You are looking at a specific version 20090610:083313 of this paper. See the latest version.

Paper 2009/024

On Second-Order Fault Analysis Resistance for CRT-RSA Implementations

Emmanuelle Dottax and Christophe Giraud and Matthieu Rivain and Yannick Sierra

Abstract

Since their publication in 1996, Fault Attacks have been widely studied from both theoretical and practical points of view and most of cryptographic systems have been shown vulnerable to this kind of attacks. Until recently, most of the theoretical fault attacks and countermeasures used a fault model which assumes that the attacker is able to disturb the execution of a cryptographic algorithm only once. However, this approach seems too restrictive since the publication in 2007 of the successful experiment of an attack based on the injection of two faults, namely a second-order fault attack. Amongst the few papers dealing with second-order fault analysis, three countermeasures were published at WISTP'07 and FDTC'07 to protect the RSA cryptosystem using the CRT mode. In this paper, we analyse the security of these countermeasures with respect to the second-order fault model considered by their authors. We show that these countermeasures are not intrinsically resistant and we propose a new method allowing us to implement a CRT-RSA that resists to this kind of second-order fault attack.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. The final version of this paper will be published in the proceedings of WISTP 2009
Keywords
Smart CardsRSAFault Attacks
Contact author(s)
c giraud @ oberthur com
History
2009-06-10: revised
2009-01-14: received
See all versions
Short URL
https://ia.cr/2009/024
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.