Skip to main content
SpringerLink
Log in

Security analysis of CRT-based cryptosystems

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

A side channel attack (SCA) is a serious attack on the implementation of cryptosystems, which can break the secret key using side channel information such as timing, power consumption, etc. Recently, Boneh et al. showed that SSL is vulnerable to SCA if the attacker gets access to the local network of the server. Therefore, public-key infrastructure eventually becomes a target of SCA. In this paper, we investigate the security of RSA cryptosystem using the Chinese remainder theorem (CRT) in the sense of SCA. Novak first proposed a simple power analysis (SPA) against the CRT part using the difference of message modulo p and modulo q. In this paper, we apply Novak’s attack to the other CRT-based cryptosystems, namely Multi-Prime RSA, Multi-Exponent RSA, Rabin cryptosystem, and HIME(R) cryptosystem. Novak-type attack strictly depends on how to implement the CRT. We examine the operations related to CRT of these cryptosystems, and show that an extended Novak-type attack is effective on them. Moreover, we present a novel attack called zero-multiplication attack. The attacker tries to guess the secret prime by producing ciphertexts that cause a multiplication with zero during the decryption, which is easily detected by power analysis. Our experimental result shows that the timing with the zero multiplication is reduced about 10% from the standard one. Finally, we propose countermeasures against these attacks. The proposed countermeasures are based on the ciphertext blinding, but they require no inversion operation. The overhead of the proposed scheme is only about 1–5% of the whole decryption if the bit length of modulus is 1,024.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Akishita, T., Takagi, T.: Zero-value point attacks on elliptic curve cryptosystem. In: ISC 2003. LNCS, vol. 2851, pp. 218–233 (2003)

  2. Aumüller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.-P.: Fault attacks on RSA with CRT: concrete results and practical countermeasures. In: CHES 2002. LNCS, vol. 2523, pp. 260–275 (2003)

  3. Boneh, D., DeMillo, R., Lipton, R.: On the importance of eliminating errors in cryptographic computations. J. Cryptol. 14(2), 101–119 (2001)

    Article  MathSciNet  Google Scholar 

  4. Boneh, D., Shacham, H.: Fast variants of RSA. CRYPTOBYTES 5(1), 1–9 (2002)

    Google Scholar 

  5. Brumley, D., Boneh, D.: Remote timing attacks are practical. Isn: 12th Usenix Security Symposium, pp. 1–14 (2003)

  6. den Boer, B., Lemke, K., Wicke, G.: A DPA attack against the modular reduction within a CRT implementation of RSA. In: CHES 2002. LNCS, vol. 2523, pp. 228–243 (2003)

  7. Davida, G.: Chosen sIGNATURE cRYPTANALYSIS OF the RSA (MIT) public key cryptosystem. TR-CS-82-2, University of Wisconsin (1982)

  8. Fouque, P.-A., Martinet, G., Poupard, G.: Attacking unbalanced RSA-CRT using SPA. In: CHES 2003. LNCS, vol. 2779, pp. 254–268 (2003)

  9. Goubin, L.: A refined power-analysis attack on elliptic curve cryptosystems. In: PKC 2003. LNCS, vol. 2567, pp. 199–211 (2003)

  10. Java Cryptography Architecture, http://java.sun.com/products/jdk/1.2/docs/guide/security/CryptoSpec.html

  11. Joye, M., Lenstra, A.K., Quisquater, J.-J.: Chinese remaindering based cryptosystems in the presence of faults. J. Cryptol. 12(4), 241–245 (1999)

    Article  Google Scholar 

  12. Kaliski, B.: Timing attacks on cryptosystems. RSA Laboratories Bulletin, No. 2 (1996)

  13. Kocher, C.: Timing attacks on Implementations of Diffie-Hellman, RSA, DSS, and other systems. In: CRYPTO’96. LNCS, vol. 1109, pp. 104–113 (1996)

  14. Kocher, C., Jaffe, J., Jun, B.: Differential power analysis. In: CRYPTO’99. LNCS, vol. 1666, pp. 388–397 (1999)

  15. Messerges, T., Dabbish, E., Sloan, R.: Power analysis attacks of modular exponentiation in smartcards. In: CHES’99. LNCS, vol. 1717, pp. 144–157 (1999)

  16. MultiPrime™, Compaq AXL300 Accelerator. http://www.compaq.com/products/servers/security/axl300/

  17. Nishioka, M., Satoh, H., Sakurai, K.: Design and analysis of fast provably secure public-key cryptosystems based on a modular squaring. ICISC 2001, LNCS, vol. 2288, pp. 81–102 (2001)

  18. Novak, R.: SPA-based adaptive chosen-ciphertext attack on RSA implementation. In: PKC 2002. LNCS, vol. 2274, pp. 252–262 (2002)

  19. Public-Key Cryptography Standards, PKCS #1. Amendment 1: Multi-Prime RSA, RSA Laboratories.

  20. Schindler, W.: A timing attack against RSA with the Chinese remainder theorem. In: CHES 2000. LNCS, vol. 1965, pp. 109–124 (2000)

  21. Takagi, T.: Fast RSA-type cryptosystem modulo pk q. In: CRYPTO’98. LNCS, vol. 1462, pp. 318–326 (1998)

  22. Walter, C.: MIST: an efficient, randomized exponentiation algorithm for resisting power analysis. In: CT-RSA 2002. LNCS, vol. 2271, pp. 53–66 (2002)

Download references

Author information

Authors and Affiliations

  1. Systems Development Laboratory, Hitachi Ltd., 1099 Ohzenji, Asao-ku, Kawasaki, 215-0013, Japan

    Katsuyuki Okeya

  2. Future University-Hakodate, Japan, 116-2 Kamedanakano-cho, Hakodate, Hokkaido, 041-8655, Japan

    Tsuyoshi Takagi

Authors
  1. Katsuyuki Okeya
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Tsuyoshi Takagi
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Katsuyuki Okeya.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Okeya, K., Takagi, T. Security analysis of CRT-based cryptosystems. Int. J. Inf. Secur. 5, 177–185 (2006). https://doi.org/10.1007/s10207-005-0080-1

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-005-0080-1

Keywords

Search

Navigation