: Checking before output may not be enough against fault-based cryptanalysis. IEEE Trans. Comput. 49(9), 967–970 (2000)

    Article  MATH  Google Scholar 

  27. Yen, S.-M., Kim, S., Lim, S., Moon, S.-J.: A countermeasure against one physical cryptanalysis may benefit another attack. In: Kim, K. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 414–427. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  28. Yen, S.-M., Lien, W.-C., Moon, S.-J., Ha, J.C.: Power analysis by exploiting chosen message and internal collisions – vulnerability of checking mechanism for RSA-decryption. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 183–195. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

Download references

Acknowledgments

This work has been co-funded by the DFG as part of projects P1 and S5 within the CRC 1119 CROSSING and by the European Union’s 7th Framework Program (FP7/2007-2013) under grant agreement no. 609611 (PRACTICE).

Author information

Authors and Affiliations

  1. TU Darmstadt, Darmstadt, Germany

    Ágnes Kiss & Juliane Krämer

  2. TU Berlin, Berlin, Germany

    Juliane Krämer & Jean-Pierre Seifert

  3. Inria, CITI Lab, Villeurbanne, France

    Pablo Rauzy

Authors
  1. Ágnes Kiss
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Juliane Krämer
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Pablo Rauzy
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jean-Pierre Seifert
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ágnes Kiss .

Editor information

Editors and Affiliations

  1. UCL Crypto Group , Louvain-la-Neuve, Belgium

    François-Xavier Standaert

  2. University of Bristol , Bristol, United Kingdom

    Elisabeth Oswald

A Self-secure Exponentiation Countermeasures

A Self-secure Exponentiation Countermeasures

figure e
figure f
figure g
figure h
figure i
figure j

Rights and permissions

Reprints and permissions

Copyright information

© 2016 Springer International Publishing Switzerland

About this paper

Cite this paper

Kiss, Á., Krämer, J., Rauzy, P., Seifert, JP. (2016). Algorithmic Countermeasures Against Fault Attacks and Power Analysis for RSA-CRT. In: Standaert, FX., Oswald, E. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2016. Lecture Notes in Computer Science(), vol 9689. Springer, Cham. https://doi.org/10.1007/978-3-319-43283-0_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-43283-0_7

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-43282-3

  • Online ISBN: 978-3-319-43283-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation