Journal of the Korea Institute of Information Security & Cryptology (정보보호학회논문지)

Korea Institute of Information Security and Cryptology (한국정보보호학회)
권호 표지
DOI QR코드

DOI QR Code

Countermeasure for Physical Attack in RSA-CRT using Double Exponentiation Algorithm and Fault Infective Method

이중 멱승과 오류 확산 기법을 이용한 RSA-CRT에서의 물리적 공격 대응 방법

  • Gil, Kwang-Eun (Dept. of Information Security, Hoseo University) ;
  • Oh, Do-Hwan (Dept. of Information Security, Hoseo University) ;
  • Baek, Yi-Roo (Dept. of Information Security, Hoseo University) ;
  • Ha, Jae-Cheol (Dept. of Information Security, Hoseo University)
  • 길광은 (호서대학교 정보보호학과) ;
  • 오두환 (호서대학교 정보보호학과) ;
  • 백이루 (호서대학교 정보보호학과) ;
  • 하재철 (호서대학교 정보보호학과)
  • Received : 2009.12.17
  • Accepted : 2010.02.18
  • Published : 2010.04.30
Download PDF
⟨ Previous Next ⟩

Abstract

Many experimental results shows that RSA-CRT algorithm can be broken by fault analysis attacks. We analyzed the previous fault attacks and their countermeasures on RSA-CRT algorithm and found an weakness of the countermeasure proposed by Abid and Wang. Based on these analyses, we propose a new countermeasure which uses both double exponentiation and fault infective computation method. The proposed method efficiently computes a fault verification information using double exponentiation. And, it is designed to resist simple power analysis attack and (N-1) attack.

중국인의 나머지 정리에 기반한 RSA-CRT 알고리즘은 오류 주입 공격에 취약하다는 점이 실험적으로 검증되었다. 본 논문에서는 RSA-CRT 알고리즘에 대한 현재까지의 오류 주입 공격 방어 대책을 분석하고 최근 제시된 Abid와 Wang이 제안한 대응 방법의 취약점을 분석한다. 이를 바탕으로 이중 멱승과 오류 확산 기법을 사용한 오류 주입 공격 대응책을 제시한다. 논문에서 제안한 방식은 오류 확산용 검증 정보를 이중 멱승 기법을 이용하여 효율적으로 계산하도록 하였으며 수동적 부채널 공격인 단순 전력 분석 공격과 (N-1) 공격에 강한 멱승 알고리즘을 개발하였다.

Keywords

Acknowledgement

Supported by : 호서대학교

References

  1. R. Rivest, A. Shamir, and L. Adelman, "A method for obtaining digital signature and public key cryptosystems," Comm. of ACM, vol. 21, no. 2, pp. 120-126, Feb. 1978. https://doi.org/10.1145/359340.359342
  2. C. Couvreur and J.J. Quisquater, "Fast decipherment algorithm for RSA publickey cryptosystem," Electronics Letters, vol. 18, no. 21, pp. 905-907, Oct. 1982. https://doi.org/10.1049/el:19820617
  3. J.S. Coron, "Resistance Against Differential Power Analysis for Elliptic Curve Cryptosystems," CHES'99, LNCS 1717, pp. 292-302, 1999.
  4. D. Boneh, R.A. DeMillo, and R.J. Lipton, "On the importance of checking cryptographic protocols for faults," EUROCRYPT'97, LNCS 1233, pp. 37-51, 1997.
  5. M. Joye, A.K. Lenstra, and J.J. Quisquater, "Chinese remaindering based cryptosystems in the presence of faults," Journal of Cryptology, vol. 12, no. 4, pp. 241-245, Dec. 1999. https://doi.org/10.1007/s001459900055
  6. C. Aumuller, P. Bier, W. Fischer, P. Hofreiter, and J.P. Seifert, "Fault attack on RSA with CRT: Concrete results and practical countermeasures," CHES'02, LNCS 2553, pp. 260-275, 2002.
  7. C. Kim and J.J. Quisquater, "Fault Attacks for CRT Based RSA: New Attacks, New Results, and New Countermeasures," WISTP'07, LNCS 4462, pp. 215-228, 2007.
  8. A. Shamir, "Mehtod and apparatus for protecting public key schemes from timing and fault attacks," United States Patent p-5991415, Nov. 1999.
  9. S. Yen, S. Kim, S. Lim, and S. Moon, "RSA speedup with residue number system immune against hardware fault cryptanalysis," ICISC'01, LNCS 2288, pp. 397-413, 2001.
  10. F. Funaroli and D. Vigilant, "Blinded fault resistant exponentiation," FDTC '06, LNCS 4236, pp. 62-70, 2006.
  11. Z. Abid and W. Wang, "Countermeasures for Hardware Fault Attack in Multi- Prime RSA Cryptosystems," International Journal of Network Security, vol. 6, no. 2, pp. 190-200, Mar. 2008.
  12. B. Chevallier-Mames, M. Ciet, and M. Joye, "Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity," IEEE Transactions on Computers, vol. 53, no. 6, pp. 760-768, June 2004. https://doi.org/10.1109/TC.2004.13
  13. S. Yen, W. Lien, S. Moon, and J. Ha, "Power Analysis by Exploiting Chosen Message and Internal Collisions- Vulnerability of Checking Mechanism for RSA Decryption," Mycrypt'05, LNCS 3715, pp. 183-195, 2005.
  14. M. Joye, P. Pailler, and S.M. Yen, "Secure evaluation of modular functions," International Workshop on Cryptology and Network Security-2001, pp. 227-229, Sep. 2001.
  15. C. Giraud, "An RSA Implementation Resistant to Fault Attacks and Simple Power Analysis," IEEE Trans on Computers, vol. 55, no. 9, pp. 1116-1120, Sep. 2006. https://doi.org/10.1109/TC.2006.135
  16. J. Blomer, M. Otto, and J.P. Seifert, "A new CRT-RSA algorithm secure against Bellcore attacks," 10th ACM Conference on Computer and Communications Security, pp. 311-320, Oct. 2003.
  17. D. Wagner, "Cryptanalysis of a provably secure CRT-RSA algorithm," 11th ACM Conference on Computers and Communications Security, pp. 92-97, Oct. 2004.
  18. C. Kim and J.J. Quisquater, "How can we overcome both side channel analysis and fault attacks on RSA-CRT?," FDTC'07, pp. 21-29, Aug. 2007.
  19. J. Ha, C. Jun, J. Park, and S. Moon, "A New CRT-RSA Scheme Resistant to Power Analysis and Fault Attacks," International Conference on Convergence and Hybrid Information Technology - ICCIT'08, pp. 351-356, Nov. 2008.