Abstract
Fault attacks have become an efficient methodology for extracting secrets stored in embedded devices, and proper countermeasures against such attacks are nowadays considered necessary. This paper describes a simple method for foiling transient fault attacks on devices that perform modular exponentiation with a secret exponent. In the considered scenario, acknowledging an error only at the end of the computations leaks out secret information, and should be avoided. To tackle this difficulty, we propose a scheme that checks, independently, each step (i.e., multiplication/squaring) of the exponentiation algorithm, and aborts the procedure as soon as an error is detected, without completing the computation.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Aumüller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.P.: Fault attacks on RSA with CRT: Concrete Results and Practical Countermeasures. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 260–275. Springer, Heidelberg (2003)
Avizienis, A.: Arithmetic Algorithms for Error-Coded Operands. IEEE Trans. Comp. C-22, 567–572 (1973)
Boneh, D., De Millo, R.A., Lipton, R.J.: On the Importance of Eliminating Errors in Cryptographic Computations. Journal of Cryptology 14, 101–119 (2001)
Giraud, C., Thiebeauld, H.: A Survey on Fault Attacks. In: Quisquater, J.-J., Paradinas, P., Deswarte, Y., Kalam, A.E. (eds.) Smart Card Research and Advanced Applications VI -CARDIS 2004, pp. 159–176. Kluwer Academic Publishers, Dordrecht (2004)
Gueron, S.: Fault Detection Mechanism for Smartcards Performing Modular Exponentiation. In: Workshop on Fault Diagnosis and Tolerance in Cryptography 2004, Supplemental Volume of the 2004 Intern. Conf. on Dependable Systems and Networks, pp. 368–372 (2004)
Gueron, S.: Enhanced Montgomery Multiplication. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 46–56. Springer, Heidelberg (2003)
Jhunjhunwala: Indian Mathematics - an Introduction. Wiley Eastern Ltd., New Delhi (1993)
Joye, M., Lenstra, A., Quisquater, J.J.: Chinese Remaindering Based Cryptosystems in the Presence of Faults. Journal of Cryptology 12, 241–246 (1999)
Yen, S.M., Moon, S., Ha, J.C.: Hardware Fault Attack on RSA with CRT Revisited. In: Lee, P.J., Lim, C.H. (eds.) ICISC 2002. LNCS, vol. 2587, pp. 374–388. Springer, Heidelberg (2003)
Yen, S.M., Joye, M.: Checking Before Output Not Be Enough Against Fault-Based Cryptanalysis. IEEE Trans. on Comp. 49, 967–970 (2000)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Gueron, S. (2006). Data and Computational Fault Detection Mechanism for Devices That Perform Modular Exponentiation. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, JP. (eds) Fault Diagnosis and Tolerance in Cryptography. FDTC 2006. Lecture Notes in Computer Science, vol 4236. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11889700_8
Download citation
DOI: https://doi.org/10.1007/11889700_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-46250-7
Online ISBN: 978-3-540-46251-4
eBook Packages: Computer ScienceComputer Science (R0)