Modulus Fault Attacks against RSA-CRT Signatures

12 years 4 months ago

Download eprint.iacr.org

RSA-CRT fault attacks have been an active research area since their discovery by Boneh, DeMillo and Lipton in 1997. We present alternative key-recovery attacks on RSA-CRT signatures: instead of targeting one of the sub-exponentiations in RSA-CRT, we inject faults into the public modulus before CRT interpolation, which makes a number of countermeasures against Boneh et al.’s attack ineﬀective. Our attacks are based on orthogonal lattice techniques and are very eﬃcient in practice: depending on the fault model, between 5 to 45 faults suﬃce to recover the RSA factorization within a few seconds. Our simplest attack requires that the adversary knows the faulty moduli, but more sophisticated variants work even if the moduli are unknown, under reasonable fault models. All our attacks have been fully validated experimentally with fault-injection laser techniques.

Eric Brier, David Naccache, Phong Q. Nguyen, Mehdi

Real-time Traffic

CHES 2011 | Cryptology | Fault Injection | Fault Model | Fault Models |

claim paper

Related Content

» Fault Attacks Against emv Signatures

» Why One Should Also Secure RSA Public Key Elements

» Fault Attacks on RSA Signatures with Partially Unknown Messages

» PSS Is Secure against Random Fault Attacks

» Secret Key Leakage from Public Key Perturbation of DLPBased Cryptosystems

» The Insecurity of Esign in Practical Implementations

» Faultbased attack of RSA authentication

Post Info
More Details (n/a)

Added	13 Dec 2011
Updated	13 Dec 2011
Type	Journal
Year	2011
Where	CHES
Authors	Eric Brier, David Naccache, Phong Q. Nguyen, Mehdi Tibouchi

Comments (0)

Sciweavers

Modulus Fault Attacks against RSA-CRT Signatures

CHES 2011 | Cryptology | Fault Injection | Fault Model | Fault Models |

Explore & Download

Productivity Tools

Document Tools

Image Tools

Sciweavers