An efficient CRT-RSA algorithm secure against power and fault attacks

Sung Kyoung Kim, Tae Hyun Kim, Dong Guk Han, Seokhie Hong

Research output: Contribution to journalArticlepeer-review

9 Citations (Scopus)


RSA digital signatures based on the Chinese Remainder Theorem (CRT) are subject to power and fault attacks. In particular, modular exponentiation and CRT recombination are prone to both attacks. However, earlier countermeasures are susceptible to the possibility of advanced and sophisticated attacks. In this paper, we investigate state-of-the-art countermeasures against power and fault attacks from the viewpoint of security and efficiency. Then, we show possible vulnerabilities to fault attacks. Finally, we propose new modular exponentiation and CRT recombination algorithms secure against all known power and fault attacks. Our proposal improves efficiency by replacing arithmetic operations with logical ones to check errors in the CRT recombination step. In addition, since our CRT-RSA algorithm does not require knowledge of the public exponent, it guarantees a more versatile implementation.

Original languageEnglish
Pages (from-to)1660-1669
Number of pages10
JournalJournal of Systems and Software
Issue number10
Publication statusPublished - 2011 Oct

Bibliographical note

Funding Information:
This research was supported by the MKE (The Ministry of Knowledge Economy), Korea, under the “ITRC” support program supervised by the NIPA (National IT Industry Promotion Agency) (NIPA-2011-C1090-1001-0004).

Copyright 2018 Elsevier B.V., All rights reserved.


  • Checking procedure
  • Chinese Remainder Theorem (CRT)
  • Differential power analysis
  • Factorization attack
  • Fault attack
  • Simple power analysis

ASJC Scopus subject areas

  • Software
  • Information Systems
  • Hardware and Architecture


Dive into the research topics of 'An efficient CRT-RSA algorithm secure against power and fault attacks'. Together they form a unique fingerprint.

Cite this