Browse > Article
http://dx.doi.org/10.13089/JKIISC.2008.18.2.75

A Countermeasure Resistant to Fault Attacks on CRT-RSA using Fault Infective Method  

Ha, Jae-Cheol (Hoseo University)
Park, Jea-Hoon (Kyungpook National University)
Moon, Sang-Jae (Kyungpook National University)
Abstract
Recently, the straightforward CRT-RSA was shown to be broken by fault attacks through many experimental results. In this paper, we analyze the fault attacks against CRT-RSA and their countermeasures, and then propose a new fault infective method resistant to the various fault attacks on CRT-RSA. In our CRT-RSA algorithm, if an error is injected in exponentiation with modulo p or q, then the error is spreaded by fault infective computation in CRT recombination operation. Our countermeasure doesn't have extra error detection procedure based on decision tests and doesn't use public parameter such as e. Also, the computational cost is effective compared to the previous secure countermeasures.
Keywords
RSA; Chinese Remainder Theorem; Fault Attack; Fault Infective Method;
Citations & Related Records
연도 인용수 순위
  • Reference
1 J. S. Coron, "Resistance Against Differential Power Analysis for Elliptic Curve Cryptosystems" Cryptographic Hardware and Embedded Systems -CHES"99. LNCS Vol. 1717, pp. 292 - 302, 1999
2 C. H. Kim and J. J. Quisquater, "Fault Attacks for CRT Based RSA: New Attacks, New Results, and New Countermeasures," Workshop in Information Security Theory and practicesWISTP' 07, LNCS Vol. 4462, pp. 215-228,2007
3 D. Boneh, R.A DeMillo, and R.J. Lipton, "On the importance of checking cryptographic protocols for faults," EUROCRYPT'97, LNCS Vol. 1233, pp.37-51, 1997
4 S. M. Yen, S. J. Kim, S. G. Lim, and S. J. Moon, "RSA speedup with residue number system immune against hardware fault cryptanalysis," International Conference on Information Security and Cryptology -ICISC'01 LNCS Y.2288, pp.397-413, 2001
5 A. Shamir, "Method and apparatus for protecting public key schemes from timing and fault attacks," United States Patent p5,991,415, November 23, 1999. Also presented at the rump session of EUROCRYPT'97
6 J. Blomer and M. Otto, "Wagner's attack on a secure CRT-RSA algoritlnn recondiered," Fault Diagnosis and Tolerance in Cryptography -FDTC '06 LNCS Vol. 4236, pp. 13-23, 2006   DOI   ScienceOn
7 S. M. Yen, L. C. Ko, S. J. Moon and J. C. Ha, "Relative Doubling attack against Montgomery Ladder," Intemational Conference on Information Security and CyptographyICISC'05, LNCS 3935, pp. 117-128, 2006
8 권은정, 신종훈, 이필중, "SPA-FA에 안전한 exponentiation 알고리듬에 대한 Fault Attack," 한국정보보호학회 하계학술대회(CISC-S'07j 논문집, pp. 345-249, 2007
9 J. Blomer, M. Otto, and J. P. Seifert, "A new CRT-RSA algorithm secure against Bellcore attacks," 10th ACM Conference on Computer and Communications Security, pp. 311-320, 2003
10 D. Wagner, "Cryptanalysis of a provably secure CRT-RSA algorithm," 11th ACM Conference on Computers and Comm- unications Security, pp. 92-97, 2004
11 C. K. Kim, J. C. Ha, S. H. Kim, S. K. Kim, S. M. Yen, and S. J Moon, "A secure and practical CRT-Based RSA to resist side channel attacks," International Conference on Computational Science and Its Applications-ICCSA'04, LNCS 3043, pp. 150-166, May, 2004
12 C. Giraud, "Fault resistant RSA implementation," Fault Diagnosis and Tolerance in Cryptography-FDTC'05, pp. 142-151,2005
13 J. C. Ha, J. H. Park, S. J. Moon, and S. M. Yen, "Provably Secure Countermeasure Resistant to Several Types of Power Attack for ECC," Workshop on Information Security Applications-WISA' 07, LNCS 4867, pp. 333-344, 2007
14 R. Rivest, A. Shamir, L. Adleman, "A method for obtaining digital signatures and public-key cryptosystems," Comm. of the ACM 21, pp. 120 - 126, 1978   DOI   ScienceOn
15 C. Aumuller, P. Bier, W. Fischer, P. Hofreiter, and J. P. Seifert, "Fault attacks on RSA with CRT: Concrete results and practical countermeasures," Cryptographic Hardware and Embedded Systems -CHES '02, LNCS Vol. 2523, pp. 260-275, 2002
16 M. Joye, A.K. Lenstra, and J.-J. Quisquater, "Chinese remaindering based cryptosystems in the presence of faults," Journal of Cryptology 12(4), pp. 241-245, 1999   DOI
17 S. M. Yen, S. J. Moon, and J. C Ha, "Hardware fault attack on RSA with CRT revited," International Conference on Information Security and Cryptology-ICISC'02, LNCS 2587, pp. 374-388, 2003
18 C. Couvreur, J. J. Quisquater, "Fast decipherment algorithm for RSA public-key cryptosystern," Electronics Letters Vol. 18 pp. 905-907, 1982
19 M. Ciet and M. Joye, "Practical fault countermeasures for Chinese Remain- dering based RSA," Fault Diagnosis and Tolerance in Cryptography -FDTC'05, pp. 124-131,2005
20 C. H. Kim and J. J. Quisquater, "How can we overcome both side channel analysis and fault attacks on RSA-CRT?," Fault Diagnosis and Tolerance in Crptography-FDTC'07, pp. 21-29, 2007
21 A. Boscher, R. Naciri, and E. Prouff, "CRTRSA Algorithm Protected Against Fault Attacks," Workshop in Information Security Theory and practices-WISTP'07, LNCS Vol. 4462, pp. 237-252, 2007
22 M. Joye, P. Pailler, S. M. Yen, "Secure evaluation of modular functions," International Workshop on Cryotpology and Network Security 2001, pp.227-229, 2001