Cryptology ePrint Archive: Report 2004/320

Upper Bounds for the Selection of the Cryptographic Key Lifetimes: Bounding the Risk of Key Exposure in the Presence of Faults

Alfonso De Gregorio

Abstract: With physical attacks threatening the security of current cryptographic schemes, no security policy can be developed without taking into account the physical nature of computation. In this article we first introduce the notion of \emph{Cryptographic Key Failure Tolerance}, then we offer a framework for the determination of upper bounds to the key lifetimes for any cryptographic scheme used in the presence of faults, given a desired (negligible) error-bound to the risk of key exposure. Finally we emphasize the importance of choosing keys and designing schemes with good values of failure tolerance, and recommend minimal values for this metric. In fact, in \emph{standard environmental conditions}, cryptographic keys that are especially susceptible to erroneous computations (e.g., RSA keys used with CRT-based implementations) are exposed with a probability greater than a standard error-bound (e.g., ${2^{-40}}$) after operational times shorter than one year, if the failure-rate of the cryptographic infrastructure is greater than ${1.04\times10^{-16}}$ {\it failures/hours}.

Category / Keywords: implementations/Key Lifetimes, Fault-Attacks, Dependability, Security Policies, Key-Management, Cryptographic Key Failure Tolerance, Reliability Modeling, Side-Channels, Cryptanalysis

Date: received 19 Nov 2004, last revised 26 Nov 2004

Contact author: alfonso degregorio at acm org

Available format(s): Postscript (PS) | Compressed Postscript (PS.GZ) | PDF | BibTeX Citation

Version: 20041126:151759 (All versions of this report)

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]