Fault attacks on RSA in libgcrypt

Christian Grothoff grothoff at gnunet.org
Tue Aug 23 09:54:50 CEST 2016


Unlike a signature, the result of a decryption operation is typically
then NOT send over the network, so even if the decrypted value leaks
bits about the private key, that's not so bad as most likely it'll cause
a failure locally next, causing the result to be discarded.

On 08/23/2016 07:54 AM, Stephan Mueller wrote:
> May I ask why that patch is limited to rsa_sign? Shouldn't the decrypt part 
> also be covered with a similar logic considering that it also operates with 
> the private key?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0xE29FC3CC.asc
Type: application/pgp-keys
Size: 26252 bytes
Desc: not available
URL: </pipermail/attachments/20160823/6653a020/attachment-0001.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20160823/6653a020/attachment-0001.sig>


More information about the Gcrypt-devel mailing list