Paper 2005/458

Seifert's RSA Fault Attack: Simplified Analysis and Generalizations

James A. Muir

Abstract

Seifert recently described a new fault attack against an implementation of RSA signature verification. Here we give a simplified analysis of Seifert's attack and gauge its practicality against RSA moduli of practical sizes. We suggest an improvement to Seifert's attack which has the following consequences: if an adversary is able to cause random faults in only 4 bits of a 1024-bit RSA modulus stored in a device, then there is a greater than 50% chance that they will be able to make that device accept a signature on a message of their choice. For 2048-bit RSA, 6 bits suffice.

Metadata
Available format(s)
PDF PS
Category
Implementation
Publication info
Published elsewhere. Unknown where it was published
Keywords
RSAfault analysis
Contact author(s)
jamuir @ scs carleton ca
History
2005-12-31: received
Short URL
https://ia.cr/2005/458
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2005/458,
      author = {James A.  Muir},
      title = {Seifert's RSA Fault Attack:  Simplified Analysis and Generalizations},
      howpublished = {Cryptology ePrint Archive, Paper 2005/458},
      year = {2005},
      note = {\url{https://eprint.iacr.org/2005/458}},
      url = {https://eprint.iacr.org/2005/458}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.