Combined Attack on CRT-RSA. Why Public Verification Must Not Be Public?

Abstract : This article introduces a new Combined Attack on a CRT-RSA implementation resistant against Side-Channel Analysis and Fault Injection attacks. Such implementations prevent the attacker from obtaining the signature when a fault has been induced during the computation. Indeed, such a value would allow the attacker to recover the RSA private key by computing the $gcd$ of the public modulus and the faulty signature. The principle of our attack is to inject a fault during the signature computation and to perform a Side-Channel Analysis targeting a sensitive value processed during the Fault Injection countermeasure execution. The resulting information is then used to factorize the public modulus, leading to the disclosure of the whole RSA private key. After presenting a detailed account of our attack, we explain how its complexity can be significantly reduced by using lattice reduction techniques. We also provide simulations that confirm the efficiency of our attack as well as two different countermeasures having a very small impact on the performance of the algorithm. As it performs a Side-Channel Analysis during a Fault Injection countermeasure to retrieve the secret value, this article recalls the need for Fault Injection and Side-Channel Analysis countermeasures as monolithic implementations.
Type de document :
Communication dans un congrès
Kaoru Kurosawa; Goichiro Hanaoka. PKC 2013 - Public-Key Cryptography, Feb 2013, Nara, Japan. Springer, 7778, pp.198-215, 2013, Lecture Notes in Computer Science. <10.1007/978-3-642-36362-7_13>
Liste complète des métadonnées

https://hal.inria.fr/hal-00777788
Contributeur : Guénaël Renault <>
Soumis le : jeudi 12 décembre 2013 - 12:20:02
Dernière modification le : mardi 8 décembre 2015 - 14:46:11
Document(s) archivé(s) le : vendredi 14 mars 2014 - 09:22:06

Fichier

CA-CRT-RSA.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

INRIA | UPMC | LIP6 | IMB

Citation

Guillaume Barbu, Alberto Battistelllo, Guillaume Dabosville, Christophe Giraud, Guénaël Renault, et al.. Combined Attack on CRT-RSA. Why Public Verification Must Not Be Public?. Kaoru Kurosawa; Goichiro Hanaoka. PKC 2013 - Public-Key Cryptography, Feb 2013, Nara, Japan. Springer, 7778, pp.198-215, 2013, Lecture Notes in Computer Science. <10.1007/978-3-642-36362-7_13>. <hal-00777788>

Partager

Métriques

Consultations de
la notice

650

Téléchargements du document

521