Cryptography Reference
In-Depth Information
Fig. 18.10
Power consumption of a CRT-based LR binary RSA with dummy multiplication
Table 18.6
Actual values based on experiments and secret values using RSA attack
Actual values
Correct output
008f535623122751c9c780c2b16c7dca52d0c595026eb46fd8e25296996e45c8\
ffca0e9e4080a2169379cd41ce1f336c07b25bf43dba5f27c95bf575552bcb8c
Faulty output
010625188f795efd6d05a008eff5b1914b76ead9f2af98529280f47867770ab0\
acdc5c2b9479c5f53f076deba24d1c6b4188c4ca9ee9cdd9692417b9a48fa556
Public modulus
00958f36f47ee7f4cb62db37c420e55ea18c4726f5d94b66d9dcb4d9df784767\
c5a1870fbfd39fd6ab48ef1bb9cf97cb829086c8b72f037e031422b191d07d5f
Secret values
Prime
p
3a909b053b310fe1e26d72d317108622d9d4934e9834b7a0ef3b9881ca2779b7
Prime
q
028dc1e58b8f557e51774d93224d24e5e3df06f31546942ae7a2f19786d93999
Secret key
002d833545560f9dfeae40d1d621b4ce23c91ac406de399f32f52b81e403d006\
6282048a2ad1b3c1168ff402b16bdc6f15652be337a8071360256367e048db8f
18.5.3 Yen et al.'s Attack Against RSA with Dummy Operation
(Safe-Error Attack)
Yen et al. proposed a computational safe-error attack, the so-called C safe-error
attack, against a classical exponentiation algorithm with countermeasures for side-
channel attacks, such as the square-and-multiply-always exponentiation algorithm
using a dummy operation [429]. The C safe-error attack is performed by inducing
transient random computational faults during a potentially dummy multiplication.
This attack uses the fact that when the current exponent bit of a private key is equal
to 0, the fault injection has no effect since the multiplication is a dummy operation.
Therefore, the exponent bit can be obtained by examining the correctness of the
output.
