On the importance of eliminating errors in cryptographic computations (Q5934142)
From MaRDI portal
scientific article; zbMATH DE number 1606026
Language | Label | Description | Also known as |
---|---|---|---|
English | On the importance of eliminating errors in cryptographic computations |
scientific article; zbMATH DE number 1606026 |
Statements
On the importance of eliminating errors in cryptographic computations (English)
0 references
26 August 2003
0 references
Practical cryptanalysis need not be restricted just to searching for weaknesses of a particular cryptographic algorithm. Instead, an attacker can make an attempt to determine a cryptographic secret in a particular implementation of a cryptographic algorithm. The paper discusses a class of such attacks against various cryptographic schemes, namely attacks by taking advantage of hardware faults. The authors first describe a number of environments where such attacks may apply, introduce the attack model, and provide a summary of results. Then sections follow on RSA's vulnerability to hardware faults and attacks on identification protocols. Here it is shown that especially RSA implementations based on the Chinese Remainder Theorem are susceptible to hardware or software errors, but other implementations of RSA can be attacked as well, though the attack is not so practical as in the first case. Also it is shown that the secret key used in the Fiat-Shamir identification protocol is exposed after a small number of faulty executions of the protocol, and that similar results hold for Schnorr's identification protocol though a much larger number of erroneous executions is necessary. Several methods for defending against the attacks are then discussed, and the paper ends with brief summary and some open problems.
0 references
attack techniques
0 references
hardware faults
0 references
public key cryptosystems
0 references
identification protocols
0 references
cryptanalysis
0 references