Why One Should Also Secure RSA Public Key Elements PDF
Preview Why One Should Also Secure RSA Public Key Elements
Introduction Descriptionoftheattack Conclusion Why One Should Also Secure RSA Public Key Elements Eric Brier, Benoˆıt Chevallier-Mames, Mathieu Ciet and Christophe Clavier Gemalto,SecurityLabs CHES 2006, Yokohama - October 13, 2006 EricBrier,BenoˆıtChevallier-Mames, MathieuCietandChristopheClavier CHES2006,Yokohama Introduction Descriptionoftheattack Conclusion Outline 1 Introduction Previous work Our attack The threat model 2 Description of the attack Common Principle The bias based variant The collision based variant The full consistency exploitation variant 3 Conclusion Some interesting properties Counter-measures Open problems EricBrier,BenoˆıtChevallier-Mames, MathieuCietandChristopheClavier CHES2006,Yokohama Introduction Previouswork Descriptionoftheattack Ourattack Conclusion Thethreatmodel Outline 1 Introduction Previous work Our attack The threat model 2 Description of the attack Common Principle The bias based variant The collision based variant The full consistency exploitation variant 3 Conclusion Some interesting properties Counter-measures Open problems EricBrier,BenoˆıtChevallier-Mames, MathieuCietandChristopheClavier CHES2006,Yokohama Motivation It is usualy considered less important to secure public parameters than private ones Introduction Previouswork Descriptionoftheattack Ourattack Conclusion Thethreatmodel What is it about ? Fault analysis on public key cryptosystems by corrupting the value of public parameters EricBrier,BenoˆıtChevallier-Mames, MathieuCietandChristopheClavier CHES2006,Yokohama Introduction Previouswork Descriptionoftheattack Ourattack Conclusion Thethreatmodel What is it about ? Fault analysis on public key cryptosystems by corrupting the value of public parameters Motivation It is usualy considered less important to secure public parameters than private ones EricBrier,BenoˆıtChevallier-Mames, MathieuCietandChristopheClavier CHES2006,Yokohama Theseworksallowachosenmessageforgedsignaturetobeaccepted(e.g. maliciousapplet),but... Donotrevealthesigner’sRSAkey Relyonsomespecificfaultmodel Principle: alterpublicparametersofthecurvetomaketheDLbasepoint tobeofsmallorder. OnauthenticatedcomputingandRSA-basedauthentication[Sei05], ACM-CCS2005 IsitwisetopublishyourPublicRSAKeys? [GS06],FDTC2006 DifferentialFaultAttacksonEllipticCurveCryptosystems[BMV00],Crypto 2000 EllipticCurveCryptosystemsinthePresenceofPermanentandTransient Faults[CJ05],DesignsCodesandCryptography,2005 RSA Introduction Previouswork Descriptionoftheattack Ourattack Conclusion Thethreatmodel Previous work Elliptic Curve Cryptosystems EricBrier,BenoˆıtChevallier-Mames, MathieuCietandChristopheClavier CHES2006,Yokohama Theseworksallowachosenmessageforgedsignaturetobeaccepted(e.g. maliciousapplet),but... Donotrevealthesigner’sRSAkey Relyonsomespecificfaultmodel Principle: alterpublicparametersofthecurvetomaketheDLbasepoint tobeofsmallorder. OnauthenticatedcomputingandRSA-basedauthentication[Sei05], ACM-CCS2005 IsitwisetopublishyourPublicRSAKeys? [GS06],FDTC2006 EllipticCurveCryptosystemsinthePresenceofPermanentandTransient Faults[CJ05],DesignsCodesandCryptography,2005 RSA Introduction Previouswork Descriptionoftheattack Ourattack Conclusion Thethreatmodel Previous work Elliptic Curve Cryptosystems DifferentialFaultAttacksonEllipticCurveCryptosystems[BMV00],Crypto 2000 EricBrier,BenoˆıtChevallier-Mames, MathieuCietandChristopheClavier CHES2006,Yokohama Theseworksallowachosenmessageforgedsignaturetobeaccepted(e.g. maliciousapplet),but... Donotrevealthesigner’sRSAkey Relyonsomespecificfaultmodel OnauthenticatedcomputingandRSA-basedauthentication[Sei05], ACM-CCS2005 IsitwisetopublishyourPublicRSAKeys? [GS06],FDTC2006 Principle: alterpublicparametersofthecurvetomaketheDLbasepoint tobeofsmallorder. RSA Introduction Previouswork Descriptionoftheattack Ourattack Conclusion Thethreatmodel Previous work Elliptic Curve Cryptosystems DifferentialFaultAttacksonEllipticCurveCryptosystems[BMV00],Crypto 2000 EllipticCurveCryptosystemsinthePresenceofPermanentandTransient Faults[CJ05],DesignsCodesandCryptography,2005 EricBrier,BenoˆıtChevallier-Mames, MathieuCietandChristopheClavier CHES2006,Yokohama Theseworksallowachosenmessageforgedsignaturetobeaccepted(e.g. maliciousapplet),but... Donotrevealthesigner’sRSAkey Relyonsomespecificfaultmodel OnauthenticatedcomputingandRSA-basedauthentication[Sei05], ACM-CCS2005 IsitwisetopublishyourPublicRSAKeys? [GS06],FDTC2006 RSA Introduction Previouswork Descriptionoftheattack Ourattack Conclusion Thethreatmodel Previous work Elliptic Curve Cryptosystems DifferentialFaultAttacksonEllipticCurveCryptosystems[BMV00],Crypto 2000 EllipticCurveCryptosystemsinthePresenceofPermanentandTransient Faults[CJ05],DesignsCodesandCryptography,2005 Principle: alterpublicparametersofthecurvetomaketheDLbasepoint tobeofsmallorder. EricBrier,BenoˆıtChevallier-Mames, MathieuCietandChristopheClavier CHES2006,Yokohama Theseworksallowachosenmessageforgedsignaturetobeaccepted(e.g. maliciousapplet),but... Donotrevealthesigner’sRSAkey Relyonsomespecificfaultmodel OnauthenticatedcomputingandRSA-basedauthentication[Sei05], ACM-CCS2005 IsitwisetopublishyourPublicRSAKeys? [GS06],FDTC2006 Introduction Previouswork Descriptionoftheattack Ourattack Conclusion Thethreatmodel Previous work Elliptic Curve Cryptosystems DifferentialFaultAttacksonEllipticCurveCryptosystems[BMV00],Crypto 2000 EllipticCurveCryptosystemsinthePresenceofPermanentandTransient Faults[CJ05],DesignsCodesandCryptography,2005 Principle: alterpublicparametersofthecurvetomaketheDLbasepoint tobeofsmallorder. RSA EricBrier,BenoˆıtChevallier-Mames, MathieuCietandChristopheClavier CHES2006,Yokohama
Description:The list of books you might like
