Paper 2012/172

Attacking RSA-CRT Signatures with Faults on Montgomery Multiplication

Pierre-Alain Fouque, Nicolas Guillermin, Delphine Leresteux, Mehdi Tibouchi, and Jean-Christophe Zapalowicz

Abstract

In this paper, we present several efficient fault attacks against implementations of RSA-CRT signatures that use modular exponentiation algorithms based on Montgomery multiplication. They apply to any padding function, including randomized paddings, and as such are the first fault attacks effective against RSA-PSS. The new attacks work provided that a small register can be forced to either zero, or a constant value, or a value with zero high-order bits. We show that these models are quite realistic, as such faults can be achieved against many proposed hardware designs for RSA signatures.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Published elsewhere. Unknown where it was published
Keywords
Fault AttacksMontgomery MultiplicationRSA-CRTRSA-PSS
Contact author(s)
mehdi tibouchi @ normalesup org
History
2012-04-11: received
Short URL
https://ia.cr/2012/172
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2012/172,
      author = {Pierre-Alain Fouque and Nicolas Guillermin and Delphine Leresteux and Mehdi Tibouchi and Jean-Christophe Zapalowicz},
      title = {Attacking {RSA}-{CRT} Signatures with Faults on Montgomery Multiplication},
      howpublished = {Cryptology {ePrint} Archive, Paper 2012/172},
      year = {2012},
      url = {https://eprint.iacr.org/2012/172}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.