Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
Springer Nature Link
Log in

Safe-Error Attack on SPA-FA Resistant Exponentiations Using a HW Modular Multiplier

  • Conference paper
Information Security and Cryptology - ICISC 2007 (ICISC 2007)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 4817))

Included in the following conference series:

  • 790 Accesses

Abstract

The RSA is one of the most widely used algorithms nowadays in smart cards. The main part of RSA is the modular exponentiation composed of modular multiplications. Therefore most smart cards have a hardware modular multiplier to speed up the computation. However, secure implementation of a cryptographic algorithm in an embedded device such as a smart card has now become a big challenge since the advent of side channel analysis and fault attacks. In 2005 Giraud proposed an exponentiation algorithm, which is secure against Simple Power Analysis (SPA) and Fault Attacks (FA). Recently Boscher et al. proposed another SPA-FA resistant exponentiation algorithm. To the authors’ best knowledge, only these two provide security against SPA and FA simultaneously in an exponentiation algorithm. Both algorithms are also secure against C safe-error attack and M safe-error attack when they are implemented in a software. However, when they are implemented with a hardware modular multiplier, and this is usual in a smart card, they could be vulnerable to another type of safe error attack. In this paper, we show how this attack is possible on both SPA-FA resistant exponentiation algorithms.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Advanced Crypto Engine, Infineon. available at, http://www.infin

  2. Fame XE, NXD. available at, http://www.nxp.com

  3. TORNATO, Samsung. available at http://www.samsung.com/

  4. Aumüller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.-P.: Fault attacks on RSA with CRT: Concrete results and practical countermeasures. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 260–275. Springer, Heidelberg (2003)

    Google Scholar 

  5. Bao, F., Deng, R., Han, Y., Jeng, A., Narasimhalu, A., Ngair, T.: Breaking public key cryptosystems on tamper resistant devices in the presence of transient faults. In: Christianson, B., Lomas, M. (eds.) Security Protocols. LNCS, vol. 1361, pp. 115–124. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  6. Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer’s apprentice guide to fault attacks. In: Fault Diagnosis and Tolerance in Cryptography in association with DSN 2004 – The International Conference on Dependable Systems and Networks, pp. 330–342 (2004)

    Google Scholar 

  7. Blömer, J., Otto, M.: Wagner’s attack on a secure crt-rsa algorithm reconsidered. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.-P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 13–23. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  8. Boneh, D., DeMillo, R., Lipton, R.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)

    Chapter  Google Scholar 

  9. Boneh, D., DeMillo, R., Lipton, R.: On the importance of eliminating errors in cryptographic computations. Journal of Cryptology 14(2), 101–119 (2001) An earlier version appears in [8]

    Article  MATH  MathSciNet  Google Scholar 

  10. Boscher, A., Naciri, R., Prouff, E.: CRT RSA algorithm protected against fault attacks. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J.J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 237–252. Springer, Heidelberg (2007)

    Google Scholar 

  11. Örs, S.B., Batina, L., Preneel, B., Vandewalle, J.: Hardware implementation of a Montgomery modular multiplier in a systolic array. In: Proceedings of the 17th International Symposium on Parallel and Distributed Processing, pp. 1–8. IEEE Computer Society, Los Alamitos (2003)

    Google Scholar 

  12. Giraud, C.: Fault resistant RSA implementation. In: D.Walter, C., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 142–151. Springer, Heidelberg (2003)

    Google Scholar 

  13. Joye, M., Pailler, P., Yen, S.-M.: Secure evaluation of modular functions. In: International Workshop on Cryptology and Network Security 2001, pp. 227–229 (2001)

    Google Scholar 

  14. Joye, M., Yen, S.-M.: The montgomery powering ladder. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003)

    Google Scholar 

  15. Kocher, P.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)

    Google Scholar 

  16. Manochehri, K., Pourmozafari, S.: Modified radix-2 montgomery modular multiplication to make it faster and simpler. In: International Conference on Coding and Computing – ITCC 2005, vol. 1, pp. 598–602 (2005)

    Google Scholar 

  17. Messerges, T., Dabbish, E., Sloan, R.: Examining smart-card security under the threat of power analysis attack. IEEE Transactions on Computers 51(5), 541–552 (2002)

    Article  MathSciNet  Google Scholar 

  18. Seifert, J.-P.: On authenticated computing and RSA-based authentication. In: Proc. of ACM conference on computer and communications security 2005, pp. 122–127. ACM Press, New York (2005)

    Chapter  Google Scholar 

  19. Shamir, A.: Method and apparatus for protecting public key schemes from timing and fault attacks. United States Patent \(\sharp\)5,991,415 (November 23, 1999) Also presented at the rump session of EUROCRYPT 1997

    Google Scholar 

  20. Skorobogatov, S., Anderson, R.-J.: Optical fault induction attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003)

    Google Scholar 

  21. Wagner, D.: Cryptanalysis of a provably secure CRT-RSA algorithm. In: 11th ACM Conference on Computers and Communications Security, pp. 92–97. ACM Press, New York (2004)

    Chapter  Google Scholar 

  22. Yen, S.-M., Joye, M.: Checking before output may not be enough against fault based cryptanalysis. IEEE Transactions on Computers 49(9), 967–970 (2000)

    Article  Google Scholar 

  23. Yen, S.-M., Kim, S., Lim, S., Moon, S.: RSA speedup with residue number system immune against hardware fault cryptanalysis. In: Kim, K.-c. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 397–413. Springer, Heidelberg (2002)

    Google Scholar 

  24. Yen, S.-M., Kim, S., Lim, S., Moon, S.: RSA speedup with chinese remainder theorem immune against hardware fault cryptanalysis. IEEE Transactions on Computers 52(4), 461–472 (2003) An earlier version appears in [23]

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. UCL Crypto Group, Université Catholique de Louvain, Belgium

    Chong Hee Kim & Jean-Jacques Quisquater

  2. Dept. of Electronic and Electrical Eng., POSTECH, Pohang, Korea

    Jong Hoon Shin & Pil Joong Lee

Authors
  1. Chong Hee Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jong Hoon Shin
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jean-Jacques Quisquater
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pil Joong Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Kil-Hyun Nam Gwangsoo Rhee

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kim, C.H., Shin, J.H., Quisquater, JJ., Lee, P.J. (2007). Safe-Error Attack on SPA-FA Resistant Exponentiations Using a HW Modular Multiplier. In: Nam, KH., Rhee, G. (eds) Information Security and Cryptology - ICISC 2007. ICISC 2007. Lecture Notes in Computer Science, vol 4817. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-76788-6_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-76788-6_22

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-76787-9

  • Online ISBN: 978-3-540-76788-6

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation