CRT RSA Algorithm Protected Against Fault Attacks

1
CRT RSA Algorithm Protected Against FaultAttacks
Arnaud BOSCHER Spansion EMEA Robert
NACIRI Oberthur Card Systems Emmanuel
PROUFF Oberthur Card Systems

• WISTP - 5/10/07

2
Agenda

• RSA and Physical Attacks
• Modular Exponentiation Algorithm Resistant
  against Physical Attacks
• CRT RSA Algorithm Resistant against Physical
  Attacks

3
RSA and Physical Attacks
4
RSA Algorithm

• Public key
• Modulus N
• Public Exponent e
• Private key
• Modulus N p . q
• Private Exponent d e-1 mod (p-1) . (q-1)
• RSA Signature Generation
• S Md mod N
• RSA Signature Verification
• Check M Se mod N ?

5
RSA Algorithm Using Chinese Remainder Theorem

• Private key CRT format
• Private Modulus prime number p
• Private Modulus prime number q
• Private Exponent dp e-1 mod p-1
• Private Exponent dq e-1 mod q-1
• Value A p-1 mod q
• RSA Signature using CRT
• Sp Mdp mod p
• Sq Mdq mod q
• S ((Sq - Sp) . A mod q) . p Sp

6
Right-to-Left Modular Exponentation

• Input M, d (dn-1, . . . , d0)2, N
• Output Md mod N
• S ? 1
• A ? M
• For i from 0 to n - 1 do
• If di 1 then S ? S . A mod N
• A ? A2 mod N
• Return (S)

7
Simple Power Analysis

• Measurement of power consumption when the
  embedded device executes RSA
• Modular Multiplication and Modular Square with
  different power consumptions
• 2 consecutive Modular Squares ? di 0
• Modular Multiplication followed by a Modular
  Square ? di 1
• Classical Countermeasure always perform a
  Modular Multiplication

8
Fault Analysis and Differential Fault Analysis

• Make external perturbation when the embedded
  device executes RSA to get an erroneous result
• DFA on CRT RSA
• Sp Mdp mod p e
• Sq Mdq mod q
• S ((Sq - Sp) . A mod q) . p Sp
• Gcd(Se mod N - M, N) q
• Classical Countermeasures
• perform twice the signature
• check it with the public exponent (if known)

9
Safe-Errors Attacks

• Other kind of Fault Attacks
• Countermeasure against SPA ? weakness w.r.t Fault
  Attacks
• Attack the multiplication
• Final result correct ? dummy multiplication ?
  exponent bit was 0
• Final result wrong ? real multiplication ?
  exponent bit was 1
• Retrieve the whole secret exponent bit by bit
• Difficult to counteract SPA and FA together

10
Modular Exponentiation Resistant to Simple Power
Analysis and Fault Attacks
11
SPA-Resistant Modular Exponentiation Algorithm

• Starting from the SPA-resistant algorithm
• Input M, d (dn-1, . . . , d0)2, N
• Output Md mod N
• S0 ? 1
• S1 ? 1
• A ? M
• For i from 0 to n - 1 do
• If di 1 then S0 ? S0 . A mod N
• If di 0 then S1 ? S1 A mod N
• A ? A2 mod N
• Return (S0)

12
Observations

• Loop of the algorithm
• For i from 0 to n - 1 do
• If di 1 then S0 ? S0.A mod N
• If di 0 then S1 ? S1.A mod N
• A ? A2 mod N
• A is independent of the exponent d
• A M2n mod N
• S1 is the result of the modular exponentiation
  of M by not(d) 2n-d-1
• S1 M2n-d-1 mod N
• At every step, we have the following relation
• M . S0 . S1 A mod N

13
SPA/FA-Resistant Right-to-Left Modular
Exponentiation

• Input M, d (dn-1, . . . , d0)2,N
• Output Md mod N or Error
• S0 ? 1
• S1 ? 1
• A ? M
• For i from 0 to n - 1 do
• Sdi ? Sdi A mod N
• A ? A2 mod N
• If (M . S0 . S1 A mod N) then
• Return (S0)
• Else
• Return (Error)

14
Algorithm Analysis

• Cost 2 modular multiplications compared to the
  SPA version
• Resistance against SPA always a multiplication
  before a square.
• Security proof against DFA and Safe-Errors
  Attacks in the following Attacker Model
• Can only perform one fault
• Can make any modification e on any variable X
  X e

15
Security Proof

• Algorithm divided in finite states that
  corresponds to single steps computation
• S0 1 ? Md0 ? Md1.2d0 ? ? Md
• Fault Attack between two computations in S0
• 1 ? ? M(di-1, , d0)2 ? M(di, , d0)2
  e ? ? Md e
• Final result S0 Md e . (M2i)(dn, ,
  di1)2
• Equality doesnt hold S0 . S1 . M ? M2n if
  e ? 0
• Same behavior for S1

16
Security Proof the A variable case

• Error on variable A also impacts S0 and S1
• Error needs to be written in a multiplicative
  way
• A A e A . ß
• A M2n . ß2n-i
• S0 . S1 . M M2n . ß2n-i-1
• Equality doesnt hold S0 . S1 . M ? A if ß
  ? 1, i.e. if e ? 0

17
CRT RSA Resistant to Fault Attacks
18
FA-Resistant CRT-RSA

• Having a DFA-resistant exponentiation is not
  enough to have a DFA-resistant CRT RSA
• recombination step can be attacked
• Involve all the variables of the DFA-resistant
  exponentiation algorithm to protect the
  recombination
• SPA/DFA-resistant exponentiation algorithm
  outputs
• (S1 , S2 , T) ? (Md , Mnot(d) , M2n)
• Perform 3 recombinations and make final check

19
FA-Resistant CRT-RSA Signature

• Input M, p, q, dp, dq, A, and b the bit-length
  of p and q
• Output S or Error
• (S1p , S2p , Tp) ? (Mdp mod p , M2b-dp-1 mod p ,
  M2b mod p)
• (S1q , S2q , Tq) ? (Mdq mod q , M2b-dq-1 mod q ,
  M2b mod q)
• S1 ? ((S1q - S1p) A mod q) p S1p
• S2 ? ((S2q - S2p ) A mod q) p S2p
• T ? ((Tq - Tp) A mod q) p Tp
• If (M S1 S2 T mod N) then
• Return (S1)
• Else
• Return (Error)

20
Correctness of the algorithm

• Result of the 3 recombinations
• S1 ((S1q - S1p) A mod q) p S1p Md mod N
• S2 ((S2q - S2p ) A mod q) p S2p M2b-d-1
  mod N
• T ((Tq - Tp) A mod q) p Tp M2b mod N
• Equality holds M S1 S2 T mod N

21
Algorithm Analysis

• Cost 2 additional recombinations
• Memory occupation larger alternative solution
  with less memory overhead proposed in the paper
• detects an error with some probability

22
Conclusion

• New modular exponentiation algorithm resistant
  against SPA/DFA
• Proof of security in a realistic fault model
• Suitable for low cost devices
• Can be used to construct SPA/DFA-resistant CRT
  RSA signature algorithm
• Can be adapted to compute SPA/DFA-resistant
  scalar multiplication for elliptic curve
  cryptography

23

• THANK YOU FOR YOUR ATTENTION

24
(No Transcript)
25
Trademark Attribution

• Spansion, the Spansion Logo, MirrorBit, HD-SIM,
  ORNAND, and combinations thereof are trademarks
  of Spansion LLC. Other names used in this
  presentation are for informational purposes only
  and may be trademarks of their respective owners.