Abstract
Cryptosystems are highly sensitive to physical attacks, which lead security developers to design more and more complex countermeasures. Nonetheless, no proof of flaw absence has been given for any implementation of these countermeasures. This paper aims to formally verify an implementation of one published countermeasure against fault injection attacks. More precisely, the formal verification concerns Vigilant’s CRT-RSA countermeasure which is designed to sufficiently protect CRT-RSA implementations against fault attacks. The goal is to formally verify whether any possible fault injection threatening the pseudo-code is detected by the countermeasure according to a predefined attack model.
Similar content being viewed by others
Notes
WHY is a general-purpose verification condition generator, which is used as a back-end by other verification tools and can also be used directly to verify programs. WHY produces verification conditions from annotated programs given as input.
References
Aizatulin, M., Dupressoir, F., Gordon, A.D., Jürjens, J.: Verifying cryptographic code in C: some experience and the Csec challenge. In: Formal Aspects of Security and Trust—8th International Workshop, FAST 2011, Leuven, Belgium, September 12–14, 2011. Revised Selected Papers. Lecture Notes in Computer Science, vol. 7140, pp. 1–20. Springer (2012)
Aumüller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.P.: Fault attacks on RSA with CRT: concrete results and practical countermeasures. In: CHES. Lecture Notes in Computer Science, vol. 2523, pp. 260–275. Springer (2003)
Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer’s apprentice guide to fault attacks. IACR Cryptol. ePrint Arch. 2004, 100 (2004)
Berthomé, P., Heydemann, K., Kauffmann-Tourkestansky, X., Lalande, J.F.: Attack model for verification of interval security properties for smart card C codes. In: Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security, PLAS ’10, pp. 2:1–2:12. ACM, New York (2010). doi:10.1145/1814217.1814219
Berthomé, P., Heydemann, K., Kauffmann- Tourkestansky, X., Lalande, J.F.: Simulating physical attacks in smart card C codes: the jump attack case. In: e-Smart (2011)
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of eliminating errors in cryptographic computations. J. Cryptol. 14(2), 101–119 (2001)
Boscher, A., Naciri, R., Prouff, E.: CRT RSA algorithm protected against fault attacks. In: WISTP. Lecture Notes in Computer Science, vol. 4462, pp. 229–243. Springer, Heraklion (2007)
Butelle, F., Hivert, F., Mayero, M., Toumazet, F.: Formal proof of SCHUR conjugate function. In: AISC/MKM/Calculemus. Lecture Notes in Computer Science, vol. 6167, pp. 158–171. Springer, Berlin (2010)
Chen, H., Dean, D., Wagner, D.: Model checking one million lines of C code. In: NDSS. The Internet Society (2004)
Coron, J.S., Giraud, C., Morin, N., Piret, G., Vigilant, D.: Fault attacks and countermeasures on vigilant’s RSA-CRT algorithm. In: FDTC, pp. 89–96. IEEE Computer Society (2010)
Coron, J.S., Naccache, D., Tibouchi, M.: Fault attacks against emv signatures. In: CT-RSA. Lecture Notes in Computer Science, vol. 5985, pp. 208–220. Springer, San Francisco (2010)
Duprat, S., Gaufillet, P., Lamiel, V.M., Passarello, F.: Formal verification of SAM state machine implementation. In: Embedded Real Time Software and Systems (ERTS’10) (2010)
frama-c. http://frama-c.com/
Giraud, C.: An RSA implementation resistant to fault attacks and to simple power analysis. IEEE Trans. Comput. 55(9), 1116–1120 (2006)
Hoare, C.A.R.: An axiomatic basis for computer programming (reprint). Commun. ACM 26(1), 53–56 (1983)
Jessie. http://krakatoa.lri.fr#jessie
Kupferman, O., Vardi, M.Y.: Model checking of safety properties. Formal Methods Syst. Des. 19(3), 291–314 (2001)
Lenstra, A.: Memo on RSA signature generation in the presence of faults (1996). http://infoscience.epfl.ch/record/164524/files.nscan20.PDF
Meola, M.L., Walker, D.: Faulty logic: reasoning about fault tolerant programs. In: Programming Languages and Systems, 19th European Symposium on Programming, ESOP 2010, Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2010, Paphos, Cyprus, March 20–28, 2010. Lecture Notes in Computer Science, vol. 6012, pp. 468–487. Springer, Berlin (2010)
Rivain, M.: Securing RSA against fault analysis by double addition chain exponentiation. IACR Cryptol. ePrint Arch. 2009, 165 (2009)
Shamir, A.: Improved method and apparatus for protecting public key schemes from timing and fault attacks. Patent number WO9852319 (1998)
Vigilant, D.: RSA with CRT: a new cost-effective solution to Thwart fault attacks. In: CHES. Lecture Notes in Computer Science, vol. 5154, pp. 130–145. Springer, Berlin (2008)
Why. http://why.lri.fr/
Acknowledgments
The authors would like to thank Pascal Paillier for his useful contribution to this work.
Author information
Authors and Affiliations
Corresponding author
Appendices
Appendix A: Vigilant’s CRT-RSA implementation code with fault simulation
Appendix B: Details concerning the success probabilities of fault attacks
Here, we would like to give more details about the computation of the probabilities presented in Sect. 5. Noting \(|x|\) the size of \(x\).
Assume that the attacker modifies value \(A\) (\(A = B \mod C\)) and that C is a uniform, \(t\)-bit integer. We suppose that C is odd (r is odd according to the recommendations in Sect. 5, as well as p and q) and we force \(2^{t-1} < C < 2^t \). Note \(S= \{C : 2^{t-1} < C < 2^t~ and~ C = 1 \mod 2\} \).
We note U as the event that the fault is undetected and F the event of taking an element c in \(S\) s.t. \(c = C\). So, Pr\([U|F]\) is the probability that an event is undetected assuming F. Since the final result will depend only on the initial values which are uniformly distributed (the only exception may be the message \(m\). To avoid this case, we can assume that the message used is the message obtained after a padding, like OAEP. So the resulted \(m\) will also be uniformly distributed), we know that:
and then
Let \(\overline{S}=\{C : 2^{t-1} < C < 2^{t}\; \text{ and}\; C = 0 \mod 2\} \), the
We consider approximately that \(|S| = | \overline{S}|\). Then:
This is the obtained probability for the faults: 22, 28 and 32 with \(t = |p^{\prime }|\), 63, 69 and 73 with \(t = |q^{\prime }|\).
Supposing now, that the attacker modifies a value \(A\) (\(A = B \mod C^2\)). Following the same reasoning, we conclude that :
This is the obtained probability for the faults: 6, 8, 13, 27, 29, 33, 34, 41, 44, 46, 51, 68, 70, 74, 75, 79, 82, 87, 88 and 91 with \(t = |r|\).
Rights and permissions
About this article
Cite this article
Christofi, M., Chetali, B., Goubin, L. et al. Formal verification of a CRT-RSA implementation against fault attacks. J Cryptogr Eng 3, 157–167 (2013). https://doi.org/10.1007/s13389-013-0049-3
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s13389-013-0049-3