RSA-CRT密码防御算法的故障注入攻击

doi:10.11959/j.issn.2096-109x.2019004

Chinese Journal of Network and Information Security ›› 2019, Vol. 5 ›› Issue (1): 30-36.doi: 10.11959/j.issn.2096-109x.2019004

• Special Column:Technology Research and Application Exploration on Attack and Defense of Cryptology • Previous Articles Next Articles

Fault-injection attack on countermeasure algorithms of RSA-CRT cryptosystem

Fanyu KONG¹(),Yong QIAO²,Pengtao LIU³,Xiaodong LIU¹,Dashui ZHOU¹

¹ Institute of Network Security,Shandong University,Jinan 250100,China
² China Standard Software Co.,Ltd.,Beijing 100190,China
³ School of Cyberspace Security,Shandong University of Political Science and Law,Jinan 250014,China

Revised:2018-12-28 Online:2019-02-01 Published:2019-04-10
Supported by:
The National Natural Science Foundation of China(61602275)

Abstract

Abstract:

As a widely-applied public-key cryptosystem in TLS,SSL and IPSec protocols,the security of RSA cryptosystem is of great importance.At FDTC 2014,Rauzy and Guilley proposed several improved countermeasure algorithms of RSA implementation based on Chinese remainder theorem,which were used to defeat fault-injection attacks.New fault-injection attacks on two of their countermeasure algorithms are proposed.During the RSA computation process,a permanent fault is injected and then a faulty RSA signature result is induced.The RSA private key can be obtained by using the faulty RSA signature and the correct result.Therefore,Rauzy and Guilley’s two countermeasure algorithms cannot resist our fault-injection attack.

Key words: RSA cryptosystem, Chinese remainder theorem, side channel attack, fault-injection attack

CLC Number:

TP309

Fanyu KONG,Yong QIAO,Pengtao LIU,Xiaodong LIU,Dashui ZHOU. Fault-injection attack on countermeasure algorithms of RSA-CRT cryptosystem[J]. Chinese Journal of Network and Information Security, 2019, 5(1): 30-36.

References 22

[1]	DIFFIE W , HELLMAN M E . New directions in cryptography[J]. IEEE Trans Inform Theory, 1976,22(6): 644-654.
[2]	RIVEST R L , SHAMIR A , ADLEMAN M . A method for obtaining digital signatures and public-key cryptosystems[J]. Communications of the ACM, 1978,21(2): 120-126.
[3]	KOCHER P , . Timing attacks on implementations of Diffie-Hellmann,RSA,DSS,and other systems[C]// Advances in CryptologyCRYPTO’96. 1996: 104-113.
[4]	BONEH D , DEMILLO R A , LIPTON R J . On the importance of checking cryptographic protocols for faults[C]// Advances in Cryptology - EUROCRYPT 1997. 1997: 37-51.
[5]	KOCHER P , JAFFE J , JUN B . Differential power analysis[C]// Advances in Cryptology - CRYPTO’99. 1999: 388-397.
[6]	SHAMIR A . Method and apparatus for protecting public key schemes from timing and fault attacks[J]. 1999.
[7]	JOYE M , PAILLER P , YEN S M . Secure evaluation of modular functions[C]// 2001 International Workshop on Cryptology and Network Security. 2001: 227-229.
[8]	AUMüLLER C , BIER P , FISCHER W ,et al. Fault attacks on RSA with CRT:concrete results and practical countermeasures[C]// Cryptographic Hardware and Embedded Systems-CHES 2002. 2002: 260-275.
[9]	YEN S M , MOON S J , HA J . Hardware fault attack on RSA with CRT revisited[C]// Information Security and Cryptology-ICISC 2002. 2002: 374-388.
[10]	RAUZY P , GUILLEY S . Countermeasures against high-order fault-injection attacks on CRT-RSA[C]// Fault Diagnosis and Tolerance in Cryptography 2014. 2014: 68-82.
[11]	BATTISTELLO A , GIRAUD C . Lost in translation:fault analysis of infective security proofs[C]// The Workshop on Fault Diagnosis＆ Tolerance in Cryptography. 2016: 45-53.
[12]	YEN S M , KIM S , LIM S ,et al. Moon.RSA speedup with Chinese remainder theorem immune against hardware fault cryptanalysis[J]. IEEE Transactions on Computers, 2003,52(4): 461-472.
[13]	YEN S M , KIM D , MOON S . Cryptanalysis of two protocols for RSA with CRT based on fault infection[C]// Fault Diagnosis and Tolerance in Cryptography 2006. 2006: 53-61.
[14]	WAGNER D , . Cryptanalysis of a provably secure CRT-RSA algorithm[C]// ACM Conference on Computer and Communications Security 2004. 2004: 92-97.
[15]	GIRAUD C . An RSA implementation resistant to fault attacks and to simple power analysis[J]. IEEE Transactions on Computers, 2006,55(9): 1116-1120.
[16]	VIGILANT D , . RSA with CRT:a new cost-effective solution to thwart fault attacks[C]// Cryptographic Hardware and Embedded Systems - CHES 2008. 2008: 130-145.
[17]	JOYE M , TUNSTALL M . Fault analysis in cryptography[M]. Berlin Heidelberg: SpringerPress, 2012.
[18]	LEE S , CHOI D , CHOI Y . Improved Shamir’s CRT-RSA algorithm:revisit with the modulus chaining method[J].,2014,36.3:469-478. ETRI Journal, 2014,363: 469-478.
[19]	王红胜, 纪道刚, 张阳 ,等. 针对 RSA-CRT 数字签名的光故障攻击研究[J]. 电子设计工程, 2015,23(6): 12-5.
	WANG H S , JI D G , ZHANG Y ,et al. Optical fault attack on RSA-CRT signatures[J]. Electronic Design Engineering, 2015,23(6): 12-15.
[20]	李增局 . 一种关于 CRT-RSA 算法的差分错误注入攻击[J]. 密码学报, 2016,3(6): 546-554.
	LI Z J . Differential fault attack on CRT-RSA[J]. Journal of Cryptologic Research, 2016,3(6): 546-554.
[21]	KISS A , KRMER J , RAUZY P ,et al. Algorithmic countermeasures against fault attacks and power analysis for RSA-CRT[C]// International Workshop on Constructive Side-Channel Analysis and Secure Design. 2016: 111-129.
[22]	KONG F , ZHOU D S , JIANG Y L ,et al. Fault attack on an improved CRT-RSA algorithm with the modulus chaining method[C]// International Conference on Computational Science and Engineering (CSE) 2017. 2017: 866-869.

Metrics

Recommended 0

No Suggested Reading articles found!

Fault-injection attack on countermeasure algorithms of RSA-CRT cryptosystem

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

References 22

Related Articles 5

Metrics

Recommended 0

[1]	Jiahao QIU, Weidong QIU, Yangde WANG, Yan ZHA, Yuming XIE, Yan LI. Intellectualized forensic technique for Android pattern locks [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 118-127.
[2]	Ding LI, Yuefei ZHU, Bin LU, Wei LIN. Survey of side channel attack on encrypted network traffic [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 114-130.
[3]	Qirun PAN,Kaizhi HUANG,Wei YOU. Network slicing deployment method based on isolation level [J]. Chinese Journal of Network and Information Security, 2020, 6(2): 96-105.
[4]	Jun REN,Jin-bo XIONG,Zhi-qiang YAO. Security control scheme for cloud data copy based on differential privacy model [J]. Chinese Journal of Network and Information Security, 2017, 3(5): 38-46.
[5]	Hui-hui JIA,Chao WANG,Jian GU,Hao-hao SONG,Di TANG. Research and simulation of timing attacks on ECC [J]. Chinese Journal of Network and Information Security, 2016, 2(4): 56-63.