Lost in Translation: Fault Analysis of Infective Security Proofs

Abstract

At FDTC 2014, two new infective countermeasures were suggested to efficiently protect the CRT-RSA against FA. The security of these countermeasures has been translated from the security of their detective counterparts, the latter being proved secure thanks to a formal analysis tool. In this article, we reveal a flaw in the proof of security of the translation. Furthermore, we exhibit several attacks on both infective countermeasures with respect to the very same fault model originally considered. We thus prove that such a methodology does not provide secure results and must not be used to design effective countermeasures.