CRT RSA algorithm protected against fault attacks

Embedded devices performing RSA signatures are subject to Fault Attacks, particularly when the Chinese Remainder Theorem is used. In most cases, the modular exponentiation and the Garner recombination algorithms are targeted. To thwart Fault Attacks, we propose a new generic method of computing modu...

Ausführliche Beschreibung

Gespeichert in:

Bibliographische Detailangaben
Hauptverfasser:	Boscher, Arnaud, Naciri, Robert, Prouff, Emmanuel
Format:	Tagungsbericht
Sprache:	eng
Schlagworte:	Information systems Information systems > Data management systems Information systems > Data management systems > Data structures Information systems > Data management systems > Data structures > Data layout Information systems > Data management systems > Data structures > Data layout > Data encryption Security and privacy Security and privacy > Cryptography Social and professional topics Social and professional topics > Computing > technology policy Social and professional topics > Computing > technology policy > Computer crime Theory of computation Theory of computation > Computational complexity and cryptography
Online-Zugang:	Volltext
Tags:	Tag hinzufügen Keine Tags, Fügen Sie den ersten Tag hinzu!

Beschreibung
Zusammenfassung:	Embedded devices performing RSA signatures are subject to Fault Attacks, particularly when the Chinese Remainder Theorem is used. In most cases, the modular exponentiation and the Garner recombination algorithms are targeted. To thwart Fault Attacks, we propose a new generic method of computing modular exponentiation and we prove its security in a realistic fault model. By construction, our proposal is also protected against Simple Power Analysis. Based on our new resistant exponentiation algorithm, we present two different ways of computing CRT RSA signatures in a secure way. We show that those methods do not increase execution time and can be easily implemented on low-resource devices.
DOI:	10.5555/1763190.1763216