Paper 2009/024
On Second-Order Fault Analysis Resistance for CRT-RSA Implementations
Emmanuelle Dottax, Christophe Giraud, Matthieu Rivain, and Yannick Sierra
Abstract
Since their publication in 1996, Fault Attacks have been widely studied from both theoretical and practical points of view and most of cryptographic systems have been shown vulnerable to this kind of attacks. Until recently, most of the theoretical fault attacks and countermeasures used a fault model which assumes that the attacker is able to disturb the execution of a cryptographic algorithm only once. However, this approach seems too restrictive since the publication in 2007 of the successful experiment of an attack based on the injection of two faults, namely a second-order fault attack. Amongst the few papers dealing with second-order fault analysis, three countermeasures were published at WISTP'07 and FDTC'07 to protect the RSA cryptosystem using the CRT mode. In this paper, we analyse the security of these countermeasures with respect to the second-order fault model considered by their authors. We show that these countermeasures are not intrinsically resistant and we propose a new method allowing us to implement a CRT-RSA that resists to this kind of second-order fault attack.
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Published elsewhere. The final version of this paper will be published in the proceedings of WISTP 2009
- Keywords
- Smart CardsRSAFault Attacks
- Contact author(s)
- c giraud @ oberthur com
- History
- 2009-06-10: revised
- 2009-01-14: received
- See all versions
- Short URL
- https://ia.cr/2009/024
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2009/024,
author = {Emmanuelle Dottax and Christophe Giraud and Matthieu Rivain and Yannick Sierra},
title = {On Second-Order Fault Analysis Resistance for {CRT}-{RSA} Implementations},
howpublished = {Cryptology {ePrint} Archive, Paper 2009/024},
year = {2009},
url = {https://eprint.iacr.org/2009/024}
}
