Cryptanalysis of Two Protocols for RSA with CRT Based on Fault Infection
- 631 Downloads
The technique of RSA private computation speedup by using Chinese Remainder Theorem (CRT) is well known and has already been widely employed in almost all RSA implementations. A recent CRT-based factorization attack exploiting hardware fault has received growing attention because of its potential vulnerability on most existing implementations. In this attack any single erroneous computation will make the RSA system be vulnerable to factorizing the public modulus. Recently, two hardware fault immune protocols for CRT speedup on RSA private computation were reported based on the concept of fault infective computation. A special property of these two protocols is that they do not assume the existence of totally fault free and tamper free comparison operation within the machine in order to enhance the reliability. However, it will be shown in this paper that these two protocols are still vulnerable to a potential computational fault attack on an auxiliary process that was not considered in the usual CRT-based factorization attack.
KeywordsChinese remainder theorem (CRT) Cryptography Factorization attack Fault infective CRT Hardware fault cryptanalysis Residue number system
Unable to display preview. Download preview PDF.
- 2.Bao, F., Deng, R.H., Han, Y., Jeng, A., Narasimbalu, A.D., Ngair, T.: Breaking public key cryptosystems on tamper resistant devices in the presence of transient faults. In: Pre-proceedings of the 1997 Security Protocols Workshop, Paris, France (1997)Google Scholar
- 3.Joye, M., Quisquater, J.-J., Bao, F., Deng, R.H.: RSA-type signatures in the presence of transient faults. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 155–160. Springer, Heidelberg (1997)Google Scholar
- 5.Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)Google Scholar
- 6.Lenstra, A.K.: Memo on RSA signature generation in the presence of faults (September 1996)Google Scholar
- 8.Shamir, A.: How to check modular exponentiation. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 11–15. Springer, Heidelberg (1997)Google Scholar
- 9.Shamir, A.: Method and apparatus for protecting public key schemes from timing and fault attacks. United States Patent 5991415 (November 23, 1999)Google Scholar
- 16.Yen, S.M., Kim, S.J., Lim, S.G., Moon, S.J.: RSA speedup with Chinese remainder theorem immune against hardware fault cryptanalysis. IEEE Trans. on Computers – Special issue on CHES 52(4), 461–472 (2003)Google Scholar
- 17.Giraud, C.: Fault-resistant RSA implementation. In: Proc. of the 2nd Workshop on Fault Diagnosis and Tolerance in Cryptography–FDTC 2005, September 2 (2005)Google Scholar
- 18.Ciet, M., Joye, M.: Practical fault countermeasures for Chinese remaindering based RSA. In: Proc. of the 2nd Workshop on Fault Diagnosis and Tolerance in Cryptography–FDTC 2005, September 2 (2005)Google Scholar