CRT RSA Algorithm Protected Against Fault Attacks
description
Transcript of CRT RSA Algorithm Protected Against Fault Attacks
CRT RSA Algorithm Protected Against FaultAttacksWISTP - 5/10/07
Arnaud BOSCHERSpansion EMEA
Robert NACIRIOberthur Card Systems
Emmanuel PROUFFOberthur Card Systems
2 © 2007 Spansion Inc.
Agenda
•RSA and Physical Attacks
•Modular Exponentiation Algorithm Resistant against Physical Attacks
•CRT RSA Algorithm Resistant against Physical Attacks
3 © 2007 Spansion Inc.
RSA and Physical Attacks
4 © 2007 Spansion Inc.
RSA Algorithm
• Public key:
–Modulus: N
–Public Exponent: e
• Private key:
–Modulus: N = p . q
–Private Exponent: d = e-1 mod (p-1) . (q-1)
• RSA Signature Generation:
–S = Md mod N
• RSA Signature Verification:
–Check M = Se mod N ?
5 © 2007 Spansion Inc.
RSA Algorithm Using Chinese Remainder Theorem
• Private key CRT format:
–Private Modulus: prime number p
–Private Modulus: prime number q
–Private Exponent: dp = e-1 mod p-1
–Private Exponent: dq = e-1 mod q-1
–Value : A = p-1 mod q
• RSA Signature using CRT:
–Sp = Mdp mod p
–Sq = Mdq mod q
–S = ((Sq - Sp) . A mod q) . p + Sp
6 © 2007 Spansion Inc.
Right-to-Left Modular Exponentation
• Input: M, d = (dn−1, . . . , d0)2, N
• Output: Md mod N
• S ← 1
• A ← M
• For i from 0 to n − 1 do
– If di = 1 then S ← S . A mod N
– A ← A2 mod N
• Return (S)
7 © 2007 Spansion Inc.
Simple Power Analysis
•Measurement of power consumption when the embedded device executes RSA
•Modular Multiplication and Modular Square with different power consumptions:
–2 consecutive Modular Squares di = 0
–Modular Multiplication followed by a Modular Square di = 1
• Classical Countermeasure: always perform a Modular Multiplication
8 © 2007 Spansion Inc.
Fault Analysis and Differential Fault Analysis
• Make external perturbation when the embedded device executes RSA to get an erroneous result
• DFA on CRT RSA:
– Sp’ = Mdp mod p + ε
– Sq = Mdq mod q
– S’ = ((Sq - Sp’) . A mod q) . p + Sp’
– Gcd(S’e mod N - M, N) = q
• Classical Countermeasures:
– perform twice the signature
– check it with the public exponent (if known)
9 © 2007 Spansion Inc.
Safe-Errors Attacks
• Other kind of Fault Attacks
• Countermeasure against SPA weakness w.r.t Fault Attacks
• Attack the multiplication :
–Final result correct dummy multiplication exponent bit was 0
–Final result wrong real multiplication exponent bit was 1
• Retrieve the whole secret exponent bit by bit
• Difficult to counteract SPA and FA together
10 © 2007 Spansion Inc.
Modular Exponentiation Resistant to Simple Power Analysis and Fault Attacks
11 © 2007 Spansion Inc.
SPA-Resistant Modular Exponentiation Algorithm
• Starting from the SPA-resistant algorithm:
• Input: M, d = (dn−1, . . . , d0)2, N
• Output: Md mod N
• S[0] ← 1
• S[1] ← 1
• A ← M
• For i from 0 to n − 1 do
– If di = 1 then S[0] ← S[0] . A mod N
– If di = 0 then S[1] ← S[1] · A mod N
– A ← A2 mod N
• Return (S[0])
12 © 2007 Spansion Inc.
Observations
• Loop of the algorithm:– For i from 0 to n − 1 do
• If di = 1 then S[0] ← S[0].A mod N• If di = 0 then S[1] ← S[1].A mod N• A ← A2 mod N
• A is independent of the exponent d :
A = M2n mod N
• S[1] is the result of the modular exponentiation of M by not(d) = 2n-d-1 :
S[1] = M2n-d-1 mod N
• At every step, we have the following relation:
M . S[0] . S[1] = A mod N
13 © 2007 Spansion Inc.
SPA/FA-Resistant Right-to-Left Modular Exponentiation
• Input: M, d = (dn−1, . . . , d0)2,N
• Output: Md mod N or ”Error”
• S[0] ← 1
• S[1] ← 1
• A ← M
• For i from 0 to n − 1 do
– S[di] ← S[di] · A mod N
– A ← A2 mod N
• If (M . S[0] . S[1] = A mod N) then
• Return (S[0])
• Else
• Return (”Error”)
14 © 2007 Spansion Inc.
Algorithm Analysis
• Cost : 2 modular multiplications compared to the SPA version
• Resistance against SPA: always a multiplication before a square.
• Security proof against DFA and Safe-Errors Attacks in the following Attacker Model :
–Can only perform one fault
–Can make any modification ε on any variable X’ = X + ε
15 © 2007 Spansion Inc.
Security Proof
• Algorithm divided in finite states that corresponds to single steps computation:
S[0]: 1 Md0 Md1.2+d0 … Md
• Fault Attack between two computations in S[0]:
1 … M(di-1, … , d0)2 M(di, … , d0)2 + ε … Md + ε’
• Final result : S’[0] = Md + ε . (M2i)(dn, … , di+1)2
• Equality doesn’t hold: S’[0] . S[1] . M ≠ M2n if ε ≠ 0
• Same behavior for S[1]
16 © 2007 Spansion Inc.
Security Proof: the A variable case
• Error on variable A also impacts S[0] and S[1]
• Error needs to be written in a multiplicative way:
A’ = A + ε = A . β
• A’ = M2n . β2n-i
• S[0] . S[1] . M = M2n . β2n-i-1
• Equality doesn’t hold: S[0] . S[1] . M ≠ A’ if β ≠ 1, i.e. if ε ≠ 0
17 © 2007 Spansion Inc.
CRT RSA Resistant to Fault Attacks
18 © 2007 Spansion Inc.
FA-Resistant CRT-RSA
• Having a DFA-resistant exponentiation is not enough to have a DFA-resistant CRT RSA:
– recombination step can be attacked
• Involve all the variables of the DFA-resistant exponentiation algorithm to protect the recombination
• SPA/DFA-resistant exponentiation algorithm outputs:
– (S1 , S2 , T) ← (Md , Mnot(d) , M2n
)
• Perform 3 recombinations and make final check
19 © 2007 Spansion Inc.
FA-Resistant CRT-RSA Signature
• Input: M, p, q, dp, dq, A, and b the bit-length of p and q
• Output: S or ”Error”
• (S1p , S2p , Tp) ← (Mdp mod p , M2b−dp−1 mod p , M2b mod p)
• (S1q , S2q , Tq) ← (Mdq mod q , M2b−dq−1 mod q , M2b mod q)
• S1 ← ((S1q − S1p) · A mod q) · p + S1p
• S2 ← ((S2q − S2p ) · A mod q) · p + S2p
• T ← ((Tq − Tp) · A mod q) · p + Tp
• If (M · S1 · S2 = T mod N) then
• Return (S1)
• Else
• Return (”Error”)
20 © 2007 Spansion Inc.
Correctness of the algorithm
• Result of the 3 recombinations:
• S1 = ((S1q − S1p) · A mod q) · p + S1p = Md mod N
• S2 = ((S2q − S2p ) · A mod q) · p + S2p = M2b-d-1 mod N
• T = ((Tq − Tp) · A mod q) · p + Tp = M2b
mod N
• Equality holds: M · S1 · S2 = T mod N
21 © 2007 Spansion Inc.
Algorithm Analysis
• Cost: 2 additional recombinations
•Memory occupation larger : alternative solution with less memory overhead proposed in the paper
–detects an error with some probability
22 © 2007 Spansion Inc.
Conclusion
• New modular exponentiation algorithm resistant against SPA/DFA
• Proof of security in a realistic fault model
• Suitable for low cost devices
• Can be used to construct SPA/DFA-resistant CRT RSA signature algorithm
• Can be adapted to compute SPA/DFA-resistant scalar multiplication for elliptic curve cryptography
23 © 2007 Spansion Inc.
THANK YOU FOR YOUR ATTENTION
25 © 2007 Spansion Inc.
Trademark Attribution
Spansion, the Spansion Logo, MirrorBit, HD-SIM, ORNAND, and combinations thereof are trademarks of Spansion LLC. Other names used in this presentation are for informational purposes only and may be trademarks of their respective owners.