Journal of the Korea Institute of Information Security & Cryptology (정보보호학회논문지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지
DOI QR코드

DOI QR Code

A Countermeasure Resistant to Fault Attacks on CRT-RSA using Fault Infective Method

오류 확산 기법을 이용한 CRT-RSA 오류 주입 공격 대응 방안

  • 하재철 (호서대학교 정보보호학과) ;
  • 박제훈 (경북대학교 전자공학과) ;
  • 문상재 (경북대학교 이동네트워크 정보보호기술 연구센터)
  • Published : 2008.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

Recently, the straightforward CRT-RSA was shown to be broken by fault attacks through many experimental results. In this paper, we analyze the fault attacks against CRT-RSA and their countermeasures, and then propose a new fault infective method resistant to the various fault attacks on CRT-RSA. In our CRT-RSA algorithm, if an error is injected in exponentiation with modulo p or q, then the error is spreaded by fault infective computation in CRT recombination operation. Our countermeasure doesn't have extra error detection procedure based on decision tests and doesn't use public parameter such as e. Also, the computational cost is effective compared to the previous secure countermeasures.

최근 일반 CRT-RSA 알고리듬은 오류 주입 공격에 취약하다는 점이 실험적 결과에 의해 밝혀졌다. 본 논문에서는 CRT-RSA에 대한 오류 주입 공격 및 방어 대책을 분석하고 다양한 형태의 오류 주입 공격을 방어할 수 있는 새로운 알고리듬을 제안하고자 한다. 제안하는 알고리듬은 CRT-RSA에서 두 소수에 대한 멱승연산 시 오류가 발생하면 그 오류를 재결합 과정에서 확산되도록 설계하였다. 이 알고리듬은 판정 기법에 기반한 오류를 검사하는 과정이 없으며 공개 파라미터 e를 사용하지 않는다. 또한 계산량 측면에서도 안전성을 갖춘 타 방식에 비해 효율적이다.

Keywords

References

  1. R. Rivest, A. Shamir, L. Adleman, "A method for obtaining digital signatures and public-key cryptosystems," Comm. of the ACM 21, pp. 120 - 126, 1978 https://doi.org/10.1145/359340.359342
  2. C. Couvreur, J. J. Quisquater, "Fast decipherment algorithm for RSA public-key cryptosystern," Electronics Letters Vol. 18 pp. 905-907, 1982
  3. J. S. Coron, "Resistance Against Differential Power Analysis for Elliptic Curve Cryptosystems" Cryptographic Hardware and Embedded Systems -CHES"99. LNCS Vol. 1717, pp. 292 - 302, 1999
  4. C. Aumuller, P. Bier, W. Fischer, P. Hofreiter, and J. P. Seifert, "Fault attacks on RSA with CRT: Concrete results and practical countermeasures," Cryptographic Hardware and Embedded Systems -CHES '02, LNCS Vol. 2523, pp. 260-275, 2002
  5. C. H. Kim and J. J. Quisquater, "Fault Attacks for CRT Based RSA: New Attacks, New Results, and New Countermeasures," Workshop in Information Security Theory and practicesWISTP' 07, LNCS Vol. 4462, pp. 215-228,2007
  6. D. Boneh, R.A DeMillo, and R.J. Lipton, "On the importance of checking cryptographic protocols for faults," EUROCRYPT'97, LNCS Vol. 1233, pp.37-51, 1997
  7. M. Joye, A.K. Lenstra, and J.-J. Quisquater, "Chinese remaindering based cryptosystems in the presence of faults," Journal of Cryptology 12(4), pp. 241-245, 1999 https://doi.org/10.1007/s001459900055
  8. S. M. Yen, S. J. Kim, S. G. Lim, and S. J. Moon, "RSA speedup with residue number system immune against hardware fault cryptanalysis," International Conference on Information Security and Cryptology -ICISC'01 LNCS Y.2288, pp.397-413, 2001
  9. S. M. Yen, S. J. Moon, and J. C Ha, "Hardware fault attack on RSA with CRT revited," International Conference on Information Security and Cryptology-ICISC'02, LNCS 2587, pp. 374-388, 2003
  10. A. Shamir, "Method and apparatus for protecting public key schemes from timing and fault attacks," United States Patent p5,991,415, November 23, 1999. Also presented at the rump session of EUROCRYPT'97
  11. M. Joye, P. Pailler, S. M. Yen, "Secure evaluation of modular functions," International Workshop on Cryotpology and Network Security 2001, pp.227-229, 2001
  12. J. Blomer, M. Otto, and J. P. Seifert, "A new CRT-RSA algorithm secure against Bellcore attacks," 10th ACM Conference on Computer and Communications Security, pp. 311-320, 2003
  13. D. Wagner, "Cryptanalysis of a provably secure CRT-RSA algorithm," 11th ACM Conference on Computers and Comm- unications Security, pp. 92-97, 2004
  14. J. Blomer and M. Otto, "Wagner's attack on a secure CRT-RSA algoritlnn recondiered," Fault Diagnosis and Tolerance in Cryptography -FDTC '06 LNCS Vol. 4236, pp. 13-23, 2006 https://doi.org/10.1007/11889700_2
  15. M. Ciet and M. Joye, "Practical fault countermeasures for Chinese Remain- dering based RSA," Fault Diagnosis and Tolerance in Cryptography -FDTC'05, pp. 124-131,2005
  16. C. Giraud, "Fault resistant RSA implementation," Fault Diagnosis and Tolerance in Cryptography-FDTC'05, pp. 142-151,2005
  17. S. M. Yen, L. C. Ko, S. J. Moon and J. C. Ha, "Relative Doubling attack against Montgomery Ladder," Intemational Conference on Information Security and CyptographyICISC'05, LNCS 3935, pp. 117-128, 2006
  18. A. Boscher, R. Naciri, and E. Prouff, "CRTRSA Algorithm Protected Against Fault Attacks," Workshop in Information Security Theory and practices-WISTP'07, LNCS Vol. 4462, pp. 237-252, 2007
  19. 권은정, 신종훈, 이필중, "SPA-FA에 안전한 exponentiation 알고리듬에 대한 Fault Attack," 한국정보보호학회 하계학술대회(CISC-S'07j 논문집, pp. 345-249, 2007
  20. C. K. Kim, J. C. Ha, S. H. Kim, S. K. Kim, S. M. Yen, and S. J Moon, "A secure and practical CRT-Based RSA to resist side channel attacks," International Conference on Computational Science and Its Applications-ICCSA'04, LNCS 3043, pp. 150-166, May, 2004
  21. C. H. Kim and J. J. Quisquater, "How can we overcome both side channel analysis and fault attacks on RSA-CRT?," Fault Diagnosis and Tolerance in Crptography-FDTC'07, pp. 21-29, 2007
  22. J. C. Ha, J. H. Park, S. J. Moon, and S. M. Yen, "Provably Secure Countermeasure Resistant to Several Types of Power Attack for ECC," Workshop on Information Security Applications-WISA' 07, LNCS 4867, pp. 333-344, 2007