RSA digital signatures based on the Chinese Remainder Theorem (CRT) are subject to power and fault attacks. In particular, modular exponentiation and CRT recombination are prone to both attacks. However, earlier countermeasures are susceptible to the possibility of advanced and sophisticated attacks. In this paper, we investigate state-of-the-art countermeasures against power and fault attacks from the viewpoint of security and efficiency. Then, we show possible vulnerabilities to fault attacks. Finally, we propose new modular exponentiation and CRT recombination algorithms secure against all known power and fault attacks. Our proposal improves efficiency by replacing arithmetic operations with logical ones to check errors in the CRT recombination step. In addition, since our CRT-RSA algorithm does not require knowledge of the public exponent, it guarantees a more versatile implementation.
Bibliographical noteFunding Information:
This research was supported by the MKE (The Ministry of Knowledge Economy), Korea, under the “ITRC” support program supervised by the NIPA (National IT Industry Promotion Agency) (NIPA-2011-C1090-1001-0004).
Copyright 2018 Elsevier B.V., All rights reserved.
- Checking procedure
- Chinese Remainder Theorem (CRT)
- Differential power analysis
- Factorization attack
- Fault attack
- Simple power analysis
ASJC Scopus subject areas
- Information Systems
- Hardware and Architecture