Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security and Cryptology

ICISC 2002: Information Security and Cryptology — ICISC 2002 pp 374–388Cite as

Hardware Fault Attack on RSA with CRT Revisited

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2587))

Abstract

In this paper, some powerful fault attacks will be pointed out which can be used to factorize the RSA modulus if CRT is employed to speedup the RSA computation. These attacks are generic and can be applicable to Shamir’s countermeasure and also applicable to a recently published enhanced countermeasure (trying to improve Shamir’s method) for RSA with CRT. These two countermeasures share some similar structure in their designs and both suffer from some of the proposed attacks. The first kind of attack proposed in this paper is to induce a fault (which can be either a computational fault or any fault when data being accessed) into an important modulo reduction operation of the above two countermeasures. Note that this hardware fault attack can neither be detected by Shamir’s countermeasure nor by the recently announced enhancement. The second kind of attack proposed in this paper considers permanent fault on some stored parameters in the above two countermeasures. The result shows that some permanent faults cannot be detected. Hence, the CRT-based factorization attack still works. The proposed CRT-based fault attacks once again reveals the importance of developing a sound countermeasure against RSA with CRT.

This work was supported by the Mobile Network Security Research Center, School of Electronic and Electrical Engineering, Kyungpook National University, Korea.

The first author was also supported in part by the Computer & Communication Research Laboratories (CCL), Industrial Technology Research Institute (ITRI), Republic of China.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. R.L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystem,” Commun. of ACM, vol. 21, no. 2, pp. 120–126, 1978. 375

    Article  MATH  MathSciNet  Google Scholar 

  2. T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete logarithms,” IEEE Trans. Inf. Theory, vol. 31, no. 4, pp. 469–472, 1985. 375

    Article  MATH  MathSciNet  Google Scholar 

  3. R. Anderson and M. Kuhn, “Tamper resistance-a cautionary note,” In Proceedings of the 2nd USENIX Workshop on Electronic Commerce, pp. 1–11, 1996. 375

    Google Scholar 

  4. R. Anderson and M. Kuhn, “Low cost attacks on tamper resistant devices,” In Pre-proceedings of the 1997 Security Protocols Workshop, Paris, France, 7–9th April 1997. 375

    Google Scholar 

  5. Bellcore Press Release, “New threat model breaks crypto codes,” Sept. 1996, available at URL http://www.bellcore.com/PRESS/ADVSRY96/facts.html. 375

  6. D. Boneh, R.A. DeMillo, and R. J. Lipton, “On the importance of checking cryptographic protocols for faults,” In Advances in Cryptology-EUROCRYPT’97, LNCS 1233, pp. 37–51, Springer-Verlag, 1997. 375, 377

    Google Scholar 

  7. F. Bao, R.H. Deng, Y. Han, A. Jeng, A.D. Narasimbalu, and T. Ngair, “Breaking public key cryptosystems on tamper resistant devices in the presence of transient faults,” In Pre-proceedings of the 1997 Security Protocols Workshop, Paris, France, 1997. 375

    Google Scholar 

  8. Y. Zheng and T. Matsumoto, “Breaking real-world implementations of cryptosystems by manipulating their random number generation,” In Pre-proceedings of the 1997 Symposium on Cryptography and Information Security, Fukuoka, Japan, 29th January–1st February 1997. An earlier version was presented at the rump session of ASIACRYPT’96. 375

    Google Scholar 

  9. I. Peterson, “Chinks in digital armor-Exploiting faults to break smart-card cryptosystems,” Science News, vol. 151, no. 5, pp. 78–79, 1997. 375

    Article  Google Scholar 

  10. M. Joye, J.-J. Quisquater, F. Bao, and R.H. Deng, “RSA-type signatures in the presence of transient faults,” In Cryptography and Coding, LNCS 1355, pp. 155–160, Springer-Verlag, 1997. 375

    Chapter  Google Scholar 

  11. D.P. Maher, “Fault induction attacks, tamper resistance, and hostile reverse engineering in perspective,” In Financial Cryptography, LNCS 1318, pp. 109–121, Springer-Verlag, Berlin, 1997. 375

    Google Scholar 

  12. E. Biham and A. Shamir, “Differential fault analysis of secret key cryptosystems,” In Advances in Cryptology-CRYPTO’97, LNCS 1294, pp. 513–525, Springer-Verlag, Berlin, 1997. 375

    Chapter  Google Scholar 

  13. A.K. Lenstra, “Memo on RSA signature generation in the presence of faults,” September 1996. 375, 377

    Google Scholar 

  14. M. Joye, A.K. Lenstra, and J.-J. Quisquater, “Chinese remaindering based cryptosystems in the presence of faults,” Journal of Cryptology, vol. 12, no. 4, pp. 241–245, 1999. 375, 377

    Article  MATH  Google Scholar 

  15. M. Joye, F. Koeune, and J.-J. Quisquater, “Further results on Chinese remaindering,” Tech. Report CG-1997/1, UCL Crypto Group, Louvain-la-Neuve, March 1997. 375

    Google Scholar 

  16. A. Shamir, “How to check modular exponentiation,” presented at the rump session of EUROCRYPT’97, Konstanz, Germany, 11–15th May 1997. 375, 377, 381

    Google Scholar 

  17. A. Shamir, “Method and apparatus for protecting public key schemes from timing and fault attacks,” United States Patent 5991415, November 23, 1999. 375, 377, 381

    Google Scholar 

  18. S. M. Yen and M. Joye, “Checking before output may not be enough against fault-based cryptanalysis,” IEEE Trans. on Computers, vol. 49, no. 9, pp. 967–970, Sept. 2000. 375

    Article  Google Scholar 

  19. P. J. Smith and M. J. J. Lennon, “LUC: A new public key system,” In Ninth IFIP Symposium on Computer Security, Elsevier Science Publishers, pp. 103–117, 1993. 375

    Google Scholar 

  20. J.-J. Quisquater and C. Couvreur, “Fast decipherment algorithm for RSA publickey cryptosystem,” Electronics Letters, vol. 18, no. 21, pp. 905–907, 1982. 375, 377

    Article  Google Scholar 

  21. A. J. Menezes, P. C. van Oorschot, and S.A. Vanstone. Handbook of applied cryptography. CRC Press, 1997. 375, 376

    Google Scholar 

  22. C. Aumüller, P. Bier, W. Fischer, P. Hofreiter, and J.-P. Seifert, “Fault attacks on RSA with CRT: Concrete results and practical countermeasures,” Posted at the ePrint Archive of IACR web page with paper number 073. 375, 376, 379, 380, 381, 382, 385, 386

    Google Scholar 

  23. C. Aumüller, P. Bier, W. Fischer, P. Hofreiter, and J.-P. Seifert, “Fault attacks on RSA with CRT: Concrete results and practical countermeasures,” In Pre-proceedings of Cryptographic Hardware and Embedded Systems-CHES 2002, pp. 261–276, August 13–15, 2002, California, USA. 375, 376, 382, 385, 386

    Google Scholar 

  24. M. Joye, P. Pailler, and S.M. Yen, “Secure evaluation of modular functions,” In Proc. of 2001 International Workshop on Cryptology and Network Security-CNS 2001, pp. 227–229, September 26–28, 2001. 379, 381

    Google Scholar 

  25. S.M. Yen, S. J. Kim, S.G. Lim, and S. J. Moon, “RSA speedup with residue number system immune against hardware fault cryptanalysis,” In Information Security and Cryptology-ICISC 2001, LNCS 2288, pp. 397–413, Springer-Verlag, 2002. 382

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Laboratory of Cryptography and Information Security (LCIS) Dept of Computer Science and Information Engineering, National Central University, Chung-Li, 320, Taiwan ROC

    Sung-Ming Yen

  2. School of Electronic and Electrical Engineering, Kyungpook National University, 702-701, Taegu, Korea

    Sangjae Moon

  3. Dept of Computer and Information, Korea Nazarene University, 330-718, Choong Nam, Korea

    Jae-Cheol Ha

Authors
  1. Sung-Ming Yen
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sangjae Moon
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jae-Cheol Ha
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Pohnag University of Science and Technology, San 31, Hyoja-dong, Nam-gu, Pohang, 790-784, Kyungbuk, Korea

    Pil Joong Lee

  2. Sejong University, 98, Gunja-dong, Gwangjin-gu, 143-747, Seoul, Korea

    Chae Hoon Lim

Rights and permissions

Reprints and permissions

Copyright information

© 2003 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yen, SM., Moon, S., Ha, JC. (2003). Hardware Fault Attack on RSA with CRT Revisited. In: Lee, P.J., Lim, C.H. (eds) Information Security and Cryptology — ICISC 2002. ICISC 2002. Lecture Notes in Computer Science, vol 2587. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36552-4_26

Download citation

  • DOI: https://doi.org/10.1007/3-540-36552-4_26

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-00716-6

  • Online ISBN: 978-3-540-36552-5

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation