Homomorphic Property-Based Concurrent Error Detection of RSA: A Countermeasure to Fault Attack

Fault-based attacks, which recover secret keys by deliberately introducing fault(s) in cipher implementations and analyzing the faulty outputs, have been proved to be extremely powerful. In this paper, we propose a novel Concurrent Error Detection (CED) scheme to counter fault-based attack against RSA by exploiting its multiplicative homomorphic property. Specifically, the proposed CED scheme verifies if Π_i=1^k E(m_i) ≡ EΠ_i=1^k m_i (mod n) (mod n) where E could be either RSA encryption, or decryption, or signature, or verification process. Upon a mismatch, all the ciphertexts will be suppressed. The time overhead is 1/k and k can be used to trade-off the time overhead with memory overhead and output latency. Recognizing that an RSA device could be subject to a combination of several side-channel attacks, the proposed scheme enables an easy divide-and-concur solution-any fine-tuned architecture, for example, a power-attack-resistant architecture, can be equipped with fault-attack resistance easily without disturbing its original resistance. This advantage distinguishes the proposed scheme over the existing countermeasures.