International Association for Cryptologic Research

International Association
for Cryptologic Research

CryptoDB

Seifert's RSA Fault Attack: Simplified Analysis and Generalizations

Authors:
James A. Muir
Download:
URL: http://eprint.iacr.org/2005/458
Search ePrint
Search Google
Abstract: Seifert recently described a new fault attack against an implementation of RSA signature verification. Here we give a simplified analysis of Seifert's attack and gauge its practicality against RSA moduli of practical sizes. We suggest an improvement to Seifert's attack which has the following consequences: if an adversary is able to cause random faults in only 4 bits of a 1024-bit RSA modulus stored in a device, then there is a greater than 50% chance that they will be able to make that device accept a signature on a message of their choice. For 2048-bit RSA, 6 bits suffice.
BibTeX
@misc{eprint-2005-12791,
  title={Seifert's RSA Fault Attack:  Simplified Analysis and Generalizations},
  booktitle={IACR Eprint archive},
  keywords={implementation / RSA, fault analysis},
  url={http://eprint.iacr.org/2005/458},
  note={ jamuir@scs.carleton.ca 13133 received 15 Dec 2005},
  author={James A. Muir},
  year=2005
}