Abstract
Embedded devices performing RSA signatures are subject to Fault Attacks, particularly when the Chinese Remainder Theorem is used. In most cases, the modular exponentiation and the Garner recombination algorithms are targeted. To thwart Fault Attacks, we propose a new generic method of computing modular exponentiation and we prove its security in a realistic fault model. By construction, our proposal is also protected against Simple Power Analysis. Based on our new resistant exponentiation algorithm, we present two different ways of computing CRT RSA signatures in a secure way. We show that those methods do not increase execution time and can be easily implemented on low-resource devices.
Chapter PDF
References
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the Importance of Checking Cryptographic Protocols for Faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)
Aumüller, C., et al.: Fault attacks on RSA with CRT: Concrete Results and Practical Countermeasures. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 260–275. Springer, Heidelberg (2003)
Blömer, J., Otto, M., Seifert, J.P.: A New RSA-CRT Algorithm Secure Against Bellcore Attacks. In: Jajodia, S., Atluri, V., Jaeger, T. (eds.) ACM Conference on Computer and Communications Security – CCS’03, pp. 311–320. ACM Press, New York (2003)
Ciet, M., Joye, M.: Practical Fault Countermeasures for Chinese Remaindering Based RSA. In: FDTC’05, pp. 124–132 (2005)
Giraud, C.: Fault Resistant RSA Implementation. In: FDTC’05, pp. 142–151 (2005)
Shamir, A.: Improved method and apparatus for protecting public key schemes from timing and fault attacks. International Patent Number: WO 98/52319 (1998), Also presented at the rump session of EUROCRYPT’97.
Yen, S.-M., et al.: RSA Speedup with Residue Number System Immune against Hardware Fault Cryptanalysis. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 397–413. Springer, Heidelberg (2002)
Wagner, D.: Cryptanalysis of a Provable Secure CRT-RSA Algorithm. In: Pfitzmann, B., Liu, P. (eds.) ACM Conference on Computer and Communications Security – CCS’04, pp. 82–91. ACM Press, New York (2004)
Otto, M., Blömer, J.: Wagner’s Attack on a Secure CRT-RSA Algorithm Reconsidered. In: Breveglieri, L., et al. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 13–23. Springer, Heidelberg (2006)
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)
Couvreur, C., Quisquater, J.-J.: Fast decipherment algorithm for RSA public-key cryptosystem. Electronics Letters 18(21), 905–907 (1982)
Garner, H.: The residue number system. IRE Transactions on Electronic Computers 8(6), 140–147 (1959)
Kocher, P.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Power analysis attacks on modular exponentiation in smartcards. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 144–157. Springer, Heidelberg (1999)
Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1997), Electronic version available at http://www.cacr.math.uwaterloo.ca/hac/
Coron, J.-S.: Resistance Against Differential Power Analysis for Elliptic Curve Cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)
Joye, M., Lenstra, A.K., Quisquater, J.-J.: Chinese Remaindering Based Cryptosystems in the Presence of Faults. Journal of Cryptology 12(4), 241–246 (1999)
Yen, S.M., Joye, M.: Checking before output not be enough against fault-based cryptanalysis. IEEE Transactions on Computers 49(9), 967–970 (2000)
Joye, M., Yen, S.-M.: The Montgomery Powering Ladder. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003)
Lemke-Rust, K., Paar, C.: An Adversarial Model for Fault Analysis Against Low-Cost Cryptographic Devices. In: Breveglieri, L., et al. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 131–143. Springer, Heidelberg (2006)
Yen, S.-M., Moon, S.J., Ha, J.-C.: Permanent Fault Attack on RSA with CRT. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 285–296. Springer, Heidelberg (2003)
Bar-El, H., et al.: The Sorcerer’s Apprentice Guide to Fault Attacks. In: Breveglieri, L., Koren, I. (eds.) Workshop on Fault Diagnosis and Tolerance in Cryptography – FDTC’04, pp. 330–342. IEEE Computer Society, Los Alamitos (2004)
Fumaroli, G., Vigilant, D.: Blinded Fault Resistant Exponentiation. In: Breveglieri, L., et al. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 62–70. Springer, Heidelberg (2006)
Boreale, M.: Attacking Right-to-Left Modular Exponentiation with Timely Random Faults. In: Breveglieri, L., et al. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 24–35. Springer, Heidelberg (2006)
Fouque, P.-A., Valette, F.: The Doubling Attack: Why Upwards is better than Downwards. In: D.Walter, C., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 269–280. Springer, Heidelberg (2003)
Yen, S.-M., et al.: Power Analysis by Exploiting Chosen Message and Internal Collisions – Vulnerability of Checking Mechanism for RSA-Decryption. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 183–195. Springer, Heidelberg (2005)
Chaum, D.: Blind signatures for untraceable payments. In: Chaum, D., Rivest, R., Sherman, A. (eds.) Advances in Cryptology – CRYPTO ’82, pp. 199–204. Plenum Press, New York (1982)
Otto, M.: Fault Attacks and Countermeasures. PhD thesis, Universität Paderborn (2004)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2007 IFIP International Federation for Information Processing
About this paper
Cite this paper
Boscher, A., Naciri, R., Prouff, E. (2007). CRT RSA Algorithm Protected Against Fault Attacks. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, JJ. (eds) Information Security Theory and Practices. Smart Cards, Mobile and Ubiquitous Computing Systems. WISTP 2007. Lecture Notes in Computer Science, vol 4462. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-72354-7_19
Download citation
DOI: https://doi.org/10.1007/978-3-540-72354-7_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-72353-0
Online ISBN: 978-3-540-72354-7
eBook Packages: Computer ScienceComputer Science (R0)