Cryptanalysis of a Type of CRT-Based RSA Algorithms 被引量：1

Cryptanalysis of a Type of CRT-Based RSA Algorithms

导出

摘要 It is well known that the Chinese Remainder Theorem （CRT） can greatly improve the performances of RSA cryptosystem in both running times and memory requirements. However, if the implementation of CRT-based RSA is careless, an attacker can reveal some secret information by exploiting hardware fault cryptanalysis. In this paper, we present some fault attacks on a type of CRT-RSA algorithms namely BOS type schemes including the original BOS scheme proposed by Blomer, Otto, and Seifert at CCS 2003 and its modified scheme proposed by Liu et al. at DASC 2006. We first demonstrate that if some special signed messages such as m = 0, ±1 are dealt carelessly, they can be exploited by an adversary to completely break the security of both the BOS scheme and Liu et al.＇s scheme. Then we present a new permanent fault attack on the BOS scheme with a success probability about 25%. Lastly, we propose a polynomial time attack on Liu et al.＇s CRT-RSA algorithm, which combines physical fault injection and lattice reduction techniques when the public exponent is short. It is well known that the Chinese Remainder Theorem （CRT） can greatly improve the performances of RSA cryptosystem in both running times and memory requirements. However, if the implementation of CRT-based RSA is careless, an attacker can reveal some secret information by exploiting hardware fault cryptanalysis. In this paper, we present some fault attacks on a type of CRT-RSA algorithms namely BOS type schemes including the original BOS scheme proposed by Blomer, Otto, and Seifert at CCS 2003 and its modified scheme proposed by Liu et al. at DASC 2006. We first demonstrate that if some special signed messages such as m = 0, ±1 are dealt carelessly, they can be exploited by an adversary to completely break the security of both the BOS scheme and Liu et al.＇s scheme. Then we present a new permanent fault attack on the BOS scheme with a success probability about 25%. Lastly, we propose a polynomial time attack on Liu et al.＇s CRT-RSA algorithm, which combines physical fault injection and lattice reduction techniques when the public exponent is short.

作者秦宝东李明孔凡玉

机构地区 College of Computer Science and Technology Institute of Network Security

出处《Journal of Computer Science & Technology》 SCIE EI CSCD 2008年第2期214-221,共8页 计算机科学技术学报（英文版）

关键词 Chinese remainder theorem RSA BOS scheme CRYPTANALYSIS fault attack LLL Chinese remainder theorem, RSA, BOS scheme, cryptanalysis, fault attack, LLL

分类号 TN873 [电子电信—信息与通信工程]

引文网络
相关文献

参考文献23

1Boneh D, DeMillo R A, Lipton R J. On the importance of checking cryptographic protocols for fault. In Proc. EU- ROCRYPT'97, Konstanz, Germany, Springer-Verlag, 1997, pp.37-51.
2Christian Aumuller, Peter Bier, Wieland Fischer, Peter Hofreiter, Jean-Pierre Seifert. Fault attacks on RSA with CRT: Concrete results and practical countermeasures. In Proc. CHES'02, Redwood Shores, USA, August 13-15, 2002, pp. 260-275.
3Bar-El H, Choukri H, Naccache D, Tunstall M, Whelan C. The sorcerer's apprentice guide to fault attacks. In Proc. Workshop on Fault Detection and Tolerance in Cryptography, Florence, Italy, June 2004.
4Couvreur C, Quisquater J. Fast decipherment algorithm for RSA public-key cryptosystem. Electronic Letters, 1982, 18(21): 905-907.
5Yen S', Kim S, Lim S, Moon S. RSA Speedup with Chinese remainder theorem immune against hardware fault Cryptanalysis. IEEE Transactions on Computers, April 2003, 52: 461- 472.
6Ross J Anderson, Markus G Kuhn. Low cost attacks on tamper resistant devices. In Proc. 5th International Workshop on Security Protocols, Paris, France, April 07-09, 1997, pp.125- 136.
7Skorobogatov S, Anderson R. Optical fault induction attacks. In Proc. Workshop on Cryptographic Hardware and Erabedded Systems, Hotel Sofitel, San Francisco Bay (Redwood City), USA, August 13-15, 2002.
8Bellcore Press Release. New threat model breaks crypto codes. Sept. 1996, http://www.bellcore.com/PRESS/ADVSRY96/facts.html.
9Ciet M, Joye M. Practical fault countermeasures for Chinese remaindering based RSA. In Proc. FDTC'05, Edinburgh, Scotland, September 2, 2005, pp.124-131.
10Johannes Blomer, Martin Otto. Wagner's attack on a secure CRT-RSA algorithm reconsidered. In Proc. FDTC'06, Yokohama, Japan, Springer-Verlag, 2006, pp.13-23.

同被引文献2

1王缔郦,白国强,陈弘毅.一种Montgomery模乘算法硬件结构[J].微电子学与计算机,2010,27(5):1-4. 被引量：4
2成为,谷大武,郭筝,张雷.一种针对RSA-CRT的功耗分析攻击方法[J].通信技术,2011,44(6):123-125. 被引量：7

引证文献1

1郭炜,刘亚灵,白松辉,魏继增,孙达志.Hardware Architecture for RSA Cryptography Based on Residue Number System[J].Transactions of Tianjin University,2012,18(4):237-242.

1Yanbin LI,Guoyan ZHANG,Wei WANG,Meiqin WANG.Cryptanalysis of round-reduced ASCON[J].Science China(Information Sciences),2017,60(3):217-218.
2YUAN Feng,HU Yu-pu,WANG Yan,OU Hai-wen.Cryptanalysis of dragon scheme[J].The Journal of China Universities of Posts and Telecommunications,2010,17(4):80-87.
3陈靖雯,夏诗文,林勇.RSA加密二维码在防伪溯源系统中的应用[J].宁波工程学院学报,2016,28(4):31-36. 被引量：4
4李明树,王文敏,唐朔飞,赵晶.支持AI问题求解的成员系统[J].计算机研究与发展,1992,29(11):8-14. 被引量：2
5王文杰,李小平.鲁棒的闭式中国余数定理及其在欠采样频率估计中的应用[J].信号处理,2013,29(9):1206-1211. 被引量：8
6刘洋.关于侧信道攻击及其对策的一点探讨[J].警察技术,2014(B06):26-28. 被引量：1
7李欣,范明钰.能量分析攻击及其防御策略研究[J].信息安全与通信保密,2005,27(7):105-107. 被引量：1
8Dezhi Gao Xiangqian Liang.Cryptanalysis of Hwang et al.＇s Improved Encryption Scheme[J].Journal of Systems Science and Information,2009,7(2):159-163. 被引量：2
9李宏伟,杨寿保,黄梅荪,任安西.基于中国余数定理的移动自组网签名方案[J].计算机工程,2006,32(2):153-155. 被引量：2
10刘超.浅谈翻译法在PLC教学中的应用[J].网友世界,2014(4):125-125.

Journal of Computer Science & Technology

2008年第2期

浏览历史

内容加载中请稍等...

Cryptanalysis of a Type of CRT-Based RSA Algorithms 被引量：1

参考文献23

同被引文献2

引证文献1

相关作者

相关机构

相关主题

浏览历史