共查询到20条相似文献,搜索用时 15 毫秒
1.
Yoo-Jin Baek 《International Journal of Information Security》2010,9(5):363-370
With the growing demand of efficient cryptosystems, their secure implementations against various side-channel attacks and
the fault attack are also requested from the practice. Several countermeasures are proposed so far, and this paper proposes
a new regular 2
w
-ary right-to-left exponentiation algorithm, which can be equipped with very efficient DPA (differential power attack) and
FA (fault attack) countermeasures. Since its regular behavior clearly prevents the simple power analysis attack, the new algorithm
gives a strong resistance to all the well-known major implementation attacks. This paper also gives a variant of the new algorithm
for securely implementing the RSA cryptosystem with CRT (Chinese Remainder Theorem). 相似文献
2.
有效解决RSA共模攻击的素数生成方案 总被引:6,自引:0,他引:6
RSA公钥密码体制是一种被广泛使用的公钥密码体制。为了求取RSA加密体制的加解密密钥,首先需要获得两个大素数。因此,大素数的选取及使用是保证RSA安全性的一个重要环节,不当的素数选取及使用将会使其很容易遭受攻击,共模攻击即为较常见的一种。针对这一问题,论文提出一种新的素数生成方案,保证为每一用户生成不同的大素数,消除RSA体制在使用中遭受共模攻击的可能,提高体制的安全性。 相似文献
3.
Neil Hanley Michael Tunstall William P. Marnane 《International Journal of Information Security》2011,10(4):255-266
Since side channel analysis was introduced as a method to recover secret information from an otherwise secure cryptosystem,
many countermeasures have been proposed to prevent leakage from secure devices. Among these countermeasures is side channel
atomicity that makes operations indistinguishable using side channel analysis. In this paper, we present practical results
of an attack on RSA signature generation, protected in this manner, based on the expected difference in Hamming weight between
the result of a multiplication and a squaring operation. This work presents the first attack that we are aware of where template
analysis can be used without requiring an open device to characterize an implementation of a given cryptographic algorithm.
Moreover, an attacker does not need to know the plaintexts being operated on and, therefore, blinding and padding countermeasures
applied to the plaintext do not hinder the attack in anyway. 相似文献
4.
In this paper, we propose two new attack algorithms on RSA implementations with CRT (Chinese remainder theorem). To improve the attack efficiency considerably, a clustering collision power attack on RSA with CRT is introduced via chosen-message pairs. This attack method is that the key parameters dp and dq are segmented by byte, and the modular multiplication collisions are identified by k-means clustering. The exponents dp and dq were recovered by 12 power traces of six groups of the specific message pairs, and the exponent d was obtained. We also propose a second order clustering collision power analysis attack against RSA implementation with CRT, which applies double blinding exponentiation. To reduce noise and artificial participation, we analyze the power points of interest by preprocessing and k-means clustering with horizontal correlation collisions. Thus, we recovered approximately 91% of the secret exponents manipulated with a single power curve on RSA-CRT with countermeasures of double blinding methods. 相似文献
5.
It is well known that the Chinese Remainder Theorem(CRT)can greatly improve the performances of RSA cryptosystem in both running times and memory requirements.However,if the implementation of CRT-based RSA is careless,an attacker can reveal some secret information by exploiting hardware fault cryptanalysis.In this paper,we present some fault attacks on a type of CRT-RSA algorithms namely BOS type schemes including the original BOS scheme proposed by Bl(?)mer,Otto,and Seifert at CCS 2003 and its modified scheme proposed by Liu et al.at DASC 2006.We first demonstrate that if some special signed messages such as m=0,±1 are dealt carelessly,they can be exploited by an adversary to completely break the security of both the BOS scheme and Liu et al.'s scheme.Then we present a new permanent fault attack on the BOS scheme with a success probability about 25%.Lastly,we propose a polynomial time attack on Liu et al.'s CRT-RSA algorithm,which combines physical fault injection and lattice reduction techniques when the public exponent is short. 相似文献
6.
孙宇 《计算机工程与应用》2004,40(28):156-157
模幂运算的效率决定了RSA密码系统的执行速度。由于中国剩余定理对于提高RSA算法的模幂运算效率有显著作用,因而被广泛使用。但直接使用中国剩余定理是不安全的,容易受到出错攻击。文章就介绍了一种出错攻击方法,并给出了一些对抗这一攻击的具体措施。 相似文献
7.
8.
摘应用n-adic展开方法给出了Ham密码体制的改进体制,其安全性与原体制的相同。在加密t块消息时,实行一次加密;解密时仅用一次RSA和E1Gamal解密以及求解一个模n的线性方程组。而在原体制中,加密时需重复应用t次RSA与ElGamal加密;解密时需重复应用t次RSA与E1Gamal解密。由于解线性方程组的速度较快,故当消息分块t较大时,无论在加密阶段还是在解密阶段,改进后的体制具有更好的运行效率。 相似文献
9.
10.
11.
Hardware implementations of cryptosystems are susceptible to fault attacks. By analyzing the side channel information from implementation, the attacker can retrieve the secret information. Generally, in the hardware implementations, validations of results are reported at the end of the computation. If faults are injected at the input side of computation, all the computations performed afterward are wasteful and this is a potential situation which can leak the secret key information using side channel attacks. The current work proposes fault attack resistant implementation of an elliptic curve cryptosystem using a shared point validator unit, zero-one detector, and double coherence check by modified Montgomery Powering Ladder Algorithm. The architecture is robust to fault attacks along with power and area efficiency. 相似文献
12.
This paper concludes the discussion we began in the last two issues of CRYPTOLOGIA. A typical message receiver using an RSA public key cryptosystem believes that the secret nontrivial factors p and q of his public coding modulus m are primes. But he need not know that p or q are prime, or even square free. We give a few examples below. In some of them the “RSA public key cryptosystem” based on integers P and Q erroneously thought both to be prime works perfectly, but is more vulnerable to a cryptanalytic attack of the type G. J. Simmons and J. N. Norris [7] have suggested. In other cases these cryptosystems malfunction in an obvious fashion likely to be apprehended quickly by the message receiver. After the examples we prove all the results in I and II except a few which, like Theorems 1.1, 1.2 and 1.3, are obvious corollaries of other results in those papers. 相似文献
13.
14.
RSA密码算法的功耗轨迹分析及其防御措施 总被引:11,自引:0,他引:11
针对RSA密码算法的电路,提出了一种新的功耗分析攻击方法--功耗轨迹分析.该方法的基本特点是通过处理电路的功率信号,从信号的轨迹图形中获取RSA算法的敏感信息(如密钥),因此,功耗轨迹分析能够有效地攻击现有的多种形式的RSA实现方案.同时还探讨了RSA密码电路防御攻击的措施:直接在算法中添加冗余的伪操作能够抵御功耗轨迹分析攻击,但是这会导致电路功耗增大和速度降低.进而还提出了一种将RSA算法中的伪操作随机化的新方法.该方法能够在保证电路安全性的同时又节省电路功耗和运算时间. 相似文献
15.
基于一般访问结构的多重秘密共享方案 总被引:13,自引:0,他引:13
基于Shamir的门限方案和RSA密码体制,提出一个一般访问结构上的秘密共享方案.参与者的秘密份额是由各参与者自己选择,秘密分发者不需要向各参与者传送任何秘密信息.当秘密更新、访问结构改变或参与者加入/退出系统时,各参与者的份额不需要更新.秘密份额的长度小于或等于秘密的长度.每个参与者只需维护一个秘密份额就可以实现对多个秘密的共享.在秘密恢复过程中,每个参与者能够验证其他参与者是否进行了欺骗.方案的安全性是基于Shamir的门限方案和RSA密码体制的安全性. 相似文献
16.
17.
18.
19.
最新电压毛刺(Power Glitch)攻击与防御方法研究 总被引:1,自引:0,他引:1
电压毛刺(Power Glitch)攻击是通过快速改变输入到芯片的电压,使得芯片里的某些晶体管受到影响,引起一个或多个触发器进入错误状态,从而导致处理器会跳过或实施错误的操作,使芯片内隐藏的信息随着产生的错误而泄露出来。对电压毛刺攻击与防御技术的最新进展情况进行了综述。在攻击方面,针对攻击目的的不同,详细介绍了RSA-CRT签名运算、RSA非CRT签名运算、对非易失存储器的攻击技术。防御技术分别介绍了电压毛刺检测电路和掩码,并分析了各种防御方案的优缺点。 相似文献
20.
提出了一种基于改进的Montgomery算法和中国剩余定理(CRT)的RSA签名芯片的VLSI实现.由于采用了新颖的调度算法,实现了用576b的模乘单元来完成1152b的RSA模幂运算,从而大大降低了芯片面积;此外,CRT的引入使得整个系统的数据吞吐率与传统的1024bRSA系统相当.实验结果显示:芯片完成一次1024b的模幂运算需要约1.2M个时钟周期,而芯片规模在54K个等效门以下;如果系统时钟频率选取40MHz,系统签名速率可以达到30Kbps. 相似文献