Modulus fault attacks against RSA–CRT signatures

Modulus fault attacks against RSA–CRT signatures

RSA–CRT fault attacks have been an active research area since their discovery by Boneh, DeMillo and Lipton in 1997. We present alternative key-recovery attacks on RSA–CRT signatures: instead of targeting one of the sub-exponentiations in RSA–CRT, we inject faults into the public modulus before CRT i...

Ausführliche Beschreibung

Gespeichert in:
Bibliographische Detailangaben
Veröffentlicht in:Journal of cryptographic engineering 2011-11, Vol.1 (3)
Hauptverfasser: Brier, Éric, Naccache, David, Nguyen, Phong Q., Tibouchi, Mehdi
Format: Artikel
Sprache:eng
Schlagworte:
Circuits and Systems
Communications Engineering
Computer Communication Networks
Computer Science
Cryptology
Data Structures and Information Theory
Networks
Operating Systems
Regular Paper
Online-Zugang:Volltext
Tags: Tag hinzufügen
Keine Tags, Fügen Sie den ersten Tag hinzu!
Beschreibung
Zusammenfassung:RSA–CRT fault attacks have been an active research area since their discovery by Boneh, DeMillo and Lipton in 1997. We present alternative key-recovery attacks on RSA–CRT signatures: instead of targeting one of the sub-exponentiations in RSA–CRT, we inject faults into the public modulus before CRT interpolation, which makes a number of countermeasures against Boneh et al.’s attack ineffective. Our attacks are based on orthogonal lattice techniques and are very efficient in practice: depending on the fault model, between 5 and 45 faults suffice to recover the RSA factorization within a few seconds. Our simplest attack requires that the adversary knows the faulty moduli, but more sophisticated variants work even if the moduli are unknown, under reasonable fault models. All our attacks have been fully validated experimentally with fault-injection laser techniques.
ISSN:2190-8508
2190-8516
DOI:10.1007/s13389-011-0015-x