Skip to main content
SpringerLink
Log in

A Survey of Differential Fault Analysis Against Classical RSA Implementations

  • Chapter
  • First Online:
Book cover Fault Analysis in Cryptography

Part of the book series: Information Security and Cryptography ((ISC))

Abstract

Since its first introduction by Bellcore researchers, fault injection has been considered as a powerful and practical way to attack cryptosystems, especially when they are implemented on embedded devices. In this chapter, we will review how fault injection has been practically and efficiently exploited to attack some implementations of the celebrated RSA. The first attacks were based on perturbing execution flow or a private key; powerful attacks exploiting modifications in the public key have recently appeared. These new attacks are particularly relevant since they highlights the need for also protecting public key elements against faults.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    \(p\) is a prime number such that \(p \lnot \mid \dot{m_i}\) and \(p \lnot \mid S_i\).

  2. 2.

    When \(e\) is small, the authors take advantage of the RSA equation \(e \cdot d \equiv 1 \mathrm{ mod}{\varphi (N)}\) to determine the most significant part of \(d\). Indeed, knowing that \(\varphi (N) = N + 1 - p - q \approx N\) for its most significant part, then \(d \approx \frac{1 + k \cdot (N+1)}{e}\) with \(k < e\). Hence, if \(e\) is small (e.g. \(e = 2^16+1\)), the most significant part of \(d\) can be directly deduced from the previous relation completed by an exhaustive search on \(k\).

Author information

Authors and Affiliations

  1. CEA Leti, Grenoble, France

    Alexandre Berzati & Cécile Canovas-Dumas

  2. Université de Versailles Saint-Quentin-en-Yvelines, Versailles, France

    Louis Goubin

Authors
  1. Alexandre Berzati
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Cécile Canovas-Dumas
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Louis Goubin
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. , Security & Content Protection Labs, Technicolor, avenue de Belle Fontaine 1, Cesson-Sévigné Cedex, 35576, France

    Marc Joye

  2. Dept. Computer Science, University of Bristol, Woodland Road, Bristol, BS8 1UB, United Kingdom

    Michael Tunstall

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Berzati, A., Canovas-Dumas, C., Goubin, L. (2012). A Survey of Differential Fault Analysis Against Classical RSA Implementations. In: Joye, M., Tunstall, M. (eds) Fault Analysis in Cryptography. Information Security and Cryptography. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29656-7_7

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-29656-7_7

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-29655-0

  • Online ISBN: 978-3-642-29656-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation