Attacks on Protocols for Server-Aided RSA Computation

On Crypto '88, Matsumoto, Kato, and Imai presented protocols to speed up secret computations with insecure auxiliary devices. The two most important protocols enable a smart card to compute the secret RSA operation faster with the help of a server that is not necessarily trusted by the card holder. It was stated that if RSA is secure, the protocols could only be broken by exhaustive scarch in certain spacts. Our main attacks show that much smaller search spaces suffice. These attacks are passive and therefore undetectable. It was already known that one of the protocols is vulnerable to active attacks. We show that this holds for the other protocol, too. More importantly, we show that our attack may still work if the smart card checks the correctness of the result; this was previously believed to be can easy measure excluding all active attacks. Finally, we discuss attach on related protocols.

[1]  Jean-Jacques Quisquater,et al.  CORSAIR: A SMART Card for Public Key Cryptosystems , 1990, CRYPTO.

[2]  M. De Soete,et al.  Speeding up smart card RSA computations with insecure coprocessors , 1991 .

[3]  Sung-Ming Yen,et al.  Two Efficient Server-Aided Secret Computation Protocols Based on the Addition Sequence , 1991, ASIACRYPT.

[4]  S. Kawamura,et al.  Factorisation attack on certain server-aided computation protocols for the RSA secret transformation , 1990 .

[5]  Joan Feigenbaum,et al.  Encrypting Problem Instances: Or ..., Can You Take Advantage of Someone Without Having to Trust Him? , 1985, CRYPTO.

[6]  Jean-Jacques Quisquater,et al.  Bournas corsair: a chip card with fast rsa capability , 1991 .

[7]  Martín Abadi,et al.  On Hiding Information from an Oracle , 1987, Proceeding Structure in Complexity Theory.

[8]  Hideki Imai,et al.  Speeding Up Secret Computations with Insecure Auxiliary Devices , 1988, CRYPTO.

[9]  Martín Abadi,et al.  On hiding information from an oracle , 1987, STOC '87.

[10]  Hideki Imai,et al.  Human Identification Through Insecure Channel , 1991, EUROCRYPT.

[11]  Atsushi Shimbo,et al.  Performance Analysis of Server-Aided Secret Computation Protocols for the RSA Cryptosystem , 1990 .

[12]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[13]  Paul Barrett,et al.  The Smart Siskette - A Universal User Token and Personal Crypto-Engine , 1989, CRYPTO.

[14]  J. Quisquater,et al.  Fast decipherment algorithm for RSA public-key cryptosystem , 1982 .

[15]  David Chaum,et al.  Smart Card 2000 , 1991 .