Fault Attacks Against RSA-CRT Implementation

  • Chong Hee Kim
  • Jean-Jacques Quisquater
Part of the Information Security and Cryptography book series (ISC)


RSA-CRT uses the Chinese Remainder Theorem to speed up the computation of an RSA decryption or a signature and reduces the size of the data stored in memory. This implementation is four times faster than the RSA standard implementation. This is why the CRT implementation of RSA is widely deployed in embedded systems. However, Boneh et al. showed that an error that occurred during the exponentiation could allow one break the implementation of RSA-CRT in 1997. This is a very powerful attack as one can easily find the key of RSA with only one faulty signature. Many countermeasures have been proposed to prevent this attack, but most of them have failed. In this chapter, we introduce a survey of the attacks and countermeasures against RSA-CRT implementations.


Encryption Scheme Chinese Remainder Theorem Modular Exponentiation Fault Attack Exponentiation Algorithm 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Chong Hee Kim
    • 1
  • Jean-Jacques Quisquater
    • 1
  1. 1.Université Catholique de LouvainLouvain-la-NeuveBelgium

Personalised recommendations