On the Importance of Checking Cryptographic Protocols for Faults
We present a theoretical model for breaking various cryptographic schemes by taking advantage of random hardware faults. We show how to attack certain implementations of RSA and Rabin signatures. We also show how various authentication protocols, such as Fiat-Shamir and Schnorr, can be broken using hardware faults.
KeywordsSmart Card Register Fault Certification Authority Modular Multiplication Chinese Remainder Theorem
- 1.M. Bellare, P. Rogaway, “The exact security of digital signatures-How to sign with RSA and Rabin”, in Proc. Eurocrypt 96, pp. 399–416.Google Scholar
- 2.E. Biham, A. Shamir, “A New Cryptanalytic Attack on DES: Differential Fault Analysis”, Manuscript.Google Scholar
- 3.M. Blum, H. Wasserman, “Program result checking”, proc. FOCS 94, pp. 382–392.Google Scholar
- 4.P. Kocher, “Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems”, Proc. of Cyrpto 96, pp. 104–113.Google Scholar
- 5.U. Feige, A. Fiat, A. Shamir, “Zero knowledge proofs of identity”, Proc. of STOC 87.Google Scholar
- 6.Federal Information Processing Standards, “Security requirements for cryptographic modules”, FIPS publication 140-1, http://www.nist.gov/itl/csl/fips/fip140-1.txt.
- 7.Y. Frankel, P. Gemmell, M. Yung, “Witness based cryptographic program checking and robust function sharing”, proc. STOC 96, pp. 499–508.Google Scholar
- 8.L. Guillou, J. Quisquater, “A practical zero knowledge protocol fitted to security microprocessor minimizing both transmission and memory”, in Proc. Eurocrypt 88, pp. 123–128Google Scholar
- 9.A.K. Lenstra, Memo on RSA signature generation in the presence of faults, manuscript, Sept. 28, 1996. Available from the author.Google Scholar
- 10.M. Rabin, “Digital signatures and public key functions as intractable as factorization”, MIT Laboratory for computer science, Technical report MIT/LCS/TR-212, Jan. 1979.Google Scholar