Barbu et al., 2013 - Google Patents
Combined attack on CRT-RSA: why public verification must not be public?Barbu et al., 2013
View PDF- Document ID
- 6757129985420688220
- Author
- Barbu G
- Battistello A
- Dabosville G
- Giraud C
- Renault G
- Renner S
- Zeitoun R
- Publication year
- Publication venue
- Public-Key Cryptography–PKC 2013: 16th International Conference on Practice and Theory in Public-Key Cryptography, Nara, Japan, February 26–March 1, 2013. Proceedings 16
External Links
Snippet
This article introduces a new Combined Attack on a CRT-RSA implementation resistant against Side-Channel Analysis and Fault Injection attacks. Such implementations prevent the attacker from obtaining the signature when a fault has been induced during the …
- 239000007924 injection 0 abstract description 18
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/60—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
- G06F7/72—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
- G06F7/724—Finite field arithmetic
- G06F7/726—Inversion; Reciprocal calculation; Division of elements of a finite field
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F7/00—Methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F7/60—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers
- G06F7/72—Methods or arrangements for performing computations using a digital non-denominational number representation, i.e. number representation without radix; Computing devices using combinations of denominational and non-denominational quantity representations, e.g. using difunction pulse trains, STEELE computers, phase computers using residue arithmetic
- G06F7/724—Finite field arithmetic
- G06F7/725—Finite field arithmetic over elliptic curves
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2207/00—Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F2207/72—Indexing scheme relating to groups G06F7/72 - G06F7/729
- G06F2207/7219—Countermeasures against side channel or fault attacks
- G06F2207/7223—Randomisation as countermeasure against side channel attacks
- G06F2207/7233—Masking, e.g. (A**e)+r mod n
- G06F2207/7242—Exponent masking, i.e. key masking, e.g. A**(e+r) mod n; (k+r).P
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2207/00—Indexing scheme relating to methods or arrangements for processing data by operating upon the order or content of the data handled
- G06F2207/72—Indexing scheme relating to groups G06F7/72 - G06F7/729
- G06F2207/7219—Countermeasures against side channel or fault attacks
- G06F2207/7271—Fault verification, e.g. comparing two values which should be the same, unless a computational fault occurred
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
- H04L9/3247—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
- H04L9/3249—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures using RSA or related signature schemes, e.g. Rabin scheme
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3006—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy underlying computational problems or public-key parameters
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communication
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
- H04L9/3066—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy involving algebraic varieties, e.g. elliptic or hyper-elliptic curves
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Boscher et al. | CRT RSA algorithm protected against fault attacks | |
| Ciet et al. | Elliptic curve cryptosystems in the presence of permanent and transient faults | |
| Vigilant | RSA with CRT: A new cost-effective solution to thwart fault attacks | |
| EP2332040B1 (en) | Countermeasure securing exponentiation based cryptography | |
| EP3452897B1 (en) | Countermeasure to safe-error fault injection attacks on cryptographic exponentiation algorithms | |
| US8457303B2 (en) | Fault-resistant calculcations on elliptic curves | |
| Kim et al. | How can we overcome both side channel analysis and fault attacks on RSA-CRT? | |
| Coron et al. | Fault attacks and countermeasures on Vigilant's RSA-CRT algorithm | |
| JP2011510579A (en) | Countermeasure method and device for asymmetric cryptosystem using signature diagram | |
| KR20100113130A (en) | Countermeasure method and devices for asymmetric cryptography | |
| Campos et al. | Trouble at the CSIDH: protecting CSIDH with dummy-operations against fault injection attacks | |
| Avanzi | Side channel attacks on implementations of curve-based cryptographic primitives | |
| Kim et al. | An efficient CRT-RSA algorithm secure against power and fault attacks | |
| Boscher et al. | Blinded fault resistant exponentiation revisited | |
| Barbu et al. | Combined attack on CRT-RSA: why public verification must not be public? | |
| Schinianakis et al. | Hardware-fault attack handling in RNS-based Montgomery multipliers | |
| Schmidt et al. | Fault attacks on the montgomery powering ladder | |
| Berzati et al. | In (security) against fault injection attacks for CRT-RSA implementations | |
| Muller et al. | High-order attacks against the exponent splitting protection | |
| Kim et al. | Bit-flip faults on elliptic curve base fields, revisited | |
| Ha et al. | Provably secure countermeasure resistant to several types of power attack for ECC | |
| Okeya et al. | On the importance of protecting Δ in SFLASH against side channel attacks | |
| Giraud et al. | Combined Attack on CRT-RSA | |
| Battistello | Common points on elliptic curves: the Achilles’ heel of fault attack countermeasures | |
| Ebeid et al. | A new CRT-RSA algorithm resistant to powerful fault attacks |