Open AccessImproved Shamir's CRT‐RSA Algorithm: Revisit with the Modulus Chaining Method
Author(s) -
Lee Seungkwang,
Choi Dooho,
Choi Yongje
Publication year - 2014
Publication title -
etri journal
Language(s) - English
Resource type - Journals
SCImago Journal Rank - 0.295
H-Index - 46
eISSN - 2233-7326
pISSN - 1225-6463
DOI - 10.4218/etrij.14.0113.0317
Subject(s) - chinese remainder theorem , cryptosystem , computer science , algorithm , countermeasure , chaining , fault (geology) , timing attack , cryptography , fault model , side channel attack , embedded system , arithmetic , computer security , computer engineering , engineering , mathematics , psychology , seismology , geology , psychotherapist , aerospace engineering , electronic circuit , electrical engineering
RSA signature algorithms using the Chinese remainder theorem (CRT‐RSA) are approximately four‐times faster than straightforward implementations of an RSA cryptosystem. However, the CRT‐RSA is known to be vulnerable to fault attacks; even one execution of the algorithm is sufficient to reveal the secret keys. Over the past few years, several countermeasures against CRT‐RSA fault attacks have tended to involve additional exponentiations or inversions, and in most cases, they are also vulnerable to new variants of fault attacks. In this paper, we review how Shamir's countermeasure can be broken by fault attacks and improve the countermeasure to prevent future fault attacks, with the added benefit of low additional costs. In our experiment, we use the side‐channel analysis resistance framework system, a fault injection testing and verification system, which enables us to inject a fault into the right position, even to within 1 μs. We also explain how to find the exact timing of the target operation using an Atmega128 software board.