Fault Attacks Against RSA-CRT Implementation
RSA-CRT uses the Chinese Remainder Theorem to speed up the computation of an RSA decryption or a signature and reduces the size of the data stored in memory. This implementation is four times faster than the RSA standard implementation. This is why the CRT implementation of RSA is widely deployed in embedded systems. However, Boneh et al. showed that an error that occurred during the exponentiation could allow one break the implementation of RSA-CRT in 1997. This is a very powerful attack as one can easily find the key of RSA with only one faulty signature. Many countermeasures have been proposed to prevent this attack, but most of them have failed. In this chapter, we introduce a survey of the attacks and countermeasures against RSA-CRT implementations.