CRT RSA algorithm protected against fault attacks

• Published in: Proceedings of the 1st IFIP TC6 /WG8.8 /WG11.2 international conference on Information security theory and practices: smart cards, mobile and ubiquitous computing systems pp. 229 - 243
• Main Authors: Boscher, Arnaud, Naciri, Robert, Prouff, Emmanuel
• Format: Conference Proceeding
• Language: English
• Published: Berlin, Heidelberg Springer-Verlag 09.05.2007
• Series: ACM Conferences
• Subjects: Information systems; Information systems > Data management systems; Information systems > Data management systems > Data structures; Information systems > Data management systems > Data structures > Data layout; Information systems > Data management systems > Data structures > Data layout > Data encryption; Security and privacy; Security and privacy > Cryptography; Social and professional topics; Social and professional topics > Computing > technology policy; Social and professional topics > Computing > technology policy > Computer crime; Theory of computation; Theory of computation > Computational complexity and cryptography; RSA; fault attacks; smart card; chinese remainder theorem; modular exponentiation; simple power analysis
• ISBN: 3540723536; 9783540723530
• DOI: 10.5555/1763190.1763216

Embedded devices performing RSA signatures are subject to Fault Attacks, particularly when the Chinese Remainder Theorem is used. In most cases, the modular exponentiation and the Garner recombination algorithms are targeted. To thwart Fault Attacks, we propose a new generic method of computing modular exponentiation and we prove its security in a realistic fault model. By construction, our proposal is also protected against Simple Power Analysis. Based on our new resistant exponentiation algorithm, we present two different ways of computing CRT RSA signatures in a secure way. We show that those methods do not increase execution time and can be easily implemented on low-resource devices.