Abstract
The technique of RSA private computation speedup by using Chinese Remainder Theorem (CRT) is well known and has already been widely employed in almost all RSA implementations. A recent CRT-based factorization attack exploiting hardware fault has received growing attention because of its potential vulnerability on most existing implementations. In this attack any single erroneous computation will make the RSA system be vulnerable to factorizing the public modulus. Recently, two hardware fault immune protocols for CRT speedup on RSA private computation were reported based on the concept of fault infective computation. A special property of these two protocols is that they do not assume the existence of totally fault free and tamper free comparison operation within the machine in order to enhance the reliability. However, it will be shown in this paper that these two protocols are still vulnerable to a potential computational fault attack on an auxiliary process that was not considered in the usual CRT-based factorization attack.
The research of S.M. Yen was supported by University IT Research Center Project. The research of D. Kim was supported by KISA, Korea. S. Moon was supported by University IT Research Center Project.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)
Bao, F., Deng, R.H., Han, Y., Jeng, A., Narasimbalu, A.D., Ngair, T.: Breaking public key cryptosystems on tamper resistant devices in the presence of transient faults. In: Pre-proceedings of the 1997 Security Protocols Workshop, Paris, France (1997)
Joye, M., Quisquater, J.-J., Bao, F., Deng, R.H.: RSA-type signatures in the presence of transient faults. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol. 1355, pp. 155–160. Springer, Heidelberg (1997)
Maher, D.P.: Fault induction attacks, tamper resistance, and hostile reverse engineering in perspective. In: FC 1997. LNCS, vol. 1318, pp. 109–121. Springer, Heidelberg (1997)
Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)
Lenstra, A.K.: Memo on RSA signature generation in the presence of faults (September 1996)
Joye, M., Lenstra, A.K., Quisquater, J.-J.: Chinese remaindering based cryptosystems in the presence of faults. Journal of Cryptology 12(4), 241–245 (1999)
Shamir, A.: How to check modular exponentiation. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 11–15. Springer, Heidelberg (1997)
Shamir, A.: Method and apparatus for protecting public key schemes from timing and fault attacks. United States Patent 5991415 (November 23, 1999)
Yen, S.M., Joye, M.: Checking before output not be enough against fault-based cryptanalysis. IEEE Trans. on Computers 49(9), 967–970 (2000)
Quisquater, J.-J., Couvreur, C.: Fast decipherment algorithm for RSA public-key cryptosystem. Electronics Letters 18(21), 905–907 (1982)
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC Press, Boca Raton (1997)
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystem. Commun. of ACM 21(2), 120–126 (1978)
Yen, S.M., Moon, S.J., Ha, J.C.: Hardware fault attack on RSA with CRT revisited. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 374–388. Springer, Heidelberg (2003)
Aumüller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.-P.: Fault attacks on RSA with CRT: Concrete results and practical countermeasures. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 260–275. Springer, Heidelberg (2003)
Yen, S.M., Kim, S.J., Lim, S.G., Moon, S.J.: RSA speedup with Chinese remainder theorem immune against hardware fault cryptanalysis. IEEE Trans. on Computers – Special issue on CHES 52(4), 461–472 (2003)
Giraud, C.: Fault-resistant RSA implementation. In: Proc. of the 2nd Workshop on Fault Diagnosis and Tolerance in Cryptography–FDTC 2005, September 2 (2005)
Ciet, M., Joye, M.: Practical fault countermeasures for Chinese remaindering based RSA. In: Proc. of the 2nd Workshop on Fault Diagnosis and Tolerance in Cryptography–FDTC 2005, September 2 (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Yen, SM., Kim, D., Moon, S. (2006). Cryptanalysis of Two Protocols for RSA with CRT Based on Fault Infection. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, JP. (eds) Fault Diagnosis and Tolerance in Cryptography. FDTC 2006. Lecture Notes in Computer Science, vol 4236. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11889700_5
Download citation
DOI: https://doi.org/10.1007/11889700_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-46250-7
Online ISBN: 978-3-540-46251-4
eBook Packages: Computer ScienceComputer Science (R0)