Wieland Fischer

Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures

This article describes concrete results and practically validated countermeasures concerning differential fault attacks on RSA using the CRT. We investigate smartcards with an RSA coprocessor where any hardware countermeasures to defeat fault attacks have been switched off. This scenario was chosen in order to analyze the reliability of software countermeasures.We start by describing our laboratory setting for the attacks. Hereafter, we describe the experiments and results of a straightforward implementation of a well-known countermeasure. This implementation turned out to be not sufficient. With the data obtained by these experiments we developed a practical error model. This enabled us to specify enhanced software countermeasures for which we were not able to produce any successful attacks on the investigated chips.Nevertheless, we are convinced that only sophisticated hardware countermeasures (sensors, filters, etc.) in combination with software countermeasures will be able to provide security.

Masking at gate level in the presence of glitches

It has recently been shown that logic circuits in the implementation of cryptographic algorithms, although protected by “secure” random masking schemes, leak side-channel information, which can be exploited in differential power attacks [14]. The leak is due to the fact that the mathematical models describing the gates neglected multiple switching of the outputs of the gates in a single clock cycle. This effect, however, is typical for CMOS circuits and known as glitching. Hence several currently known masking schemes are not secure in theory or practice. Solutions for DPA secure circuits based on logic styles which do not show glitches have several disadvantages in practice. In this paper, we refine the model for the power consumption of CMOS gates taking into account the side-channel of glitches. It is shown that for a general class of gate-level masking schemes a universal set of masked gates does not exist. However, there is a family of masked gates which is theoretically secure in the presence of glitches if certain practically controllable implementation constraints are imposed. This set of gates should be suitable for automated CMOS circuit synthesis.

Increasing the Bitlength of a Crypto-Coprocessor

We present a novel technique which allows a virtual increase of the bitlength of a crypto-coprocessor in an efficient and elegant way. The proposed algorithms assume that the coprocessor is equipped with a special modular multiplication instruction. This instruction, called MultModDiv(A,B,N) computes A * B mod N and ?(A*B)/N?. In addition to the doubling algorithm, we also present two conceivable economic implementations of the MultModDiv instruction: one hardware and one software realization. The hardware realization of the MultModDiv instruction has the same performance as the modular multiplication presented in the paper. The software realization requires two calls of the modular multiplication instruction. Our most efficient algorithm needs only six calls to an n-bit MultModDiv instruction to compute a modular 2n-bit multiplication. Obviously, special variants of our algorithm, e.g., squaring, require fewer calls.

Differential Fault Analysis on Grøstl

This paper presents a DFA on Grøstl-256, a hash algorithm that imitates the main structures of AES. Although our attack is inspired by the classical fault attacks on AES these could not be adapted directly. The attack is able to completely recover the whole input message using a one-bit and a random-byte fault model. It needs 16 errors to invert the output transformation Ωn and on average 280 errors for each compression step. When Grøstl is used in a keyed hash function like HMAC, this attack is able to retrieve the secret key from about 300 faulty outputs in less than three minutes.

Note on Fast Computation of Secret RSA Exponents

Todays cryptography using RSA is faced with the problem of increased bit length and so called fast on-card key generation -- both for security reasons. These two requirements often constitute a problem on existing cards as their arithmetic coprocessors are most often designed for a fixed bit length which is not suited for latest security demands. While the main problem, the overcoming of the computational limitations of the cards coprocessor can in principle be solved via recent efficient algorithms, the subproblem of computing the secret RSA exponents cannot be solved satisfactory by these algorithms. This is due to the fact that the key generation, including the secret RSA exponent, is done during the card personalization in the fab where production times are very costly. This article proposes a very simple, natural and efficient solution to this problem. Namely, computing the secret RSA exponent d via the Chinese Remainder Theorem (CRT) wrt. p - 1 and q - 1 where p and q denote the two secret primes of the the public modul N. We stress that it is impossible to use the CRT in a straightforward way, as p - 1 and q - 1 are not relatively prime. Nevertheless the solution to this problem is natural and very simple. However, as we have not found anywhere in the literature a hint on this very practical result, we felt to share it with the community.Moreover, we present another method to compute efficiently secret RSA exponents d for certain short public keys e which we have not seen so far in the public literature.

Cryptographic Hardware and Embedded Systems – CHES 2017

QcBits is a code-based public key algorithm based on a problem thought to be resistant to quantum computer attacks. It is a constant-time implementation for a quasi-cyclic moderate density parity check (QC-MDPC) Niederreiter encryption scheme, and has excellent performance and small key sizes. In this paper, we present a key recovery attack against QcBits. We first used differential power analysis (DPA) against the syndrome computation of the decoding algorithm to recover partial information about one half of the private key. We then used the recovered information to set up a system of noisy binary linear equations. Solving this system of equations gave us the entire key. Finally, we propose a simple but effective countermeasure against the power analysis used during the syndrome calculation.

High-Speed Modular Multiplication

Sedlak’s [Sed] modular multiplication algorithm is one of the first real silicon implementations to speed up the RSA signature generation [RSA] on a smartcard, cf. [DQ]. Theoretically, Sedlak’s algorithm needs on average n/3 steps (i.e., additions/subtractions) to compute the modular product of n-bit numbers. In [FS2] we presented a theoretical algorithm how to speed up Sedlak’s algorithm by an arbitrary integral factor i ≥ 2, i.e., our new algorithm needs on average n/(3 · i) steps in order to compute the modular product of n-bit numbers. As an extension of [FS2] the present paper will show how this theoretical framework can be turned into a practical implementation.

Introduction to the CHES 2017 special issue

This special issue of the Journal of Cryptographic Engineering (JCEN) contains extended versions of three of the papers that were presented at the 19th Conference on Cryptographic Hardware and Embedded Systems (CHES 2017), held in Taipei, Taiwan, September 25–28, 2017. The conference was sponsored by the International Association for Cryptologic Research. CHES is considered to be the leading conference in the domain of embedded security, in particular the implementation and deployment aspects of security and cryptography. It aims at bridging theory and practice by bringing together attendees from industry, government agencies, and academia. CHES2017 received 130 submissions, and each paperwas anonymously reviewed by at least four Program Committee members in a double-blind peer reviewprocess.With the help of 240 external reviewers, our 50 Program Committee members wrote an impressive total of 559 reviews. The Program Committee selected 33 papers for publication, corresponding to a 25% acceptance rate. The authors of the best rated papers received invitations to submit extended manuscripts to the Journal of Cryptology or the Journal of Cryptographic Engineering. The selected papers for this special issues represent a wide range of typical CHES topics, including the stateof-the-art cryptographic implementation, protection schemes against side-channel analysis, and an advanced side-channel analysis technique on FPGA implementation. The authors of these papers were invited to submit extended manuscripts to this special issue of JCEN, and these extended manuscripts went through scientific journal peer review. The paperMcBits Revisited: Toward aFast Constant-Time Code-Based KEM by Tung Chou presents a fast constanttime implementation for a high-security code-based key encapsulation mechanism (KEM). The implementation is based on the “McBits” paper by Bernstein, Chou, and Schwabe in 2013: They use the same FFT algorithms for root