期刊文献+

一种关于CRT-RSA算法的差分错误注入攻击 被引量:1

Differential Fault Attack on CRT-RSA
分享 导出
摘要 自从针对嵌入式设备上的CRT-RSA算法的Bellcore攻击提出以后,CRT-RSA算法的错误注入攻击一直是学术界研究的热点.研究人员针对CRT-RSA算法提出了很多防御方案,并针对这些防御方案提出了不同的攻击方法,但是,后续提出的攻击方法都是基于Bellcore攻击思想,通过错误的结果数据或者验签的数据和正确结果数据的差和模数求公约数的方法进行攻击.该文针对CRT-RSA算法提出了一种新的攻击方法,该攻击方法需要针对同一明文运算两次不同错误的结果即可实现.该方法只是利用了整数分解定理和求最大公约数运算,计算过程和复杂度都比较简单.考虑到实际中攻击复杂度,该文提出了针对该方法的优化方案,使用了选择明文方式进行错误攻击攻击实验,并通过仿真方式证明本方法的可行性.仿真表明,该方法具有较低的复杂度,不到1秒钟即可实现1024位CRT-RSA算法密钥的破解.该方法同样适用于密钥长度更长的CRT-RSA的破解.由于只需要两次独立错误很大概率上即可恢复密钥,因此,本攻击方法具有很强的可行性,本文针对这种攻击方法提出两种防御方案,以抵御这种错误注入攻击手段. Since the publication of Bellcore's attack on CRT-RSA, differential fault attack on CRT-RSA has attracted much interest. Researchers have proposed many countermeasures against the Bellcore's attack on CRT-RSA, and some of those countermeasures are found to be invalid for fault injection protection. However, most of the proposed attacks are derived from Bellcore's attack, which use GCD function and different fault signatures corresponding to factor N. In this paper we propose another attack method which is different from Bellcore's attack. It could be implemented through two different fault results corresponding to a same message. The attack just relies on Great common divisor solving and integer factorization, so it is feasible to implement the attack. Considering the complexity and time cost by this attack, we suggest to use optimized method to accelerate the analysis process through chosen messages. We also use simulation to verify the validity of the optimized method. The simulation showed that it is of low complexity to break 1024 bits CRT-RSA and it is also effective to break CRT-RSA whose key length is larger than 1024. The private key can be recovered through two independent errors, therefore it is feasible to implement the attack. Finally we propose two countermeasures to prevent the attack.
作者 李增局 LI Zeng-Ju;Beijing Huaronghengan Ltd.,DPLS lab
出处 《密码学报》 CSCD 2016年第6期546-554, Journal of Cryptologic Research
关键词 CRT-RSA Garner形式 差分错误注入 最大公约数 整数唯一分解定理 CRT-RSA Garner mode differential fault analysis great common divisor integer factor principle
  • 相关文献

同被引文献1

引证文献1

投稿分析

相关作者

内容加载中请稍等...

相关机构

内容加载中请稍等...

相关主题

内容加载中请稍等...

浏览历史

内容加载中请稍等...
;
使用帮助 返回顶部 意见反馈