Paper 2011/388

Modulus Fault Attacks Against RSA-CRT Signatures

Eric Brier, David Naccache, Phong Q. Nguyen, and Mehdi Tibouchi

Abstract

RSA-CRT fault attacks have been an active research area since their discovery by Boneh, DeMillo and Lipton in 1997. We present alternative key-recovery attacks on RSA-CRT signatures: instead of targeting one of the sub-exponentiations in RSA-CRT, we inject faults into the public modulus before CRT interpolation, which makes a number of countermeasures against Boneh et al.'s attack ineffective. Our attacks are based on orthogonal lattice techniques and are very efficient in practice: depending on the fault model, between 5 to 45 faults suffice to recover the RSA factorization within a few seconds. Our simplest attack requires that the adversary knows the faulty moduli, but more sophisticated variants work even if the moduli are unknown, under reasonable fault models. All our attacks have been fully validated experimentally with fault-injection laser techniques.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. An extended abstract will appear in the proceedings of CHES 2011. This is the full version.
Keywords
Fault AttacksDigital SignaturesRSACRTLattices
Contact author(s)
mehdi tibouchi @ normalesup org
History
2011-07-28: revised
2011-07-18: received
See all versions
Short URL
https://ia.cr/2011/388
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2011/388,
      author = {Eric Brier and David Naccache and Phong Q.  Nguyen and Mehdi Tibouchi},
      title = {Modulus Fault Attacks Against RSA-CRT Signatures},
      howpublished = {Cryptology ePrint Archive, Paper 2011/388},
      year = {2011},
      note = {\url{https://eprint.iacr.org/2011/388}},
      url = {https://eprint.iacr.org/2011/388}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.