We show that timely induction of random failures can potentially be used to mount very cost effective attacks against smartcards deploying cryptographic schemes based on (right-to-left) modular exponentiation. We introduce a model where an external perturbation, or glitch, may cause a single modular multiplication to produce a truly random result. Based on this assumption, we present a probabilistic attack against the implemented cryptosystenj. Under reasonable assumptions, we prove that using a single faulty signature the attack recovers a target bit of the secret exponent with an error probability bounded by 3/7. We show the attack is effective even in the presence of message blinding
Attacking right-to-left modular exponentiation with timely random faults / M. BOREALE. - STAMPA. - (2006), pp. 24-35. [10.1007/11889700_3]
Attacking right-to-left modular exponentiation with timely random faults
BOREALE, MICHELE
2006
Abstract
We show that timely induction of random failures can potentially be used to mount very cost effective attacks against smartcards deploying cryptographic schemes based on (right-to-left) modular exponentiation. We introduce a model where an external perturbation, or glitch, may cause a single modular multiplication to produce a truly random result. Based on this assumption, we present a probabilistic attack against the implemented cryptosystenj. Under reasonable assumptions, we prove that using a single faulty signature the attack recovers a target bit of the secret exponent with an error probability bounded by 3/7. We show the attack is effective even in the presence of message blindingI documenti in FLORE sono protetti da copyright e tutti i diritti sono riservati, salvo diversa indicazione.