Skip to main content
SpringerLink
Log in

Fault Attacks Against RSA-CRT Implementation

  • Chapter
  • First Online:
Fault Analysis in Cryptography

Part of the book series: Information Security and Cryptography ((ISC))

  • 2813 Accesses

Abstract

RSA-CRT uses the Chinese Remainder Theorem to speed up the computation of an RSA decryption or a signature and reduces the size of the data stored in memory. This implementation is four times faster than the RSA standard implementation. This is why the CRT implementation of RSA is widely deployed in embedded systems. However, Boneh et al. showed that an error that occurred during the exponentiation could allow one break the implementation of RSA-CRT in 1997. This is a very powerful attack as one can easily find the key of RSA with only one faulty signature. Many countermeasures have been proposed to prevent this attack, but most of them have failed. In this chapter, we introduce a survey of the attacks and countermeasures against RSA-CRT implementations.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 109.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

  1. 1.

    The original version of [161] does not have a blinded modulus. That is, every modular computation is done with modulus \(N\) instead of \(k \cdot N\). Therefore the original version is vulnerable to a relative doubling attack [431]. The CRT recombination with blinded moduli is also used in the modified version to counter other specific SPA attacks (cf. [311]).

Author information

Authors and Affiliations

  1. Université Catholique de Louvain, Louvain-la-Neuve, Belgium

    Chong Hee Kim & Jean-Jacques Quisquater

Authors
  1. Chong Hee Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jean-Jacques Quisquater
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. , Security & Content Protection Labs, Technicolor, avenue de Belle Fontaine 1, Cesson-Sévigné Cedex, 35576, France

    Marc Joye

  2. Dept. Computer Science, University of Bristol, Woodland Road, Bristol, BS8 1UB, United Kingdom

    Michael Tunstall

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Hee Kim, C., Quisquater, JJ. (2012). Fault Attacks Against RSA-CRT Implementation. In: Joye, M., Tunstall, M. (eds) Fault Analysis in Cryptography. Information Security and Cryptography. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29656-7_8

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-29656-7_8

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-29655-0

  • Online ISBN: 978-3-642-29656-7

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation