By Topic

A Practical Fault Attack on Square and Multiply

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Jörn-Marc Schmidt ; Inst. for Appl. Inf. Process. & Commun. (IAIK), Graz Univ. of Technol., Graz ; Christoph Herbst

In order to provide security for a device, cryptographic algorithms are implemented on them. Even devices using a cryptographically secure algorithm may be vulnerable to implementation attacks like side channel analysis or fault attacks. Most fault attacks on RSA concentrate on the vulnerability of the Chinese Remainder Theorem to fault injections. A few other attacks on RSA which do not use this speed-up technique have been published. Nevertheless, these attacks require a quite precise fault injection like a bit flip or target a special operation without any possibility to check if the fault was injected in the intended way, like in safe-error attacks.In this paper we propose a new attack on square and multiply, based on a manipulation of the control flow. Furthermore, we show how to realize this attack in practice using non-invasive spike attacks and discuss impacts of different side channel analysis countermeasures on our attack. The attack was performed using low cost equipment.

Published in:

Fault Diagnosis and Tolerance in Cryptography, 2008. FDTC '08. 5th Workshop on

Date of Conference:

10-10 Aug. 2008