한국컴퓨터정보학회논문지 (Journal of the Korea Society of Computer and Information)

  • 제17권5호
  • /
  • Pages.59-70
  • /
  • 2012
  • /
  • 1598-849X(pISSN)
  • /
  • 2383-9945(eISSN)
한국컴퓨터정보학회 (Korean Society of Computer Information)
권호 표지
DOI QR코드

DOI QR Code

오류주입 공격에 강건하며 병렬연산이 가능한 RSA-CRT

Hardware Fault Attack Resistant RSA-CRT with Parallel Support

  • 은하수 (한양대학교 컴퓨터공학과) ;
  • 오희국 (한양대학교 컴퓨터공학과) ;
  • 김상진 (한국기술교육대학교 컴퓨터공학부)
  • Eun, Ha-Soo (Dept. of Computer Science and Engineering, Hanyang University) ;
  • Oh, Hee-Kuck (Dept. of Computer Science and Engineering, Hanyang University) ;
  • Kim, Sang-Jin (School of Computer Science and Engineering, Korea University of Technology and Education)
  • 투고 : 2012.03.20
  • 심사 : 2012.05.04
  • 발행 : 2012.05.31
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

RSA-CRT는 RSA의 속도를 개선하기 위한 가장 대표적인 기법이다. RSA-CRT는 RSA에 사용되는 두 비밀소수의 법에서 각각 연산을 수행하기 때문에 RSA에 비해 약 4배가량 빠른 속도로 연산할 수 있다. 하지만 RSA에서 법 생성 후 바로 파기할 수 있었던 비밀 소수를 연산에 직접 사용함으로서 오류 주입공격 시 이를 노출하게 되는 문제가 있다. 이를 해결하기 위한 가장 대표적인 기법이 오류 확산에 기반을 둔 기법이다. 이 기법은 주입된 오류가 암호문 전체에 영향을 미치기 때문에 공격자가 비밀 소수를 얻기 힘들지만 독립적으로 진행되었던 연산을 순차적으로 해야 하며, 여전히 오류주입 공격에 취약하다는 문제점이 있다. 본 논문에서는 오류주입 공격에 강건하며 병렬처리가 가능하도록 공통법을 이용한 RSA-CRT 기법과 메시지를 각각의 법에서 연산한 RSA-CRT기법을 제안한다. 제안하는 기법은 최대 병렬연산을 통해 2회의 지수연산 시간밖에 소요되지 않기 때문에 빠른 연산속도를 제공하면서 오류주입 공격으로부터 비밀 소수의 노출을 보호할 수 있다.

RSA-CRT is one of the commonly used techniques to speedup RSA operation. Since RSA-CRT performs its operations based on the modulus of two private primes, it is about four times faster than RSA. In RSA, the two primes are normally thrown away after generating the public key pair. However, in RSA-CRT, the two primes are directly used in RSA operations. This led to hardware fault attacks which can be used to factor the public modulus. The most common way to counter these attacks is based on error propagation. In these schemes, all the outputs of RSA are affected by the infected error which makes it difficult for an adversary to use the output to factor the public modulus. However, the error propagation has sequentialized the RSA operation. Moreover, these schemes have been found to be still vulnerable to hardware fault attacks. In this paper, we propose two new RSA-CRT schemes which are both resistant to hardware fault attack and support parallel execution: one uses common modulus and the other one perform operations in each prime modulus. Both proposed schemes takes about a time equal to two exponentiations to complete the RSA operation if parallel execution is fully used and can protect the two private primes from hardware fault attacks.

키워드

참고문헌

  1. R. Rivest, A. Shamir, and L. Adleman, "A Method for Obtaining Digital Signatures and Public-Key Cryptosystems," Communications of the ACM, 21(2), pp. 129-126, Feb. 1978.
  2. C. Couvreur, and J. Quisquater, "Fast Decipherment Algorithm for RSA Public-Key Cryptosystem," Electronics Letters, 18(21), pp. 905-907, Oct. 1982. https://doi.org/10.1049/el:19820617
  3. A. Lenstra, "Memo on RSA Signature Generation in the Presence of Faults," Manuscript, Sep. 1996.
  4. D. Boneh, R. DeMillo, and R. Lipton, "On the Importance of Checking Cryptographic Protocols for Fault," EUROCRYPT '97, LNCS 1233, pp. 37-51, May 1997.
  5. A. Shamir, "How to Check Modular Exponentiation," EUROCRYPT '97 Rump Session, May 1997.
  6. A. Shamir, "Method and Apparatus for Protecting Public Key Schemes from Timing and Fault Attacks," United States Patent 5991415, Nov. 1999.
  7. S. Yen, S. Kim, S. Lim, and S. Moon, "RSA Speedup with Chinese Remainder Theorem Immune Against Hardware Fault Cryptoanalysis," IEEE Transactions on Computers, 52(4), pp. 461-472, Apr. 2003. https://doi.org/10.1109/TC.2003.1190587
  8. S. Yen, D. Kim, and S. Moon, "Cryptoanalysis of Two Protocols for RSA with CRT Based on Fault Infection," Fault Diagnosis and Tolerance in Cryptography 2006, LNCS 4236, pp. 53-61 Oct. 2006.
  9. S.K. Kim, T.H. Kim, D.G. Han, Y.H. Park, and S.H. Hong, "Secure RSA with CRT Protected Against Fault Attacks without using Checking Procedure," Journal of The Korea Institute of Information Security & Cryptology, vol. 18, no. 4, pp. 17-25, Aug. 2008.
  10. Y.R. Baek and J.C. Ha, "Chosen Message Attack on the RSA-CRT Countermeasure Based on Fault Propagation Method," Journal of The Korea Institute of Information Security & Cryptology, vol. 20, no.3, pp. 135-140, Jun. 2010.
  11. J.H. Park, S.J. Moon, and J.C. Ha, "Experimental Analysis of Optical Fault Injection Attack for CRT-RSA Cryptosystem," Journal of The Korea Institute of Information Security & Cryptology, vol. 19, no.3, pp. 51-59, Jun. 2009.
  12. J.H. Park, S.J. Moon, and J.C. Ha, "An Experimental Fault Injection Attack on RSA Cryptosystem using Abnormal Source Voltage," Journal of The Korea Institute of Information Security & Cryptology, vol. 19 no.5, pp. 195-200, Oct. 2009.
  13. E. Barker and A. Roginskey, "Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths," NIST Special Publication 800-131A, Jan. 2011.