Fault attacks on RSA in libgcrypt
Stephan Mueller
smueller at chronox.de
Tue Aug 23 07:54:22 CEST 2016
Am Montag, 22. August 2016, 19:42:42 CEST schrieb Jeff Burdges:
Hi Jeff,
> Dear gcrypt-devel,
>
> I implemented the protection against fault attacks recommended in
> "Making RSA-PSS Provably Secure Against Non-Random Faults" by Gilles
> Barthe, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire,
> Mehdi Tibouchi and Jean-Christophe Zapalowicz.
> https://eprint.iacr.org/2014/252
> It worries that a targeted fault attack could subvert the conditional
> currently used to protect against fault attacks.
May I ask why that patch is limited to rsa_sign? Shouldn't the decrypt part
also be covered with a similar logic considering that it also operates with
the private key?
Ciao
Stephan
More information about the Gcrypt-devel
mailing list