Fault-injection Attack and Improvement of a CRT-RSA Exponentiation Algorithm

Abstract

RSA cryptosystem is a widely-used public-key cryptographic algorithm in TLS/SSL and IPSec protocols. Fault-injection attack has a powerful threat on the CRT-based implementation of RSA cryptosystem. In 2016, Y. Choi et al. proposed a new right-to-left square-always exponentiation algorithm and a test-based CRT-RSA exponentiation algorithm to defeat the fault-injection attack. In this paper, we propose a fault-injection attack on Y. Choi et al.'s test-based CRT-RSA exponentiation algorithm. By inducing a permanent fault in the computation process of CRT-RSA cryptosystem, the attacker can obtain a faulty RSA signature and then recover the RSA private key. Furthermore, we give an improved CRT-RSA exponentiation algorithm to fix the security flaw. The security analysis shows that the improved algorithm can resist the fault-injection attack.