By Topic

An RSA Implementation Resistant to Fault Attacks and to Simple Power Analysis

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

1 Author(s)
C. Giraud ; Oberthur Card Syst., Pessac

Nowadays, side channel attacks allow an attacker to recover secrets stored in embedded devices more efficiently than any other kind of attack. Among the former, fault attacks (FA) and single power analysis (SPA) are probably the most effective: when applied to straightforward implementations of the RSA cryptosystem, only one execution of the algorithm is required to recover the secret key. Over recent years, many countermeasures have been proposed to prevent side channel attacks on RSA. Regarding fault attacks, only one countermeasure offers effective protection and it can be very costly. In this paper, we focus on a means to counteract fault attacks by presenting a new way of implementing exponentiation algorithms. This method can be used to obtain fast FA-resistant RSA signature generations in both the straightforward method and Chinese remainder theorem modes. Moreover, as it has been shown that fault attacks can benefit from the weaknesses introduced by some SPA countermeasures, we ensure that our method resists SPA and, thus, does not require supplementary SPA countermeasures

Published in:

IEEE Transactions on Computers  (Volume:55 ,  Issue: 9 )