论文信息 - Fault Analysis Attacks on Control Statement of RSA Exponentiation Algorithm

Fault Analysis Attacks on Control Statement of RSA Exponentiation Algorithm

Many research results show that RSA system mounted using conventional binary exponentiation algorithm is vulnerable to some physical attacks. Recently, Schmidt and Hurbst demonstrated experimentally that an attacker can exploit secret key using faulty signatures which are obtained by skipping the squaring operations. Based on similar assumption of Schmidt and Hurbst's fault attack, we proposed new fault analysis attacks which can be made by skipping the multiplication operations or computations in looping control statement. Furthermore, we applied our attack to Montgomery ladder exponentiation algorithm which was proposed to defeat simple power attack. As a result, our fault attack can extract secret key used in Montgomery ladder exponentiation.

Yi-Roo Baek | Kwang-Eun Gil | Jae-Cheol Ha | Hwankoo Kim

[1] Jörn-Marc Schmidt,et al. A Practical Fault Attack on Square and Multiply , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[2] Richard J. Lipton,et al. On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.

[3] Marc Joye,et al. Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[4] Adi Shamir,et al. A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[5] Seungjoo Kim,et al. A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack , 2001, ICISC.

[6] Nadia El Mrabet. What about Vulnerability to a Fault Attack of the Miller's Algorithm During an Identity Based Protocol? , 2009, ISA.

[7] Marc Joye,et al. Chinese Remaindering Based Cryptosystems in the Presence of Faults , 1999, Journal of Cryptology.

[8] Jean-Jacques Quisquater,et al. Fault Attacks for CRT Based RSA: New Attacks, New Results, and New Countermeasures , 2007, WISTP.

[9] Marc Joye,et al. The Montgomery Powering Ladder , 2002, CHES.

[10] Christophe Giraud,et al. On Second-Order Fault Analysis Resistance for CRT-RSA Implementations , 2009, WISTP.

[11] Eli Biham,et al. Differential Fault Analysis of Secret Key Cryptosystems , 1997, CRYPTO.