Abstract
At ches 2009, Coron, Joux, Kizhvatov, Naccache and Paillier (cjknp) exhibited a fault attack against rsa signatures with partially known messages. This fault attack allows factoring the public modulus N. While the size of the unknown message part (ump) increases with the number of faulty signatures available, the complexity of cjknp’s attack increases exponentially with the number of faulty signatures.
This paper describes a simpler attack, whose complexity remains polynomial in the number of faults; consequently, the new attack can handle much larger umps. The new technique can factor N in a fraction of a second using ten faulty emv signatures – a target beyond cjknp’s reach. We also show how to apply the attack even when N is unknown, a frequent situation in real-life attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Bellare, M., Rogaway, P.: The Exact security of digital signatures: How to sign with rsa and Rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996)
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. Journal of Cryptology 14(2), 101–119 (2001)
Coppersmith, D.: Small solutions to polynomial equations, and low exponent vulnerabilities. Journal of Cryptology 10(4), 233–260 (1997)
Coron, J.-S., Joux, A., Kizhvatov, I., Naccache, D., Paillier, P.: Fault attacks on rsa signatures with partially unknown messages. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol. 5747, pp. 444–456. Springer, Heidelberg (2009), eprint.iacr.org/2009/309
Coron, J.-S., Naccache, D., Stern, J.P.: On the security of RSA padding. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 1–18. Springer, Heidelberg (1999)
Coron, J.-S., Naccache, D., Tibouchi, M., Weinmann, R.P.: Practical cryptanalysis of iso/iec 9796-2 and emv signatures. In: Halevi, S. (ed.) Advances in Cryptology - CRYPTO 2009. LNCS, vol. 5677, pp. 428–444. Springer, Heidelberg (2009), eprint.iacr.org/2009/203
Coron, J.-S.: Optimal security proofs for pss and other signature schemes. In: Knudsen, L.R. (ed.) EUROCRYPT 2002. LNCS, vol. 2332, pp. 272–287. Springer, Heidelberg (2002)
Coron, J.-S., Joye, M., Naccache, D., Paillier, P.: Universal padding schemes for RSA. In: Yung, M. (ed.) CRYPTO 2002. LNCS, vol. 2442, pp. 226–241. Springer, Heidelberg (2002)
Herrmann, M., May, A.: Solving linear equations modulo divisors: On factoring given any bits. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 406–424. Springer, Heidelberg (2008)
emv, Integrated circuit card specifications for payment systems, Book 2. Security and Key Management. Version 4.2 (June 2008), http://www.emvco.com
emv, EMVCo type approval terminal level 2 test cases. Version 4.2a (April 2009), http://www.emvco.com
iso/iec 8825-1:2002, Information technology – ASN.1 encoding rules: Specification of Basic Encoding Rules (BER), Canonical Encoding Rules (CER) and Distinguished Encoding Rules (DER) (2002)
iso/iec 9796-2, Information technology – Security techniques – Digital signature schemes giving message recovery – Part 2: Mechanisms using a hash-funcion (1997)
iso/iec 9796-2:2002 Information technology – Security techniques – Digital signature schemes giving message recovery– Part 2: Integer factorization based mechanisms (2002)
Joye, M., Lenstra, A., Quisquater, J.-J.: Chinese remaindering cryptosystems in the presence of faults. Journal of Cryptology 21(1), 27–51 (1999)
Nguyen, P., Stern, J.: Cryptanalysis of a fast public key cryptosystem presented at sac 1997. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 213–218. Springer, Heidelberg (1999)
Nguyen, P., Stern, J.: Merkle-Hellman revisited: a cryptanalysis of the Qu-Vanstone cryptosystem based on group factorization. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 198–212. Springer, Heidelberg (1997)
Lenstra, A., Lenstra Jr., H., Lovász, L.: Factoring polynomials with rational coefficients. In: Mathematische Annalen, vol. 261, pp. 513–534. Springer, Heidelberg (1982)
Fujisaki, E., Okamoto, T., Pointcheval, D., Stern, J.: rsa-oaep is secure under the rsa assumption. Journal of Cryptology 17(2), 81–104 (2004)
Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public key cryptosystems. Communications of the acm, 120–126 (1978)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Coron, JS., Naccache, D., Tibouchi, M. (2010). Fault Attacks Against emv Signatures. In: Pieprzyk, J. (eds) Topics in Cryptology - CT-RSA 2010. CT-RSA 2010. Lecture Notes in Computer Science, vol 5985. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-11925-5_15
Download citation
DOI: https://doi.org/10.1007/978-3-642-11925-5_15
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-11924-8
Online ISBN: 978-3-642-11925-5
eBook Packages: Computer ScienceComputer Science (R0)