On the Importance of Checking Cryptographic Protocols for Faults

On the Importance of Checking Cryptographic Protocols for Faults (1997)

Cached

Download Links

[www.cs.princeton.edu]

by Dan Boneh , Richard A. Demillo , Richard J. Lipton

Citations:

238 - 6 self

BibTeX

@INPROCEEDINGS{Boneh97onthe,
    author = {Dan Boneh and Richard A. Demillo and Richard J. Lipton},
    title = {On the Importance of Checking Cryptographic Protocols for Faults},
    booktitle = {},
    year = {1997},
    pages = {37--51},
    publisher = {Springer-Verlag}
}

Years of Citing Articles

Bookmark

OpenURL

Abstract

We present a theoretical model for breaking various cryptographic schemes by taking advantage of random hardware faults. We show how to attack certain implementations of RSA and Rabin signatures. An implementation of RSA based on the Chinese Remainder Theorem can be broken using a single erroneous signature. Other implementations can be broken using a larger number of erroneous signatures. We also analyze the vulnerability to hardware faults of two identification protocols: Fiat-Shamir and Schnorr. The Fiat-Shamir protocol can be broken after a small number of erroneous executions of the protocol. Schnorr's protocol can also be broken, but a larger number of erroneous executions is needed. Keywords: Hardware faults, Cryptanalysis, RSA, Fiat-Shamir, Schnorr, Public key systems, Identification protocols. 1 Introduction Direct attacks on the famous RSA cryptosystem seem to require that one factor the modulus. Therefore, it is interesting to ask whether there are attacks that avoid this....

Citations

512	Efficient signature generation for smart cards - Schnorr - 1991
321	Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems - Kocher - 1996
312	Tamper Resistance - A Cautionary Note - Anderson - 1996
289	Zero Knowledge Proofs of Identity - Feige, Fiat, et al. - 1987
288	The exact security of digital signatures - how to sign with rsa and rabin - Bellare, Rogaway - 1996
261	Digitalized signatures and public-key functions as intractable as factorization - Rabin
196	Low Cost Attacks on Tamper Resistant Devices - Anderson, Kuhn - 1997
175	A Practical Zero-Knowledge Protocol Fitted to Security Microprocessors Minimizing Both Transmission and Memory - Guillou, Quisquater - 1988
166	Differential Fault Analysis of Secret Key Cryptosystems, volume 1294 - Biham, Shamir - 1997
29	Ngair T., “Breaking public key cryptosystems on tamper resistant devices in the presence of transient faults - Bao, Deng, et al. - 1998
20	Memo on RSA signature generation in the presence of faults - Lenstra - 1996
10	Witness Based Cryptographic Program Checking and Robust Function Sharing - Frankel, Gemmell, et al.
8	Attacks on systems using Chinese remaindering - Joye, Lenstra, et al. - 1999
3	How to check modular exponentiation", Rump session, Eurocrypt 97 - Shamir - 1997
2	Breaking smartcard implementations of ElGamal signatures and its variants", Rump session, AsiaCrypt '96, preprint available at http://www.pscit.monash.edu.au/~yuliang - Zheng, Matsumoto
1	Program result checking", in proc. of 35th annual symposium on foundations of computer science - Blum, Wasserman - 1994