Fault attacks on RSA in libgcrypt
Jeff Burdges
burdges at gnunet.org
Wed Aug 24 13:46:06 CEST 2016
I found an article which provides the same sort of fault protections
with a randomized CRT algorithm. I'd expect it gives stronger
protections against timing attacks, etc., even if fault attacks prove
not to be realistic.
http://dl.acm.org/citation.cfm?doid=1873548.1873556
This is probably more the sort of thing one should be doing. It appears
the random numbers injected should be quite small, making this scheme
fairly fast. This particular paper however only really focuses on fault
attacks.
It would be good to see this or similar schemes evaluated for timing
attack protections though, as folks understandably care way more about
timing than about fault attacks.
Best,
Jeff
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part
URL: </pipermail/attachments/20160824/70b3995b/attachment.sig>
More information about the Gcrypt-devel
mailing list