Incorporating Error Detection in an RSA Architecture

  • L. Breveglieri
  • I. Koren
  • P. Maistri
  • M. Ravasio
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4236)


Most successful attacks against hardware implementations of cryptographic systems make use of side-channel information leakage. Recently, some attacks have been proposed against various cryptosystems, which exploit deliberate error injection during the computation process. Several error detection schemes have been proposed in order to counteract these attacks. In this paper, we add a residue-based error detection scheme to an RSA architecture and evaluate the area and latency overheads with respect to the basic architecture.


Processing Element Clock Cycle Side Channel Attack Fault Attack Cryptographic Hardware 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Anderson, R., Kuhn, M.: Low Cost Attacks on Tamper Resistant Devices. In: Lomas, M. (ed.) Security Protocols 1996. LNCS, vol. 1189. Springer, Heidelberg (1997)Google Scholar
  2. 2.
    Aumüller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.-P.: Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 260–275. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Biham, E., Shamir, A.: Differential Fault Analysis of Secret Key Cryptosystems. Technical Report, Technion - Computer Science Department (1997)Google Scholar
  4. 4.
    Boneh, D., DeMillo, R., Lipton, R.: On the Importance of Eliminating Errors in Cryptographic Computations. Journal of Cryptology 14, 101–119 (2001)MATHCrossRefMathSciNetGoogle Scholar
  5. 5.
    Gueron, S.: Fault Detection Mechanism for Smartcards Performing Modular Exponentiation. In: Workshop on Fault Diagnosis and Tolerance in Cryptography 2004. Supplemental Volume of the 2004 Intern. Conf. on Dependable Systems and Networks, pp. 368–372 (2004)Google Scholar
  6. 6.
    Mazzeo, A., Romano, L., Saggese, G.P., Mazzocca, N.: FPGA-based implementation of a serial RSA processor. In: Design, Automation and Test in Europe Conference and Exhibition 2003, pp. 582–587 (2003)Google Scholar
  7. 7.
    Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)CrossRefGoogle Scholar
  8. 8.
    Parhami, B., Avizienis, A.: Design of Fault-Tolerant Associative Processors. In: ISCA, pp. 141–145 (1973)Google Scholar
  9. 9.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)MATHCrossRefMathSciNetGoogle Scholar
  10. 10.
    Shamir, A.: Method and Apparatus for Protecting Public Key Schemes from Timing and Fault Attacks. US Patent 5991415 (1999)Google Scholar
  11. 11.
    Walter, C.: Montgomery’s Multiplication Technique: How to Make It Smaller and Faster. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 80–93. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  12. 12.
    Walter, C.: Data Integrity in Hardware for Modular Arithmetic. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 204–215. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. 13.
    Yen, S.-M., Moon, S., Ha, J.-C.: Hardware Fault Attack on RSA with CRT Revisited. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 374–388. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  14. 14.
    Yen, S.-M., Moon, S., Ha, J.-C.: Permanent Fault Attack on the Parameters of RSA with CRT. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 285–296. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • L. Breveglieri
    • 1
  • I. Koren
    • 2
  • P. Maistri
    • 1
  • M. Ravasio
    • 3
  1. 1.Department of Electronics and Information TechnologyPolitecnico di MilanoMilanoItaly
  2. 2.Department of Electrical and Computer EngineeringUniversity of MassachusettsAmherstUSA
  3. 3.STMicroelectronicsAgrate Brianza, MilanoItaly

Personalised recommendations