A Practical Fault Attack on Square and Multiply

Author

Schmidt, Jörn-Marc ; Herbst, Christoph

Author_Institution

Inst. for Appl. Inf. Process. & Commun. (IAIK), Graz Univ. of Technol., Graz

fYear

2008

fDate

10-10 Aug. 2008

Firstpage

53

Lastpage

58

Abstract

In order to provide security for a device, cryptographic algorithms are implemented on them. Even devices using a cryptographically secure algorithm may be vulnerable to implementation attacks like side channel analysis or fault attacks. Most fault attacks on RSA concentrate on the vulnerability of the Chinese Remainder Theorem to fault injections. A few other attacks on RSA which do not use this speed-up technique have been published. Nevertheless, these attacks require a quite precise fault injection like a bit flip or target a special operation without any possibility to check if the fault was injected in the intended way, like in safe-error attacks.In this paper we propose a new attack on square and multiply, based on a manipulation of the control flow. Furthermore, we show how to realize this attack in practice using non-invasive spike attacks and discuss impacts of different side channel analysis countermeasures on our attack. The attack was performed using low cost equipment.

Keywords

cryptography; fault diagnosis; Chinese Remainder Theorem; cryptographically secure algorithm; fault injections; low cost equipment; noninvasive spike attacks; practical fault attack; safe-error attacks; side channel analysis countermeasures; speed-up technique; Algorithm design and analysis; Business communication; Clocks; Costs; Cryptography; Data security; Fault diagnosis; Information processing; Information security; Registers;

fLanguage

English

Publisher

ieee

Conference_Titel

Fault Diagnosis and Tolerance in Cryptography, 2008. FDTC '08. 5th Workshop on

Conference_Location

Washington, DC

Print_ISBN

978-0-7695-3314-8

Type

conf

DOI

10.1109/FDTC.2008.10

Filename

4599557