Wagner’s Attack on a Secure CRT-RSA Algorithm Reconsidered

Blömer, Johannes; Otto, Martin

doi:10.1007/11889700_2

Wagner’s Attack on a Secure CRT-RSA Algorithm Reconsidered

Johannes Blömer²⁰ &
Martin Otto²¹

Conference paper

772 Accesses
16 Citations

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4236))

Abstract

At CCS 2003, a new CRT-RSA algorithm was presented in [BOS03], which was claimed to be secure against fault attacks for various fault models. At CCS 2004, David Wagner presented an attack on the proposed scheme, claiming that the so-called BOS scheme was insecure for all presented fault models [Wag04]. However, the attack itself contains a flaw which shows that although the BOS scheme is broken in some fault models, it is not broken in the most realistic ”random fault model”. This paper points out the flaw in the attack on the BOS scheme, aiming to clarify this issue.

This is a preview of subscription content, log in via an institution.

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Aumüller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.-P.: Fault attacks on RSA with CRT: Concrete results and practical countermeasures. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 260–275. Springer, Heidelberg (2003)
Chapter Google Scholar
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of eliminating errors in cryptographic computations. J. Cryptology 14(2), 101–119 (2001)
Article MATH MathSciNet Google Scholar
Blömer, J., Otto, M., Seifert, J.-P.: A new CRT-RSA algorithm secure against Bellcore attacks. In: Atluri, V., Liu, P. (eds.) Conference on Computer and Communications Security — CCS. ACM SIGSAC, pp. 311–320. ACM Press, New York (2003)
Google Scholar
Clavier, C., Coron, J.-S., Dabbous, N.: Differential power analysis in the presence of hardware countermeasures. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 252–263. Springer, Heidelberg (2000)
Chapter Google Scholar
Ciet, M., Joye, M.: Practical fault countermeasures for chinese remaindering based RSA. In: 2nd Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2005), Edinburgh, Scotland, September 2 (2005)
Google Scholar
Giraud, C.: Fault resistant RSA implementation. In: Breveglieri, L., Koren, I. (eds.) Fault Diagnosis and Tolerance in Cryptography — FDTC 2005, September 2 (2005)
Google Scholar
Otto, M.: Fault attacks and countermeasures, Ph.D. thesis, University of Paderborn (2005), http://wwwcs.uni-paderborn.de/cs/ag-bloemer/forschung/publikationen/DissertationMartinOtto.pdf
Quisquater, J.-J., Samyde, D.: Eddy current for magnetic analysis with active sensor. In: Proceedings of Esmart 2002 (2002)
Google Scholar
Rankl, W., Effing, W.: Smart card handbook, 2nd edn. John Wiley & Sons, Chichester (2000)
Google Scholar
Skorobogatov, S., Anderson, R.: Optical fault induction attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523. Springer, Heidelberg (2003)
Chapter Google Scholar
Shamir, A.: Method and apparatus for protecting public key schemes from timing and fault attacks. US Patent No. 5, 991, 415 (November 23, 1999)
Google Scholar
Wagner, D.: Cryptanalysis of a provably secure CRT-RSA algorithm. In: Atluri, V., Pfitzmann, B., McDaniel, P.D. (eds.) Conference on Computer and Communications Security — CCS 2004. ACM SIGSAC, pp. 92–97. ACM Press, New York (2004)
Chapter Google Scholar
Yen, S.-M., Kim, S., Lim, S., Moon, S.: RSA speedup with residue number system immune against hardware fault cryptanalysis. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, p. 397. Springer, Heidelberg (2002)
Chapter Google Scholar
Yen, S.-M., Kim, S., Lim, S., Moon, S.-J.: RSA Speedup with Chinese Remainder Theorem Immune against Hardware Fault Cryptanalysis. IEEE Transactions on Computers 52(4), 461–472 (2003)
Article Google Scholar

Download references

Author information

Authors and Affiliations

Institute for Computer Science, Paderborn University, 33095, Paderborn, Germany
Johannes Blömer
Corporate Technology CT IC3, Siemens AG, Otto-Hahn-Ring 6, 81730, Munich, Germany
Martin Otto

Authors

Johannes Blömer
View author publications
You can also search for this author in PubMed Google Scholar
Martin Otto
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Department of Electronics and Information Technology, Politecnico di Milano, Milano, Italy
Luca Breveglieri
Department of Electrical and Computer Engineering,, University of Massachusetts, Amherst, MA, USA
Israel Koren
École normale supérieure, Équipe de cryptographie, 45 rue d’Ulm, F-75230, Paris cedex 05, France
David Naccache
Institute for Computer Science, University of Innsbruck, 6020, Innsbruck, Austria
Jean-Pierre Seifert

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Blömer, J., Otto, M. (2006). Wagner’s Attack on a Secure CRT-RSA Algorithm Reconsidered. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, JP. (eds) Fault Diagnosis and Tolerance in Cryptography. FDTC 2006. Lecture Notes in Computer Science, vol 4236. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11889700_2

Download citation

DOI: https://doi.org/10.1007/11889700_2
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-46250-7
Online ISBN: 978-3-540-46251-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics