International Association for Cryptologic Research

International Association
for Cryptologic Research


Paper: On Second-Order Fault Analysis Resistance for CRT-RSA Implementations

Emmanuelle Dottax
Christophe Giraud
Matthieu Rivain
Yannick Sierra
Search ePrint
Search Google
Abstract: Since their publication in 1996, Fault Attacks have been widely studied from both theoretical and practical points of view and most of cryptographic systems have been shown vulnerable to this kind of attacks. Until recently, most of the theoretical fault attacks and countermeasures used a fault model which assumes that the attacker is able to disturb the execution of a cryptographic algorithm only once. However, this approach seems too restrictive since the publication in 2007 of the successful experiment of an attack based on the injection of two faults, namely a second-order fault attack. Amongst the few papers dealing with second-order fault analysis, three countermeasures were published at WISTP'07 and FDTC'07 to protect the RSA cryptosystem using the CRT mode. In this paper, we analyse the security of these countermeasures with respect to the second-order fault model considered by their authors. We show that these countermeasures are not intrinsically resistant and we propose a new method allowing us to implement a CRT-RSA that resists to this kind of second-order fault attack.
  title={On Second-Order Fault Analysis Resistance for CRT-RSA Implementations},
  booktitle={IACR Eprint archive},
  keywords={implementation / Smart Cards, RSA, Fault Attacks},
  note={ 14253 received 9 Jan 2009},
  author={Emmanuelle Dottax and Christophe Giraud and Matthieu Rivain and Yannick Sierra},