Permanent Fault Attack on the Parameters of RSA with CRT

  • Sung-Ming Yen
  • SangJae Moon
  • JaeCheol Ha
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2727)


Chinese remainder theorem has been widely employed to speedup the RSA computation. In this paper, one kind of permanent fault attack on RSA with CRT will be pointed out which exploits a permanent fault on the storage of either p or q. This proposed attack is generic and powerful which can be applicable to both the conventional RSA with CRT and Shamir’s fault attack immune design of RSA with CRT. Two popular and one recently proposed CRT recombination algorithms which are necessary for the above two mentioned RSA with CRT will be carefully examined in this paper for their immunity against the proposed parameter permanent fault attack.


Chinese remainder theorem (CRT) Computational fault Cryptography Factorization Hardware fault cryptanalysis Permanent fault Physical cryptanalysis Side channel attack 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    R.L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystem,” Commun. of ACM, vol. 21, no. 2, pp. 120–126, 1978.MATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete logarithms,” IEEE Trans. Inf. Theory, vol. 31, no. 4, pp. 469–472, 1985.MATHCrossRefMathSciNetGoogle Scholar
  3. 3.
    R. Anderson and M. Kuhn, “Tamper resistance — a cautionary note,” In Proceedings of the 2nd USENIX Workshop on Electronic Commerce, pp. 1–11, 1996.Google Scholar
  4. 4.
    R. Anderson and M. Kuhn, “Low cost attacks on tamper resistant devices,” In Preproceedings of the 1997 Security Protocols Workshop, Paris, France, 7–9th April 1997.Google Scholar
  5. 5.
    Bellcore Press Release, “New threat model breaks crypto codes,” Sept. 1996, available at
  6. 6.
    D. Boneh, R.A. DeMillo, and R.J. Lipton, “On the importance of checking cryptographic protocols for faults,” In Advances in Cryptology — EUROCRYPT’97, LNCS 1233, pp. 37–51, Springer-Verlag, 1997.Google Scholar
  7. 7.
    F. Bao, R.H. Deng, Y. Han, A. Jeng, A.D. Narasimbalu, and T. Ngair, “Breaking public key cryptosystems on tamper resistant devices in the presence of transient faults,” In Pre-proceedings of the 1997 Security Protocols Workshop, Paris, France, 1997.Google Scholar
  8. 8.
    Y. Zheng and T. Matsumoto, “Breaking real-world implementations of cryptosystems by manipulating their random number generation,” In Pre-proceedings of the 1997 Symposium on Cryptography and Information Security, Fukuoka, Japan, 29th January–1st February 1997. An earlier version was presented at the rump session of ASIACRYPT’96.Google Scholar
  9. 9.
    I. Peterson, “Chinks in digital armor — Exploiting faults to break smart-card cryptosystems,” Science News, vol. 151, no. 5, pp. 78–79, 1997.CrossRefGoogle Scholar
  10. 10.
    M. Joye, J.-J. Quisquater, F. Bao, and R.H. Deng, “RSA-type signatures in the presence of transient faults,” In Cryptography and Coding, LNCS 1355, pp. 155–160, Springer-Verlag, 1997.CrossRefGoogle Scholar
  11. 11.
    D.P. Maher, “Fault induction attacks, tamper resistance, and hostile reverse engineering in perspective,” In Financial Cryptography, LNCS 1318, pp. 109–121, Springer-Verlag, Berlin, 1997.Google Scholar
  12. 12.
    E. Biham and A. Shamir, “Differential fault analysis of secret key cryptosystems,” In Advances in Cryptology — CRYPTO’97, LNCS 1294, pp. 513–525, Springer-Verlag, Berlin, 1997.CrossRefGoogle Scholar
  13. 13.
    A.K. Lenstra, “Memo on RSA signature generation in the presence of faults,” September 1996.Google Scholar
  14. 14.
    M. Joye, A.K. Lenstra, and J.-J. Quisquater, “Chinese remaindering based cryptosystems in the presence of faults,” Journal of Cryptology, vol. 12, no. 4, pp. 241–245, 1999.MATHCrossRefGoogle Scholar
  15. 15.
    M. Joye, F. Koeune, and J.-J. Quisquater, “Further results on Chinese remaindering,” Tech. Report CG-1997/1, UCL Crypto Group, Louvain-la-Neuve, March 1997.Google Scholar
  16. 16.
    A. Shamir, “How to check modular exponentiation,” presented at the rump session of EUROCRYPT’97, Konstanz, Germany, 11–15th May 1997.Google Scholar
  17. 17.
    A. Shamir, “Method and apparatus for protecting public key schemes from timing and fault attacks,” United States Patent 5991415, November 23, 1999.Google Scholar
  18. 18.
    S.M. Yen and M. Joye, “Checking before output may not be enough against faultbased cryptanalysis,” IEEE Trans. on Computers, vol. 49, no. 9, pp. 967–970, Sept. 2000.CrossRefGoogle Scholar
  19. 19.
    S. Skorobogatov and R. Anderson, “Optical fault induction attacks,” In Preproceedings of Cryptographic Hardware and Embedded Systems — CHES 2002, pp. 2–12, August 13–15, 2002, California, USA.Google Scholar
  20. 20.
    P.J. Smith and M.J.J. Lennon, “LUC: A new public key system,” In Ninth IFIP Symposium on Computer Security, Elsevier Science Publishers, pp. 103–117, 1993.Google Scholar
  21. 21.
    J.-J. Quisquater and C. Couvreur, “Fast decipherment algorithm for RSA public-key cryptosystem,” Electronics Letters, vol. 18, no. 21, pp. 905–907, 1982.CrossRefGoogle Scholar
  22. 22.
    A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone. Handbook of applied cryptography. CRC Press, 1997.Google Scholar
  23. 23.
    S.M. Yen, S.J. Kim, S.G. Lim, and S.J. Moon, “RSA speedup with residue number system immune against hardware fault cryptanalysis,” In Information Security and Cryptology — ICISC 2001, LNCS 2288, pp. 397–413, Springer-Verlag, 2002Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Sung-Ming Yen
    • 1
  • SangJae Moon
    • 2
  • JaeCheol Ha
    • 3
  1. 1.Laboratory of Cryptography and Information Security (LCIS) Dept of Computer Science and Information EngineeringNational Central UniversityChung-LiTaiwan R.O.C.
  2. 2.Mobile Network Security Technology Research Center (MSRC)Kyungpook National UniversityTaeguKorea
  3. 3.Dept of Computer and InformationKorea Nazarene UniversityChoong NamKorea

Personalised recommendations