Cryptology ePrint Archive: Report 2009/024

On Second-Order Fault Analysis Resistance for CRT-RSA Implementations

Emmanuelle Dottax and Christophe Giraud and Matthieu Rivain and Yannick Sierra

Abstract: Since their publication in 1996, Fault Attacks have been widely studied from both theoretical and practical points of view and most of cryptographic systems have been shown vulnerable to this kind of attacks. Until recently, most of the theoretical fault attacks and countermeasures used a fault model which assumes that the attacker is able to disturb the execution of a cryptographic algorithm only once. However, this approach seems too restrictive since the publication in 2007 of the successful experiment of an attack based on the injection of two faults, namely a second-order fault attack. Amongst the few papers dealing with second-order fault analysis, three countermeasures were published at WISTP'07 and FDTC'07 to protect the RSA cryptosystem using the CRT mode. In this paper, we analyse the security of these countermeasures with respect to the second-order fault model considered by their authors. We show that these countermeasures are not intrinsically resistant and we propose a new method allowing us to implement a CRT-RSA that resists to this kind of second-order fault attack.

Category / Keywords: implementation / Smart Cards, RSA, Fault Attacks

Publication Info: The final version of this paper will be published in the proceedings of WISTP 2009

Date: received 9 Jan 2009, last revised 10 Jun 2009

Contact author: c giraud at oberthur com

Available format(s): PDF | BibTeX Citation

Version: 20090610:083313 (All versions of this report)

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]