Fault Attacks Against RSA-CRT Implementation

Hee Kim, Chong; Quisquater, Jean-Jacques

doi:10.1007/978-3-642-29656-7_8

Chong Hee Kim³ &
Jean-Jacques Quisquater³

Part of the book series: Information Security and Cryptography ((ISC))

2929 Accesses

Abstract

RSA-CRT uses the Chinese Remainder Theorem to speed up the computation of an RSA decryption or a signature and reduces the size of the data stored in memory. This implementation is four times faster than the RSA standard implementation. This is why the CRT implementation of RSA is widely deployed in embedded systems. However, Boneh et al. showed that an error that occurred during the exponentiation could allow one break the implementation of RSA-CRT in 1997. This is a very powerful attack as one can easily find the key of RSA with only one faulty signature. Many countermeasures have been proposed to prevent this attack, but most of them have failed. In this chapter, we introduce a survey of the attacks and countermeasures against RSA-CRT implementations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Subscribe and save

Springer+ Basic

$34.99 /Month

Get 10 units per month
Download Article/Chapter or eBook
1 Unit = 1 Article or 1 Chapter
Cancel anytime

Buy Now

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 84.99; Price excludes VAT (USA)

Softcover Book: USD 109.99; Price excludes VAT (USA)

Hardcover Book: USD 109.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Algorithmic Countermeasures Against Fault Attacks and Power Analysis for RSA-CRT

ROCKY: Rotation Countermeasure for the Protection of Keys and Other Sensitive Data

Statistical Fault Analysis of TinyJambu

Article Open access 06 February 2024

Notes

1.
The original version of [161] does not have a blinded modulus. That is, every modular computation is done with modulus $N$ instead of $k \cdot N$. Therefore the original version is vulnerable to a relative doubling attack [431]. The CRT recombination with blinded moduli is also used in the modified version to counter other specific SPA attacks (cf. [311]).

Author information

Authors and Affiliations

Université Catholique de Louvain, Louvain-la-Neuve, Belgium
Chong Hee Kim & Jean-Jacques Quisquater

Authors

Chong Hee Kim
View author publications
You can also search for this author in PubMed Google Scholar
Jean-Jacques Quisquater
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

, Security & Content Protection Labs, Technicolor, avenue de Belle Fontaine 1, Cesson-Sévigné Cedex, 35576, France
Marc Joye
Dept. Computer Science, University of Bristol, Woodland Road, Bristol, BS8 1UB, United Kingdom
Michael Tunstall

Rights and permissions

Reprints and permissions

Copyright information

About this chapter

Cite this chapter

Hee Kim, C., Quisquater, JJ. (2012). Fault Attacks Against RSA-CRT Implementation. In: Joye, M., Tunstall, M. (eds) Fault Analysis in Cryptography. Information Security and Cryptography. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29656-7_8

Download citation

DOI: https://doi.org/10.1007/978-3-642-29656-7_8
Published: 21 June 2012
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29655-0
Online ISBN: 978-3-642-29656-7
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics