Both previous multiple fault attacks deal with the general case that the unknown part of message is in the middle. This paper handles a special situation that some least significant bits of messages are unknown. First, we describe a sample attack by utilizing the technique of solving simultaneous diophantine approximation problem, and the bound of unknown message is $N^{\frac1{2}-\frac1{2\ell}}$ where $\ell$ is the number of faulty signatures. Our attacks are heuristic but very efficient in practice. Furthermore, the new bound can be extended up to $N^{\frac1{2}^{1+\frac1{\ell}}}$ by the Cohn-Heninger technique. Comparison between previous attacks and new attacks with LSBs of message unknown will be given by simulation test.
Category / Keywords: Fault Attacks, RSA Signatures, Least Significant Bits (LSBs), ISO/IEC} 9796-2, LLL Algorithm Date: received 26 Aug 2012 Contact author: hanlidong at mail tsinghua edu cn Available formats: PDF | BibTeX Citation Version: 20120903:124428 (All versions of this report) Discussion forum: Show discussion | Start new discussion