Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CHES
2006
Springer
2006
Springer
Why One Should Also Secure RSA Public Key Elements
It is well known that a malicious adversary can try to retrieve secret information by inducing a fault during cryptographic operations. Following the work of Seifert on fault inductions during RSA signature verification, we consider in this paper the signature counterpart. Our article introduces the first fault attack applied on RSA in standard mode. By only corrupting one public key element, one can recover the private exponent. Indeed, similarly to Seifert's attack, our attack is done by modifying the modulus. One of the strong points of our attack is that the assumptions on the induced faults' effects are relaxed. In one mode, absolutely no knowledge of the fault's behavior is needed to achieve the full recovery of the private exponent. In another mode, based on a fault model defining what is called dictionary, the attack's efficiency is improved and the number of faults is dramatically reduced. All our attacks are very practical. Note that those attacks do work ...
Real-time TrafficRelated Content
| Added | 20 Aug 2010 |
| Updated | 20 Aug 2010 |
| Type | Conference |
| Year | 2006 |
| Where | CHES |
| Authors | Eric Brier, Benoît Chevallier-Mames, Mathieu Ciet, Christophe Clavier |
Comments (0)
Researcher Info
|
