Cryptology ePrint Archive: Report 2012/172

Attacking RSA-CRT Signatures with Faults on Montgomery Multiplication

Pierre-Alain Fouque and Nicolas Guillermin and Delphine Leresteux and Mehdi Tibouchi and Jean-Christophe Zapalowicz

Abstract: In this paper, we present several efficient fault attacks against implementations of RSA-CRT signatures that use modular exponentiation algorithms based on Montgomery multiplication. They apply to any padding function, including randomized paddings, and as such are the first fault attacks effective against RSA-PSS.

The new attacks work provided that a small register can be forced to either zero, or a constant value, or a value with zero high-order bits. We show that these models are quite realistic, as such faults can be achieved against many proposed hardware designs for RSA signatures.

Category / Keywords: public-key cryptography / Fault Attacks, Montgomery Multiplication, RSA-CRT, RSA-PSS

Date: received 1 Apr 2012, last revised 2 Apr 2012

Contact author: mehdi tibouchi at normalesup org

Available format(s): PDF | BibTeX Citation

Version: 20120411:155414 (All versions of this report)

Short URL: ia.cr/2012/172

Discussion forum: Show discussion | Start new discussion