Our attacks are based on orthogonal lattice techniques and are very efficient in practice: depending on the fault model, between 5 to 45 faults suffice to recover the RSA factorization within a few seconds. Our simplest attack requires that the adversary knows the faulty moduli, but more sophisticated variants work even if the moduli are unknown, under reasonable fault models. All our attacks have been fully validated experimentally with fault-injection laser techniques.
Category / Keywords: implementation / Fault Attacks, Digital Signatures, RSA, CRT, Lattices Publication Info: An extended abstract will appear in the proceedings of CHES 2011. This is the full version. Date: received 18 Jul 2011, last revised 28 Jul 2011 Contact author: mehdi tibouchi at normalesup org Available format(s): PDF | BibTeX Citation Version: 20110728:132622 (All versions of this report) Short URL: ia.cr/2011/388 Discussion forum: Show discussion | Start new discussion