Integrated approach for fault tolerance and digital signature in RSA

Integrated approach for fault tolerance and digital signature in RSA

Chang N. Zhang

Abstract: Data security and fault tolerance are two important issues in modern communications. In most cases, they are studied and implemented separately. The author proposes an integrated approach for both fault tolerance and digital signature in the RSA implementation. It shares the same computations required by the Hash function, which is the major part of the digital signature and error detections and corrections. Therefore the total overheads are minimised. The proposed approach is able to detect and correct up to three errors occurring in the computation processes, including encryption, decryption and Hash function evaluation in the data transmission process. The principle of the proposed approach may also be used for other public key cryptography schemes.

1 Introduction

To ensure the security and privacy of sensitive messages over nonsecure channels, e.g. computer networks, cryptographic techniques have been widely used. The public key cryptographic technique has several advantages compared with non-public-key cryptographic techniques; in particular, it eliminates the problem of key distributions over the network, and provides the digital signature to verify the authorised sender and check whether or not all messages have not been altered [14] . To ensure a high degree of security must public-key schemes, e.g. RSA, require a large number of computations. As the course of vast computational processing and high speed data transmission, the fault(s) become(s) inevitable. It is clear that without fault tolerant support, any error(s) occurring during the computations andor data transmission will result in whole security scheme failure.

Currently, data security and fault tolerance are dealt with separately. Each of them requires considerable software or hardware overheads. Moreover, the most fault tolerant techniques reported in the literature are ad hoc design, that is, they are specific designs for particular error model or they are applicable to a certain kind of error environ- ment.

Since data securing and safety become more important issues in modern communications, it is desired to imple- ment those two issues together to minimise the total overheads.

In this paper, we present an integrated approach for both of the digital signature and error corrections in RSA. To do so, we have selected a pair of Hash functions for the digital signature and a check-sum scheme based on an algorithm based on a fault tolerant (ABFT) technique for error detection and correction such that they use the same type

0 IEE, 1999 IEE Proceedings online no. 19990217 DOL 10.1049/ip-cdt:19990217 Paper first received 22nd December 1997, and in revised form 15th January 1999 The author is with the Depatrnent of Computer Science, University of Regina, TRLabs, Regina, Saskatchewan, Canada S4S 0A2

IEE Proc.-Comp. Digit. Tech.. Yo/. 146, No. 3, May 1999

of basic operation (modular multiplication) as the one required by encryption and decryption in RSA, and the value of the Hash function can be directly obtained by the check-sums. Thus, the total overheads required by both the digital signature and error detection and correction are significantly reduced. Moreover, the proposed approach is able to detect and correct up to three errors for computations and data transmission. The main reason for as to use the ABFT technique is that ABFT requires less overheads compared with other fault tolerant techniques such as time/ space redundant techniques and reconfiguration approach [S-71, and will not affect the normal processing until an error is detected [SI. The check-sums we defined are of forms of modular multiplications which not only allow to share the same hardware/software for RSA, but also eliminate the overAow problems that may occur in other ABFT applications.

2 RSA and digital signature

The RSA scheme was the first implementation of public key cryptography [I]. In the RSA scheme, each user possesses two keys: one is public, known as the public key, (E, N), and the other is kept secure as the secure key, (D), where E, N and D are large integers satisfying the following equations for any integer X, 0 cX< N.

X = (X" mod N)D mod N = ( X D mod N)" mod N

Consider two users, A and B in a network. Let (Ea, Na), Da and (EB, NB), DE he the public key and security key of A and B, respectively. For sake of simplicity, we assume that NA and NB are of the same length and that all messages are sent to user A by user B. Let X = (.d. he an n x m message matrix to he sent to user A by user B:

X =

151

where xv, 1 5 i 5 n, 1 5 j 5 m, is a message block which has the same length as NA and NB.

In the RSA, user B encrypts the message matrix X to an n x m ciphered matrix C = (eii). ,~ by computing

c- . ! l ! l =xEAmodNA, 1 5 i 5 n, 1 5 j 5 m

Then the cipher matrix C is transmitted to user A through a network. Let C = (E& be the cipher matrix r_eceived hy user A. On receiving the ciphered matrix C, user A decrypts it by computing

2.. Y r i = EDAmodNA. 1 5 i 5 n , 1 5 j 5 m

If no error occurs during the computation and data transmission then we have X a =xj, for all 1 5 i 5 n and 1 5 j 5 m.

The digital signature is a function based on the implementation of the public key cryptography scheme which is used to verify the authorised sender and check whether or not messages have been altered by a third party during the data transmission. The key component of the digital signature is to define and evaluate a Hash function over all messages such that any single or multiple message modifications will result in a big difference from the original Hash function value. In addition, the length of the Hash function value should he fixed independently of the total number of message blocks transmitted. In RSA, a Hash function can be defined as follows:

It is easy to see that this Hash function satisfies the above requirements, and it uses the same basic operation (modular multiplication) in RSA. The digital signature checking scheme can be described as follows.

Let h, = h" mod NB be computed by user B and ic be the value of hc received by user A. User A then computes h* = n:= I (rIy= I Xu mod NB) mod NB, where X v is the decrypted message of xg defined above, 1 S i S n , 1 5 j 5 m. If there is no error, the sender of messages is user B and no messages have been altered, then we have h* = h p mod NB = h as shown in Figure 1.

3 Single error detection and correction

Note that the above digital signature implementation is based on being error free. Otherwise, when h* # hp mod NB, it cannot tell whether it is caused by a computation error (encryption, Hash function evaluation and decryption), a data transmission error, some digital messages that have been modified or the message being sent by an unauthorised user. First, we assume that there is at most one error which may occur during the computation or data

h

Fig. 1

I52

Digifal signature using Hashfunction

transmission process. In Section four multiple error detection and correction will be discussed.

The algorithm based fault tolerant (ABFT) approach is a simple and effective error detection and correction techn- que [7]. By precomputing a set of sums (check-sums) which are assumed error free in a class of computation structures, a single error can he detected and corrected. The major advantages of ABFT are: (i) it requires less overhead compared with other fault tolerant techniques; (ii) it maintains the original throughput unless an error is detected. One of the problems with ABFT is that the check-sums may become too large to he represented in a computer (overtlow problem).

In this paper, we present an approach based on the ABFT. It uses the intermediate results of the Hash function as the check-sums, and is able to detect and correct both computation and data transmission error(s). Moreover, all check-sums are computed by the modular multiplication which eliminates the overflow problems. The proposed approach can be described as follows.

For a given n x m message matrix, we construct an (n + 1) x (m + 1) matrix XJ,.

x2, x22 , , ' xzm X2 1 1 1 1 XI2 " ' Xlrn

where h is the value of the Hash function and X,, XJ are check-sums, 1 5 i 5 n, 1 5 j 5 m, and are defined by

X J = n x , m o d N B , l 5 j s m i= I

It is clear that

rn

= n X i mod NB j=1

i.e. the value of the Hash function can he obtained kom check-sums. Process I (encryptions)

(n + 1) x (m + 1) ciphered matrix CA: For a given (n + 1) x (m + 1) matrix Xh, compute an

where

c- . = xE4 mod NA Ci r modN,

C? = XJ"" mod NA h, r hDB mod NB ' I l l

for all 1 5 i 5 n , 1 5 j 5 m

Note that all& Xj, Ci and C', 1 5 i 5 n, 1 5 j 5 m, are check- sums and ciphered check-sums, and they are error free.

IEE Proc,-Cornp. Digit. Tech., Yo/. 146, No. 3, May 1999

Theorem 1: The necessary and sufficient conditions of a single error occurring in Process 1, ekl#x$ mod N, for s o m e k a n d l ( l Z k 5 n , l s l z m ) , a r e :

(i) n cki mod NA # C,

(ii) n cir mod N, .f C'

Proof: If there is a single error in Process 1, ckl#x$ mod NA, we have that

j= I

i= I

m c - , mod NA = n x $ mod N, # n c w m o d N A j= I j=l

C' = XI" mod N, = f ix? mod NA # fi cil mod NA

If ny= I ckj mod NR # c k and ny= 1 cil mod NA # C', then we have that there is at least one error in computing cbs and one error in computing ciIs. Under the single error assum tion, there are k, 1 5 k 5 n and 1 5 I5 m such that c k l f x k 1 mod NA.

When a single error in Process I has been detected, it can he corrected by one of the following two formulas.

Corollary 1: If there is an error, ck l#x2 mod NA, I 5 k 5 n, 1 5 15 m, in Process 1, then this error can be corrected by computing either one of the following two formulas:

i=l i=l

%A

where a ' mod N is defined by a(a I mod N) mod N = l .

Proof

Similarly, we can prove the correction of (ii). Note that the necessary condition for a ' mod N to

exist is gcd (N, a ) = 1. There are p q - (p - 1) (q - 1) items which have no inverse where N=pq. There are two possible ways to correct an error, which makes the proh- ability of an error that is not able to he corrected is very low (n Ni4) and makes the proposed method practical and useful.

Process 2 (data transmissions) Suppose that there is no error, or a single error that has

been Corrected in Process 1. User B sends the matrix Ch to user A. Let C, he the matrix

received by user A.

Theorem 2: The necessary and sufficient conditions of a single error, Ekl # ckl, 1 5 k 5 n, 1 5 I 5 m, in Process 2, are:

(i) fi Ek/ mod N, # E,

(ii) n E , mod NA # E'

j=l

i=l

Proof The proof is similar to the proof of Theorem 1. Again, this error can he corrected by the following

corollary, and its proof is similar to the proof of Corollary 1.

Corollary 2: If there is a single error, ckl, then it can be corrected by computing either one of the following two formulas:

(ii) ckl = E' n Cil mod N, mod NA ('#, )-I

Process 3 (decryptions and digital signature check)

signature, user A computes matrix X: from matrix Ch: To get the original messages and verify the digital

XYI x;* . . . x;, x;, x;* . . .

xy =

where

x?. - C F mod NA X; = mod N,

XJ = c'I"* mod NA h" = i 2 mod NB 'I-

for all 1 5 i 5 n, 1 sj 5 m. Under the assumption that there is error free or an error has been corrected in Process 2 , we have cu=Cu for all 1s i s n , 1 5 j s m and h* =h,. Theorem 3: The necessary and sufficient conditions of a single error in Process 3, xi$ #e# mod NA, for some l s k 5 n a n d l s l s m a r e :

m

(i) Xz # n x: mod N, j=l

(ii) X"' # n$, mod N, i=l

Corollaly 3: If there is a single error, xfi # c$ mod NA in Process 3 , then it can he corrected by computing either one of the following two formulas:

The proofs of Theorem 3 and Corollary 3 are similar to the proofs in Process 1.

(After all the errors in Process 1, Process 2 and Process 3 have been detected and corrected, we have x$ =xq for all

153

1 5 i 5 n, 1 5 j 5 m. The digital signature can be checked by the follow statement. Theorem 4: The necessary and sufficient conditions that the sender of the message is user €3 and all messages have not been altered are:

(i) h* = nx* mod NB i=l m

(ii) h* = n X * j m o d NB j= I

Proof: If the sender is user B and all messages have not been altered, according to the definitions of the Hash function and error free ,assumption, we have h* = h, Xi*=& 1 S i S n andP=,Y' , 1 ( j s m , i.e. h * = n y = , mod NB and h* = "';= P. mod NB.

If (i) and (ii) are held, but the sender is not user B andor some messages have been altered.

If the sender is not user B, according to the basic principle of public-key cryptography, no one else is able to break user B's private key which results in h* # h. Thus, h" # Il:= I x.* mod NB and h* # ny' I Xw mod NB.

If some messages have been altered during the data transmissions, say Ekr # c k , for 1 5 kj 5 n and 1 5 I, 5 m. Similarly, we have yk #,$? and X'l#X', for all js 1. Again it will result in ti) and (ii) failing.

4 Multiple error detection and correction

In the following we only discuss the case of Process 1. In fact, the same result can be applied to other processes. First, we assume that up to three errors may occur in Process 1. Recall that, in Process 1, for a given (a + 1 ) x (m + I ) matrix

XI1 1 1 2 ' ' _ X I ,

we compute the ciphered matrix CA

where xg and cg, 1 5 i 5 n, I 5 j _C m, are the, original and corresponding ciphered message, and &, X' and Ci, CJ, 1 SiSn, 1 S j s m , are the check-sums and ciphered check-sums.

According to Theorem 1 and Corollary 1 , and their proofs, we know that an error, co#xp mod NA> can be detected by checking Ci # ny= cy mod NA and C' # Il:= cy mod NA, and this error can be corrected as follows: (i) if all the rest of the computations in the ith row are correct, then

(corrected in row direction)

or (ii) if all the rest of the computations in the jth column are correct, then

(corrected in column direction)

Thus an error can be detected and could be corrected as long as there are no other errors located in the same row or column as this error. Based on this result, we claim the following statement. Theorem 5: Up to three errors in Process 1 can be detected and corrected.

To verify this assertion, we categorise all possible two or three error locations into the following six cases.

Case I . There are two errors located in the same row (Fig. 2a) or the same column (Fig. 2b). Both errors can be corrected in the column or row direction.

Case 2. There are two errors located in different rows and columns (Fig. 3). Each error can be corrected in either the row or column direction. Case 3. There are three errors located in different rows and columns (Fig. 4). Each error can be corrected in either the row or column direction.

Case 4. There are three errors that are located in the same row (Fig. 5a) or column (Fig. 5b). All errors can be corrected in the column or row direction.

Case 5. There are three errors, two of which are located in the same row (Fig. 6a) or the same column (Fig. 6b). Errors in the same row or the same column can be corrected in the column 01 row direction. The third error can be corrected in either the row or column direction.

i b

Fig. 2 Two ermrr located in the snme IOW or in the same column a Located io the same row; b Located in the same column

IEE Pr0C:Comp. Digit Tech.. kl. 146, No. 3, May I999 154

Fig. 4 Three e m i s located in diffe,ant IOW and coltmnr

i

il=i2=i3

a

b

Fig. 5 a Located in the same row: b Located in the m n e column

IEE Proc.-Comp. Dl@ Tech., %I. 146. No. 3, May 1999

Three ermm locoled in the same IOW or the ~ u m e column

b Fig. 6 Three e r n x ~ , hvo of which are located in the same VOW 01 the Same column U Located in the saine IOW; b Located in the same column

I i,=i2 13

Fig. 7 Three errors whose locations form a vertical triangle

Case 6. There are three errors whose locations form a vertical triangle in the i - j plane (Fig. 7). Errors in (i , , j , ) and (i3, j,) can be corrected in the row and column direction. Errors in (iz , j2) can then be corrected in either the row or column direction.

Table 1 summarises all possible locations of up to three errors and corresponding error detecting conditions and error correction in Process 1. The details of the proof of Theorem 5 are provided in the Appendix (Section 7).

Based on the above description, it is not difficult to see that the proposed approach is able to detect any number of errors, and is able to correct those errors if and only if those error locations satisfy the following condition. Theorem 6 (Error correctable condition): An error located at the (i, j ) is able to be corrected if and only if there are no two errors located in the same row (ith row) and on the same column (jth column).

155

Table 1: Summary of error detections and corrections for up to three errors in process 1

Number Error locations Error detecting Error corrections of errvrs conditions

1 ((is I ) ) Cj#llK, cl mod NA cg= C c , mod NA) ~’ mod Nn

Ci#n:=, c, mod NA

2 N i l , A (i, dl C , #n;, cj,i mod NA

Cj2# l lg1 cu mod NA Ci#ll:=, curnod NA

Cis #U:=, c , mod NA Ck i n:=, cos mod N,

C, # nz, cjd mod NA

C” # U;=, cV, mod N~

ck#n;=, c, mod NA

C , #”E1 c; ,~ mod NA c , ~ , = C” (II,,,, cw, mod N A / mod N, C, # IIZ, cid mod N, C ~ , ~ * = C ~ (Ilk+, chZ mod NA)- ’ mod NA Ci‘#l l=, cy, mod NA cjds=Ck cki, rnod NA)-‘ mod NA

Ck#ll:_, c, mod NA Chill:=, c , mod NA

Cj, # IlZ, cj,j mod NA C,#ng l y m o d NA

Cis # n;”, cn, mod NA C” # n:=, cu, mod NA

CA# n:=, cos mod N~

C,, #U;._, c , ~ mod NA Cis# Ilk, c, mod NA Ck # U$ cu mod NA C k l n ” cgn mod NA

C, i‘ rlKf C, j mod NA Ch # Ilk, ck mod NA

c ~ , ~ = Ci, (rI,#j, c;,, mod Na) ~ ’ mod NA

cid= C, (nl,i2 chi mod NA) - ’ mod NA

2 ((i. h), (i. b)) Ci#nKl c, mod NA c , = C h (Ilk#jcwl mod NB)-’ mod NA

c,=Ck (nk+ichh mod Ne)- ’ mod NA

2 ((it . h), (i2. b)) C , # llK1 q, mod NA Apply procedure 1

3 3 3 3 3

{(it, j ,), ( b j , ) , ( is, j d ( ( h , h ) , ( i t , h), (k, b)) ( ( S , i), (C, h), (C, h)l ( ( h , h) , (it , j d , (i2, j1 ) ) { ( i t , h), (S, id, (k , 6))

c.,~, = Ch (Ilk# j, cX, mod NA) - ’ mod NA

cid*= 0 (ni+i> ckjZ mod NA) - ’ mod NA c&=C, (IIkiCb cki, mod NA)-’ mod NA

ci,,,=Ci, ci,, mod NA)-’ mod NA cjd, = C, (n,,, c;? mod NA) ~ ’ mod NA cu2 = C, (Il,+,* cjJ mod NA) ~ ’ mod NA

cj,,, = Cj, (n,,, c(,I mod N,) ~ ’ mod NA c,*=C, (II,#ia cjJmod NA)-’ mod NA

c , ~ ~ = C, (E,+& c,J mod N,) ~ ’ rnod N,

3

3

Also note that although an error may not meet this error correctable condition at first, after some other errors have been corrected it may become correctable.

5 Conclusion

In this paper, an integrated approach for concurrent error detection and correction and the digital signature in the RSA cryptosystem is presented. By taking advantage of sharing the same computation results, the total overheads can be significantly reduced. Throughout the paper, we use the RSA scheme as an example to illustrate our ideas and results. The principle of the proposed approach may also be applied to other public key cryptographic schemes. The integrated design approach may also be extended to other related applications, such as developing an integrated design approach for image compression, fault tolerance and encryption, and for any of their combinations. The advantages of the proposed check-sum and hash function formulas are: (i) they use the same computation unit as required by encryption and decryption in RSA; (ii) the value of the Hash function can be obtained by check-sums; (iii) up to three errors in the computation processes and/or data transmission can be detected and corrected; (iv) there

156

is no overflow problem that may occur in some ABFT applications.

We assume that the messages are organised as an n x m message matrix. In practice when the product of n x m is large, proper values of m and n should be chosen. For example, under the assumption that a single error has most likely occurred and fast error correction is required, we may choose n and m such that n >> m (e.g. let m = 2). In this way, the error can be corrected much faster than in the case of n = m.

6 References

1 RIVEST, R. L., SHAMIR, A., and ADLEMAN, L.: ‘A method for obtaining digital s ignam and public-key cryptosysterns’, Commun. ACM, 1978,21, (2). pp. 120-126

2 SIMMONS, G. (Ed.) ‘Contemporary cryptology: the science of infor- mation integrity’ (IEEE Press, Piscaraway, NJ, 1992),

3 WOO, T., and LAM, S.: ‘Authentication for distributed systems’, Computer, 1992, 25, (1)

4 STALLNGS, W: ‘Network and internetwork security' (IEEE Press and Prentice Hall, 1995)

5 PATEL, I. H., and FLING, L. Y.: ‘Concurrent enor detection in ALU’s by recomputing with shiftcd operands’, IEEE Pons. Cornput., C-31(1982) ”” 5x9-595 ~ ~ . - “ ,

6 GULATI, R. K., and REDDY, S. M.: ’Concurrent enor detection in VLSl m a y sfmctures’. Proc. IEEE Internat. Conf on Computer Design, 1986, pp. 488491

IEK Pmc-Comp. Digil. Tech., Yol. 146, No. 3, May I999

KUHN, R. H.: 'Yield enchancernent by fault-tolerant systolic arrays in VLSI and modem signal processing' (Prentice-Hall, 1985), pp. 178-184 JACOB, A., BANERJEE, P, CHEN, C -Y., FUCHS, W., KUO, S -Y., and REDDY, A.: 'Fault tolerance techniques for systolic arrays', Compute,; 1981, pp. 65-74

these can be corrected by:

Appendix: Proof of Theorem 5

Case 1. If there are two errors that are located in the same row or the same column: (i, j , ) and (i. h) or ( i l , j ) and (i2, j ) , where;, # j2 and i l # iz as shown in Fig. 2a and Fig. Zb, then these errors can be detected by:

m

C, # ncgmodA!,

Cjl # n cb, mod N,

Cja # n mod iV,

j=l

i= I

i= I

01

n,

C;, # n ci,i mod N, j=l

Cj # n ce mod Ai, ;=I

Ci> # n C g mod IV, j-1

All these error pairs can be corrected by:

- 1

ill n ckj, mod N, mod NA = ( i#i )

> -1

or

-I

e;d = ci2 (3 ci21 mod N A ) mod NA

Case 2. If there are two errors that are located in different rows and columns: (il, jl) and (i2, j2), where i l # i2 and

# j2 as shown in Fig. 3, then these errors can be detected by:

C'a # n cw mod NA ,=I

Case 3. If there are three errors that are located in different rows and columns: (il, jl), (i2, j2 ) and (i3, j 3 ) , where i l # iz, i2 f i 3 , i l # i3, j l # j2 , j , #j,, j , # j , as shown in Fig. 4, then these errors can be detected by

Cjt # n cid mod NA j= I

I n

ci2 # n cid mod N~ j= I n,

Ci, # n cid mod N,

Cjl # n eo, mod N,

j=l

i= I

cjz # n ci12 mod N,

cj3 # n cV3 mod N,

;=I

i=l

All these errors can be corrected by:

C . . = Ci, n c,,mod N, mod N, Id' )

Case 4. If there are three errors that are located in the same row or the same column: (i, jl), (I, j2 ) and (i, j,) or (il,j),

and jl #j3 as shown in Fig. 5a and Fig. 5b, then these errors can be detected by:

(b,;) and ( i 3 A where 4 # i2. 12 # i3, i~ #&,A #;~Jz # J 3 ,

m

C, # n c g m o d N,

Cj2 # n coi mod N,

c/' # n e y , mod N,

C ' I # n ea mod N,

j= I i= I

i= l i= I

or

Cjh # n cy mod N, Ci2 # n cW mod N, j= I j= I

I,>

ci, # n cii mod N, cj # n c8 mod N, j=l ;=I

157

All these errors can be corrected by:

or

Case 5. If there are three errors two of which are located in the same row or the same column: (i l , j l) , (il, j 2 ) and (i2,j3) or (il, A), (i2, i d and (i3, j2), where i l # i2, i2 # i3, j l fh and j z # j 3 as shown in Fig. 6a and Fig. 66, then these errors can he detected by:

“i m

Ci, # n cili mod N,

C’l # n cv, mod NA

Cj2 # n cW mod NA

Cjz # n cq2 mod N,

j=l j= I

i= I i=l

C” # n ca mod N, i= I

or

* *

Ci> # n C, mod N, Cc, # n cij mod N,

# n cq, mod N, Cj2 # n c02 mod jV4

;=I j= I

i=l i= I

These errors can be corrected by:

e. . = Ci, n cK12 mod NA mod NA ’” (k#: )-I

-1

158

or

Case 6. If there are three errors that are located in three of the four following locations: (i,, j , ) , (il, jz), (i2, j l ) and (i,, j2), where i l # iz and j, #j2 (they form a vertical triangle in the plane), then these errors can be detected by:

rn

Cil # n cir, mod N, j= I

”I

C, # n cW mod N,

Cjl # n cO, mod NA

j = 1

i= I

CJ2 # n cv2 mod NA i=I

However, to correct these errors, we must know their detailed locations. For example, when the error locations are ( i , , j l ) , (il. j 2 ) and (i2,j2), then the error located in (il. j 2 ) cannot be corrected until the error of ( i l , j , ) or (i2, j2) has been corrected. The error located in (il, j2) can he detected by checking cdl # C&, where

Because there are two errors located in the ilth row ((i,, j , ) and ( i l , j,)) and two errors located in the j2th column ((il,

j 2 ) and (i2, j 2 ) ) , the value of CiJ2 calculated in the row direction (<,J should not be the same as that calculated in the column direction (Ccj2).

In this example, we can first correct the errors of c,,,~, and ci, j 2 by:

then cid, can be corrected by

or

In general, there are four possible error locations, each of which can he identified and corrected by the following procedure.

IEE Proc.-Comp. Digd. Tech., Yo[. 146, No. 3, May 1999

Procedure 1 Step 1. Compute

and

$, - Ci, n ci,/ mod NA mod N, " ' - L ) - I

cC. = Cjl n c ~ , mod NA mod NA '? I t (k#i2 )

Step 2. I f

and

then let cij, = c:,, ciJ2 = c:., compute , - 1

(errors are located at (il, j l ) , (iz, j , ) and (iz, jz)) . and exit. Step 3. If

then let ciJ, = c&, cii2 = cG2, compute

(errors are located at (il, j l ) , (il, j z ) and (iz, j z ) ) , and exit. Step 4. If

and

then let cij, =e$,, e& = c&,, compute

(errors are located at ( i , , j l ) , (il, j z ) and (iz, j l ) ) , and exit. Step 5. If

and

then let cii, = c:~, ci,, =e&, compute

(errors are located at (il, j2), (iz, j l ) and (iz, j z ) ) , and exit. Note that the error detecting conditions for cases 6 and 2

are the same. For simplicity, we can treat case 2 as a special version of case 6. Thus, these two errors in case 2 can be corrected in step 2 of Procedure 1.

IEE Pmc.~comp. Digit. Tech.. Voi. 146, No. 3, May 1999 IS9

Integrated approach for fault tolerance and digital signature in RSA

Documents

Transcript of Integrated approach for fault tolerance and digital signature in RSA