Fault attacks on RSA in libgcrypt
andre at amorim.me
Mon Nov 7 17:17:20 CET 2016
On 7 November 2016 at 14:39, Florian Weimer <fweimer at redhat.com> wrote:
> On 08/22/2016 07:42 PM, Jeff Burdges wrote:
>> Dear gcrypt-devel,
>> I implemented the protection against fault attacks recommended in
>> "Making RSA-PSS Provably Secure Against Non-Random Faults" by Gilles
>> Barthe, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire,
>> Mehdi Tibouchi and Jean-Christophe Zapalowicz.
>> It worries that a targeted fault attack could subvert the conditional
>> currently used to protect against fault attacks.
> Their fault model seems to assume a Harvard architecture, where it is
> conceivable that powerful attacks targeting data are available, but no such
> attacks exist for code. Most current systems have a unified memory
> subsystem which provides pages for both code and data, so this assumption
> does not seem very realistic. This means that their security proof does
> not apply to current systems.
> Gcrypt-devel mailing list
> Gcrypt-devel at gnupg.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gcrypt-devel