Abstract. Fault attacks as introduced by Bellcore in 1996 are still a major threat toward cryptographic products supporting RSA signatures. Most often on embedded devices, the public exponent is unknown, turning resistance to fault attacks into an intricate problem. Over the past few years, several techniques for secure implementations have been published, all of which suffering from inadequacy with the constraints faced by embedded platforms. In this paper, we introduce a novel countermeasure mechanism against fault attacks in RSA signature generation. In the restricted context of security devices where execution time, memory consumption, personalization management and code size are strong constraints, our countermeasure is simply applicable with a low computational complexity. Our method extends to all cryptosystems based on modular exponentiation.
Abstract. As the core operation of many public key cryptosystems, group exponentiation is central to cryptography. Attacks on its implementation in embedded device setting is hence of great concern. Recently, implementations resisting both simple side-channel analysis and fault attacks were proposed. In this paper, we go further and present an algorithm that also inherently thwarts differential side-channel attacks in finite abelian groups with only limited time and storage overhead.
Recently, Bringer et al. [10] introduced a new countermeasure based on linear codes. This elegant design aims at protecting advanced encryption standard against both side-channel attacks and fault attacks (FA). However, the fault detection during nonlinear operations (for example SubBytes operation) was left as an open question. The present work studies how linear systematic error correcting codes can simply be used to detect fault injections during nonlinear operations in a symmetric block cipher. In particular, for the faults that cause errors with limited Hamming weight, this method can lead to interesting detection capabilities. Considering this way of protecting AES encryption against FA, a concrete implementation is presented. For a given fault model, a methodology of formal verification is applied to some parts of this implementation, assessing the fault resistance of one linear operation AddRoundKey and one nonlinear operation SubBytes.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.