Cryptography Reference
In-Depth Information
7.2.1.2 RSA Encryption
Let
m
be the plaintext that will be ciphered with the RSA algorithm. Then, the
cipher operation relies on the following modular exponentiation involving the public
exponent
e
:
m
e
mod
N
C
=
.
Here
C
denotes the ciphertext. After sending this ciphertext throughout a network,
the expected receiver of the message may want to recover the original message by
decrypting
C
. Then, this operation consists of computing
C
d
mod
N
m
˜
=
.
If no error occurs during computation, transmission or decryption of
C
, then we
expect to get
m
˜
=
m
mod
N
.
One can notice that performing a decryption implies knowledge of the private key.
This ensures that only its owner, and so the expected receiver, is able to recover
m
.
7.2.1.3 RSA Signature Scheme
As for the decryption, the RSA signature
S
of a message
m
consists of a modular
exponentiation to the power
d
m
d
mod
N
S
=
.
To check the validity of the received signature
(
S
,
m
)
, the associated public key is
used to ascertain that
?
=
S
e
mod
N
m
.
˙
In general, this is not really the plaintext
m
that is signed but a hash
m
.This
operation is performed by using a hash function
H
such that
m
˙
=
H (
m
)
. Then,
m
d
mod
N
. Furthermore, the usage of a hash
function is generally combined with a padding scheme (e.g. RSA-OAEP [30] for
the RSA encryption and RSA-PSS [31] for the signature). For the different fault
attacks presented in this paper, we assume that all RSA decryptions or signatures are
performed with some hash and/or deterministic padding function.
the sent signature is
(
S
,
˙
m
)
where
S
=˙
7.2.2 Modular Exponentiation Methods
Modular exponentiation is one of the core operations for implementing asymmetric
cryptography. Indeed for both RSA decryption and RSA signature schemes, one has
to compute a modular exponentiation of the input message as efficiently as possible.
