Browse > Article
http://dx.doi.org/10.13089/JKIISC.2010.20.2.33

Countermeasure for Physical Attack in RSA-CRT using Double Exponentiation Algorithm and Fault Infective Method  

Gil, Kwang-Eun (Dept. of Information Security, Hoseo University)
Oh, Do-Hwan (Dept. of Information Security, Hoseo University)
Baek, Yi-Roo (Dept. of Information Security, Hoseo University)
Ha, Jae-Cheol (Dept. of Information Security, Hoseo University)
Abstract
Many experimental results shows that RSA-CRT algorithm can be broken by fault analysis attacks. We analyzed the previous fault attacks and their countermeasures on RSA-CRT algorithm and found an weakness of the countermeasure proposed by Abid and Wang. Based on these analyses, we propose a new countermeasure which uses both double exponentiation and fault infective computation method. The proposed method efficiently computes a fault verification information using double exponentiation. And, it is designed to resist simple power analysis attack and (N-1) attack.
Keywords
RSA; Chinese Remainder Theorem; Fault Analysis Attack; Side Channel Attack; (N-1) Attack;
Citations & Related Records
연도 인용수 순위
  • Reference
1 C. Couvreur and J.J. Quisquater, "Fast decipherment algorithm for RSA publickey cryptosystem," Electronics Letters, vol. 18, no. 21, pp. 905-907, Oct. 1982.   DOI   ScienceOn
2 R. Rivest, A. Shamir, and L. Adelman, "A method for obtaining digital signature and public key cryptosystems," Comm. of ACM, vol. 21, no. 2, pp. 120-126, Feb. 1978.   DOI   ScienceOn
3 J.S. Coron, "Resistance Against Differential Power Analysis for Elliptic Curve Cryptosystems," CHES'99, LNCS 1717, pp. 292-302, 1999.
4 D. Boneh, R.A. DeMillo, and R.J. Lipton, "On the importance of checking cryptographic protocols for faults," EUROCRYPT'97, LNCS 1233, pp. 37-51, 1997.
5 M. Joye, A.K. Lenstra, and J.J. Quisquater, "Chinese remaindering based cryptosystems in the presence of faults," Journal of Cryptology, vol. 12, no. 4, pp. 241-245, Dec. 1999.   DOI
6 C. Aumuller, P. Bier, W. Fischer, P. Hofreiter, and J.P. Seifert, "Fault attack on RSA with CRT: Concrete results and practical countermeasures," CHES'02, LNCS 2553, pp. 260-275, 2002.
7 C. Kim and J.J. Quisquater, "Fault Attacks for CRT Based RSA: New Attacks, New Results, and New Countermeasures," WISTP'07, LNCS 4462, pp. 215-228, 2007.
8 A. Shamir, "Mehtod and apparatus for protecting public key schemes from timing and fault attacks," United States Patent p-5991415, Nov. 1999.
9 S. Yen, S. Kim, S. Lim, and S. Moon, "RSA speedup with residue number system immune against hardware fault cryptanalysis," ICISC'01, LNCS 2288, pp. 397-413, 2001.
10 F. Funaroli and D. Vigilant, "Blinded fault resistant exponentiation," FDTC '06, LNCS 4236, pp. 62-70, 2006.
11 Z. Abid and W. Wang, "Countermeasures for Hardware Fault Attack in Multi- Prime RSA Cryptosystems," International Journal of Network Security, vol. 6, no. 2, pp. 190-200, Mar. 2008.
12 B. Chevallier-Mames, M. Ciet, and M. Joye, "Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity," IEEE Transactions on Computers, vol. 53, no. 6, pp. 760-768, June 2004.   DOI   ScienceOn
13 S. Yen, W. Lien, S. Moon, and J. Ha, "Power Analysis by Exploiting Chosen Message and Internal Collisions- Vulnerability of Checking Mechanism for RSA Decryption," Mycrypt'05, LNCS 3715, pp. 183-195, 2005.
14 D. Wagner, "Cryptanalysis of a provably secure CRT-RSA algorithm," 11th ACM Conference on Computers and Communications Security, pp. 92-97, Oct. 2004.
15 M. Joye, P. Pailler, and S.M. Yen, "Secure evaluation of modular functions," International Workshop on Cryptology and Network Security-2001, pp. 227-229, Sep. 2001.
16 C. Giraud, "An RSA Implementation Resistant to Fault Attacks and Simple Power Analysis," IEEE Trans on Computers, vol. 55, no. 9, pp. 1116-1120, Sep. 2006.   DOI
17 J. Blomer, M. Otto, and J.P. Seifert, "A new CRT-RSA algorithm secure against Bellcore attacks," 10th ACM Conference on Computer and Communications Security, pp. 311-320, Oct. 2003.
18 C. Kim and J.J. Quisquater, "How can we overcome both side channel analysis and fault attacks on RSA-CRT?," FDTC'07, pp. 21-29, Aug. 2007.
19 J. Ha, C. Jun, J. Park, and S. Moon, "A New CRT-RSA Scheme Resistant to Power Analysis and Fault Attacks," International Conference on Convergence and Hybrid Information Technology - ICCIT'08, pp. 351-356, Nov. 2008.