Cryptography Reference
In-Depth Information
Chapter 7
A Survey of Differential Fault Analysis
Against Classical RSA Implementations
Alexandre Berzati, Cécile Canovas-Dumas and Louis Goubin
Abstract
Since its first introduction by Bellcore researchers, fault injection has
been considered as a powerful and practical way to attack cryptosystems, especially
when they are implemented on embedded devices. In this chapter, we will review
how fault injection has been practically and efficiently exploited to attack some
implementations of the celebrated RSA. The first attacks were based on perturbing
execution flow or a private key; powerful attacks exploiting modifications in the
public key have recently appeared. These new attacks are particularly relevant since
they highlights the need for also protecting public key elements against faults.
7.1 Introduction
Since the advent of side-channel attacks, resistance to classical cryptanalysis is no
longer sufficient to ensure the security of cryptographic algorithms. In practice,
implementations of algorithms on electronic devices are potential sources of leakage
that an attacker can use to completely break a system [74, 153, 240]. The injec-
tion of faults during the execution of cryptographic algorithms is considered as an
intrusive side-channel method because secret information may leak from malicious
modifications of a device's behavior [49, 56]. In this context, the security of pub-
lic key cryptosystems [56] and symmetric ciphers in both block [49] and stream
[182] modes have been challenged. Recently, some interesting results have been
obtained by attacking public key cryptosystems. More precisely, several papers have
demonstrated that the perturbation of public elements may induce critical flaws in
implementations of public key cryptosystems [44, 70, 225].
