Browse > Article
http://dx.doi.org/10.13089/JKIISC.2009.19.6.63

Fault Analysis Attacks on Control Statement of RSA Exponentiation Algorithm  

Gil, Kwang-Eun (Hoseo University)
Baek, Yi-Roo (Hoseo University)
Kim, Hwan-Koo (Hoseo University)
Ha, Jae-Cheol (Hoseo University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.19, no.6, 2009 , pp. 63-70 More about this Journal
Abstract
Many research results show that RSA system mounted using conventional binary exponentiation algorithm is vulnerable to some physical attacks. Recently, Schmidt and Hurbst demonstrated experimentally that an attacker can exploit secret key using faulty signatures which are obtained by skipping the squaring operations. Based on similar assumption of Schmidt and Hurbst's fault attack, we proposed new fault analysis attacks which can be made by skipping the multiplication operations or computations in looping control statement. Furthermore, we applied our attack to Montgomery ladder exponentiation algorithm which was proposed to defeat simple power attack. As a result, our fault attack can extract secret key used in Montgomery ladder exponentiation.
Keywords
RSA; Exponentiation algorithm; Fault analysis attack; Montgomery ladder algorithm; Control statement;
Citations & Related Records
연도 인용수 순위
  • Reference
1 S.M. Yen, S.J. Kim, S.G. Lim, and S.J. Moon, "A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack," ICISC'01, LNCS 2288, pp. 414-427, 2002
2 S.M. Yen and M. Joye, "Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis," In IEEE Transactions on Computers, vol. 49, no. 9, pp. 967-970, Sep. 2000   DOI   ScienceOn
3 C. Kim and J.J. Quisquater, "Fault attacks for CRT based RSA : new attacks, new result and new countermeasures," WISTP'07, LNCS 4462, pp. 215-228, 2007
4 J.M. Schmidt and C. Herbst, "A Practical Fault Attack on Square and Multiply," Fault Diagnosis and Tolerance in Cryptoqraphy, FDTC'08, pp. 53-58, Aug. 2008
5 E. Dottax, C. Giraud, M. Rivain, and Y. Sierra, "On Second-Order Fault Analysis Resistance for CRT-RSA Implementation," Available at http://eprint.iacr.org/2009/024, June 2009
6 C. Giraud, "An RSA Implementation Resistant to Fault Attacks and Simple Power Analysis," IEEE Trans on Computers, vol. 55, no. 9, pp. 1116-1120, Sep. 2006   DOI   ScienceOn
7 D. Boneh, R.A. DeMillo, and R.J. Lipton, "On the importance of checking cryptographic protocols for faults," EUROCRYPT'97, LNCS 1233, pp. 37-51, 1997
8 R. Rivest, A. Shamir, and L. Adelman, "A method for obtaining digital signature and public key cryptosystems," Comm. of ACM, vol. 21, no. 2, pp. 120-126, Feb. 1978   DOI   ScienceOn
9 M. Joye, A.K. Lenstra, and J.J. Quisquater, "Chinese remaindering based cryptosystems in the presence of faults," Journal of Cryptology, vol. 12, no. 4, pp. 241-245, Dec. 1999   DOI
10 E. Biham and A. Shamir, "Differential Fault Analysis of Secret Key Cryptosystems," CRYPTO'97, LNCS 1294, pp. 513-525, 1997
11 M. Joye and S.M. Yen, "The Montgomery Powering ladder," CHES'02, LNCS 2523, pp. 291–302, 2002
12 N.E. Mrabet, "What About Vulnerability to a Fault Attack of the Miller's Algorithm Ducing an Identity Based Protocol?," ISA'09, LNCS 5576, pp. 122-134, 2009