Bug Attacks

In this paper we present a new kind of cryptanalytic attack which utilizes bugs in the hardware implementation of computer instructions. The best-known example of such a bug is the Intel division bug, which resulted in slightly inaccurate results for extremely rare inputs. Whereas in most applications such bugs can be viewed as a minor nuisance, we show that in the case of RSA (even when protected by OAEP), Pohlig–Hellman and ElGamal encryption such bugs can be a security disaster: decrypting ciphertexts on any computer which multiplies even one pair of numbers incorrectly can lead to full leakage of the secret key, sometimes with a single well-chosen ciphertext. As shown by recent revelation of top secret NSA documents by Edward Snowden, intentional hardware modifications is a method that was used by the USA to weaken the security of commercial equipment sent to targeted organizations.

[1]  Martin Boesgaard,et al.  Rabbit: A New High-Performance Stream Cipher , 2003, FSE.

[2]  Hugo Krawczyk,et al.  UMAC: Fast and Secure Message Authentication , 1999, CRYPTO.

[3]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[4]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[5]  Shai Halevi,et al.  MARS - a candidate cipher for AES , 1999 .

[6]  Xuejia Lai,et al.  Markov Ciphers and Differential Cryptanalysis , 1991, EUROCRYPT.

[7]  Martin E. Hellman,et al.  An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[8]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[9]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[10]  Jacques Stern,et al.  Decorrelated Fast Cipher: an AES Candidate , 1998 .

[11]  Stephen C. Pohlig,et al.  An Improved Algorithm for Computing Logarithms over GF(p) and Its Cryptographic Significance , 2022, IEEE Trans. Inf. Theory.

[12]  David Chaum,et al.  “ Advances in Cryptology Proceedings of Crypto 82 " , by 4 , 759 , 063 Jul . 19 , 1988 11 Patent Number : ( 45 ) Date of Patent : , 2017 .

[13]  C. Moler,et al.  Advances in Cryptology , 2000, Lecture Notes in Computer Science.

[14]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[15]  Victor Shoup OAEP reconsidered : (Extended abstract) , 2001, CRYPTO 2001.

[16]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[17]  Yuanyuan Zhou,et al.  Designing and Implementing Malicious Hardware , 2008, LEET.

[18]  Scott Mueller Upgrading and Repairing PCs , 1988 .

[19]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[20]  Scott Mueller,et al.  Upgrading and Repairing Personal Computers , 1998 .

[21]  Eli Biham,et al.  Bug Attacks , 2008, CRYPTO.

[22]  Mihir Bellare,et al.  Optimal Asymmetric Encryption-How to Encrypt with RSA , 1995 .