Wagner’s Attack on a Secure CRT-RSA Algorithm Reconsidered
At CCS 2003, a new CRT-RSA algorithm was presented in [BOS03], which was claimed to be secure against fault attacks for various fault models. At CCS 2004, David Wagner presented an attack on the proposed scheme, claiming that the so-called BOS scheme was insecure for all presented fault models [Wag04]. However, the attack itself contains a flaw which shows that although the BOS scheme is broken in some fault models, it is not broken in the most realistic ”random fault model”. This paper points out the flaw in the attack on the BOS scheme, aiming to clarify this issue.
KeywordsCRT-RSA fault attacks smartcards BOS-Scheme Wagner’s attack
Unable to display preview. Download preview PDF.
- [BOS03]Blömer, J., Otto, M., Seifert, J.-P.: A new CRT-RSA algorithm secure against Bellcore attacks. In: Atluri, V., Liu, P. (eds.) Conference on Computer and Communications Security — CCS. ACM SIGSAC, pp. 311–320. ACM Press, New York (2003)Google Scholar
- [CJ05]Ciet, M., Joye, M.: Practical fault countermeasures for chinese remaindering based RSA. In: 2nd Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2005), Edinburgh, Scotland, September 2 (2005)Google Scholar
- [Gir05]Giraud, C.: Fault resistant RSA implementation. In: Breveglieri, L., Koren, I. (eds.) Fault Diagnosis and Tolerance in Cryptography — FDTC 2005, September 2 (2005)Google Scholar
- [Ott05]Otto, M.: Fault attacks and countermeasures, Ph.D. thesis, University of Paderborn (2005), http://wwwcs.uni-paderborn.de/cs/ag-bloemer/forschung/publikationen/DissertationMartinOtto.pdf
- [QS02]Quisquater, J.-J., Samyde, D.: Eddy current for magnetic analysis with active sensor. In: Proceedings of Esmart 2002 (2002)Google Scholar
- [RE00]Rankl, W., Effing, W.: Smart card handbook, 2nd edn. John Wiley & Sons, Chichester (2000)Google Scholar
- [Sha99]Shamir, A.: Method and apparatus for protecting public key schemes from timing and fault attacks. US Patent No. 5, 991, 415 (November 23, 1999)Google Scholar