Mostrar el registro sencillo del ítem

hal.structure.identifierOberthur Technologies
dc.contributor.authorBARBU, Guillaume
hal.structure.identifierOberthur Technologies
dc.contributor.authorBATTISTELLLO, Alberto
hal.structure.identifierOberthur Card Systems - Puteaux
dc.contributor.authorDABOSVILLE, Guillaume
hal.structure.identifierOberthur Technologies
dc.contributor.authorGIRAUD, Christophe
hal.structure.identifierPolynomial Systems [PolSys]
dc.contributor.authorRENAULT, Guénaël
hal.structure.identifierOberthur Technologies
hal.structure.identifierInstitut de Mathématiques de Bordeaux [IMB]
dc.contributor.authorRENNER, Soline
hal.structure.identifierOberthur Card Systems - Puteaux
hal.structure.identifierPolynomial Systems [PolSys]
dc.contributor.authorZEITOUN, Rina
dc.contributor.editorKaoru Kurosawa
dc.contributor.editorGoichiro Hanaoka
dc.date.issued2013
dc.date.conference2013-02-26
dc.description.abstractEnThis article introduces a new Combined Attack on a CRT-RSA implementation resistant against Side-Channel Analysis and Fault Injection attacks. Such implementations prevent the attacker from obtaining the signature when a fault has been induced during the computation. Indeed, such a value would allow the attacker to recover the RSA private key by computing the $gcd$ of the public modulus and the faulty signature. The principle of our attack is to inject a fault during the signature computation and to perform a Side-Channel Analysis targeting a sensitive value processed during the Fault Injection countermeasure execution. The resulting information is then used to factorize the public modulus, leading to the disclosure of the whole RSA private key. After presenting a detailed account of our attack, we explain how its complexity can be significantly reduced by using lattice reduction techniques. We also provide simulations that confirm the efficiency of our attack as well as two different countermeasures having a very small impact on the performance of the algorithm. As it performs a Side-Channel Analysis during a Fault Injection countermeasure to retrieve the secret value, this article recalls the need for Fault Injection and Side-Channel Analysis countermeasures as monolithic implementations.
dc.language.isoen
dc.publisherSpringer
dc.subject.enCombined Attacks
dc.subject.enCRT-RSA
dc.subject.enCoppersmith's methods
dc.subject.enFault Injection
dc.subject.enSide-Channel Analysis
dc.title.enCombined Attack on CRT-RSA. Why Public Verification Must Not Be Public?
dc.typeCommunication dans un congrès
dc.identifier.doi10.1007/978-3-642-36362-7_13
dc.subject.halInformatique [cs]/Cryptographie et sécurité [cs.CR]
bordeaux.page198-215
bordeaux.volume7778
bordeaux.conference.titlePKC 2013 - Public-Key Cryptography
bordeaux.countryJP
bordeaux.conference.cityNara
bordeaux.peerReviewedoui
hal.identifierhal-00777788
hal.version1
hal.invitednon
hal.proceedingsoui
hal.conference.end2013-03-01
hal.popularnon
hal.audienceInternationale
hal.origin.linkhttps://hal.archives-ouvertes.fr//hal-00777788v1
bordeaux.COinSctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.date=2013&rft.volume=7778&rft.spage=198-215&rft.epage=198-215&rft.au=BARBU,%20Guillaume&BATTISTELLLO,%20Alberto&DABOSVILLE,%20Guillaume&GIRAUD,%20Christophe&RENAULT,%20Gu%C3%A9na%C3%ABl&rft.genre=unknown


Archivos en el ítem

ArchivosTamañoFormatoVer

No hay archivos asociados a este ítem.

Este ítem aparece en la(s) siguiente(s) colección(ones)

Mostrar el registro sencillo del ítem