Abstract
We show that timely induction of random failures can potentially be used to mount very cost effective attacks against smartcards deploying cryptographic schemes based on (right-to-left) modular exponentiation. We introduce a model where an external perturbation, or glitch, may cause a single modular multiplication to produce a truly random result. Based on this assumption, we present a probabilistic attack against the implemented cryptosystem. Under reasonable assumptions, we prove that using a single faulty signature the attack recovers a target bit of the secret exponent with an error probability bounded by \(\frac 3 7\). We show the attack is effective even in the presence of message blinding.
Author’s address: Dipartimento di Sistemi e Informatica, Viale Morgagni 65, I–50134 Firenze, Italy. Email: boreale@dsi.unifi.it. Work partially supported by the eu within the fet-gc2 initiative, project sensoria, and by University of Firenze, projects ”ex-60%”.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Anderson, R.J., Bond, M., Clulow, J., Skorobogatov, S.: Cryptographic processors – a survey, Technical Report UCAM-CL-TR-641, University of Cambridge, Computer Laboratory (August 2005)
Anderson, R.J., Kuhn, M.J.: Tamper resistance − a cautionary note. In: The second USENIX Workshop on Electronic Commerce proceedings (November 1996)
Anderson, R.J., Kuhn, M.J.: Low cost attacks on tamper-resistant devices. In: Security protocols 5th International Workshop, Paris (1997)
Aumüller, C., Bier, P., Hofreiter, P., Fischer, W., Seifert, J.-P.: Fault attacks on RSA with CRT: Concrete Results and Practical Countermeasures, Cryptology ePrint Archive: Report 2002/073 (2002)
Bao, F., Deng, R.H., Han, Y., Jeng, A., Nirasimhalu, A.D., Ngair, T.: Breaking Public Key Cryptosystems on Tamper Resistant Devices in the Presence of Transient Faults. In: Christianson, B., Lomas, M. (eds.) Security Protocols 1997. LNCS, vol. 1361. Springer, Heidelberg (1998)
Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The Sorcerer’s Apprentice Guide to Fault Attacks. In: Workshop on Fault Detection and Tolerance in Cryptography, Florence (2004); Also in Cryptology ePrint Archive: Report 2004/100 (2004)
Biehl, I., Meyer, B., Müller, V.: Differential Fault Attacks on Elliptic Curve Cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, p. 131. Springer, Heidelberg (2000)
Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystem. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)
Boneh, D., De Millo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. Journal of Cryptology 14(2) (2001)
Knuth, D.E.: The art of computer programming, Seminumerical algorithms, 3rd edn., vol. 2. Addison Wesley, Reading (1997)
Kocher, P.: Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, p. 388. Springer, Heidelberg (1999)
Quisquater, J.J., Piret, G.: A Differential Fault Attack Technique Against SPN Structures, with Application to the AES and KHAZAD. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003)
Shamir, A.: How to check modular exponentiation. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233. Springer, Heidelberg (1997)
Skorobogatov, S., Aderson, R.: Optical Fault Induction Attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003)
Stinson, D.R.: Cryptography: Theory and Practice, 2nd edn. CRC Press, Boca Raton (2002)
Yen, S.-M., Joye, M.: Checking before output not be enough against fault-based cryptanalysis. IEEE Transactions on Computers 49(9) (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Boreale, M. (2006). Attacking Right-to-Left Modular Exponentiation with Timely Random Faults. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, JP. (eds) Fault Diagnosis and Tolerance in Cryptography. FDTC 2006. Lecture Notes in Computer Science, vol 4236. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11889700_3
Download citation
DOI: https://doi.org/10.1007/11889700_3
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-46250-7
Online ISBN: 978-3-540-46251-4
eBook Packages: Computer ScienceComputer Science (R0)