{"title":"FA-LLLing for RSA:基于格的RSA加密与签名故障攻击","authors":"G. Barbu","doi":"10.1109/FDTC57191.2022.00013","DOIUrl":null,"url":null,"abstract":"At CT-RSA 2022, it was shown that combining the power of lattice reduction algorithms with that of fault injection allows not only to carve new attack paths, as previously known, but also to pave existing ones, so to speak. Indeed, using faulty results to build an instance of the Hidden Number Problem, and eventually solving it, can allow an attacker to consider less restrictive fault models than before. In this article, we introduce two new fault attacks on both RSA encryption and signature using this approach. Our lattice-based attack can require as few as 2 faulty ciphertexts and signatures respectively to reveal the hidden secrets with a 32-bit random fault model. At the other end of the fault model spectrum, our attack is still successful considering a very permissive fault model where the attacker can randomly alter up to 98% of the targeted value.","PeriodicalId":196228,"journal":{"name":"2022 Workshop on Fault Detection and Tolerance in Cryptography (FDTC)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2022-09-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"FA-LLLing for RSA: Lattice-based Fault Attacks against RSA Encryption and Signature\",\"authors\":\"G. Barbu\",\"doi\":\"10.1109/FDTC57191.2022.00013\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"At CT-RSA 2022, it was shown that combining the power of lattice reduction algorithms with that of fault injection allows not only to carve new attack paths, as previously known, but also to pave existing ones, so to speak. Indeed, using faulty results to build an instance of the Hidden Number Problem, and eventually solving it, can allow an attacker to consider less restrictive fault models than before. In this article, we introduce two new fault attacks on both RSA encryption and signature using this approach. Our lattice-based attack can require as few as 2 faulty ciphertexts and signatures respectively to reveal the hidden secrets with a 32-bit random fault model. At the other end of the fault model spectrum, our attack is still successful considering a very permissive fault model where the attacker can randomly alter up to 98% of the targeted value.\",\"PeriodicalId\":196228,\"journal\":{\"name\":\"2022 Workshop on Fault Detection and Tolerance in Cryptography (FDTC)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2022-09-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2022 Workshop on Fault Detection and Tolerance in Cryptography (FDTC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/FDTC57191.2022.00013\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2022 Workshop on Fault Detection and Tolerance in Cryptography (FDTC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/FDTC57191.2022.00013","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
FA-LLLing for RSA: Lattice-based Fault Attacks against RSA Encryption and Signature
At CT-RSA 2022, it was shown that combining the power of lattice reduction algorithms with that of fault injection allows not only to carve new attack paths, as previously known, but also to pave existing ones, so to speak. Indeed, using faulty results to build an instance of the Hidden Number Problem, and eventually solving it, can allow an attacker to consider less restrictive fault models than before. In this article, we introduce two new fault attacks on both RSA encryption and signature using this approach. Our lattice-based attack can require as few as 2 faulty ciphertexts and signatures respectively to reveal the hidden secrets with a 32-bit random fault model. At the other end of the fault model spectrum, our attack is still successful considering a very permissive fault model where the attacker can randomly alter up to 98% of the targeted value.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
