| RSA-CRT密码防御算法的故障注入攻击 |
| |
| 作者姓名: | 孔凡玉 乔咏 刘蓬涛 刘晓东 周大水 |
| |
| 作者单位: | 1. 山东大学网络信息安全研究所,山东 济南 250100;2. 中标软件有限公司,北京 100190;3. 山东政法学院网络空间安全学院,山东 济南 250014 |
| |
| 基金项目: | 国家自然科学基金项目资助(61602275) |
| |
| 摘 要: | RSA 密码是在 TLS、SSL、IPSec 等网络安全协议中广泛使用的密码算法,其安全性至关重要。在FDTC 2014会议上,Rauzy和Guilley提出了改进的基于中国剩余定理的RSA密码实现算法,用于抵抗故障注入攻击。针对Rauzy和Guilley的两个RSA-CRT安全防御算法,提出了相应的故障注入攻击方法,在RSA密码运算过程中注入一个永久性错误,并利用错误的RSA运算结果,计算出RSA私钥。此攻击表明,Rauzy和Guilley的两个RSA安全实现算法不能抵抗故障注入攻击。
|
| 关 键 词: | RSA密码 中国剩余定理 侧信道攻击 故障注入攻击 |
Fault-injection attack on countermeasure algorithms of RSA-CRT cryptosystem |
| |
| Authors: | Fanyu KONG Yong QIAO Pengtao LIU Xiaodong LIU Dashui ZHOU |
| |
| Affiliation: | 1. Institute of Network Security,Shandong University,Jinan 250100,China;2. China Standard Software Co.,Ltd.,Beijing 100190,China;3. School of Cyberspace Security,Shandong University of Political Science and Law,Jinan 250014,China |
| |
| Abstract: | As a widely-applied public-key cryptosystem in TLS,SSL and IPSec protocols,the security of RSA cryptosystem is of great importance.At FDTC 2014,Rauzy and Guilley proposed several improved countermeasure algorithms of RSA implementation based on Chinese remainder theorem,which were used to defeat fault-injection attacks.New fault-injection attacks on two of their countermeasure algorithms are proposed.During the RSA computation process,a permanent fault is injected and then a faulty RSA signature result is induced.The RSA private key can be obtained by using the faulty RSA signature and the correct result.Therefore,Rauzy and Guilley’s two countermeasure algorithms cannot resist our fault-injection attack. |
| |
| Keywords: | RSA cryptosystem Chinese remainder theorem side channel attack fault-injection attack |
|
| 点击此处可从《》浏览原始摘要信息 |
|
点击此处可从《》下载全文 |
