RSA Speedup with Chinese Remainder Theorem Immune against

  • Slides: 17
Download presentation
RSA Speedup with Chinese Remainder Theorem Immune against Hardware Fault Cryptanalysis Author: Sung-Ming Yen,

RSA Speedup with Chinese Remainder Theorem Immune against Hardware Fault Cryptanalysis Author: Sung-Ming Yen, Seugjoo Kim, Seongan Lim and Sang-Jae Moon Source: IEEE Transactions on Computers, Vol. 52, No. 4, pp. 461 -472, April 2003 Data: 10/2/2003 Speaker: Jui-Yi Kuo 1

Outline n n n Motivation Previous Countermeasures CRT-1 Protocol & CRT-2 Protocol Performance Conclusions

Outline n n n Motivation Previous Countermeasures CRT-1 Protocol & CRT-2 Protocol Performance Conclusions 2

Motivation n n Sign by Smart IC card Computing in finite resource How to

Motivation n n Sign by Smart IC card Computing in finite resource How to Speedup How to Immune against Hardware Fault Cryptanalysis 3

CRT(Chinese Remainder Theorem) where and 4

CRT(Chinese Remainder Theorem) where and 4

RSA notation m : message s : signature for m d : secret key

RSA notation m : message s : signature for m d : secret key e, n: public key p, q : primes 5

RSA signature m m send m ? Secret d sig S 6

RSA signature m m send m ? Secret d sig S 6

The CRT-Based Cryptanalysis 7

The CRT-Based Cryptanalysis 7

Previous Countermeasures n n Performing calculations twice Applying a verification on the computed result

Previous Countermeasures n n Performing calculations twice Applying a verification on the computed result to detect any fault 8

CRT-1 Protocol 9

CRT-1 Protocol 9

CRT-1 Protocol (Cont. ) 10

CRT-1 Protocol (Cont. ) 10

CRT-1 Protocol (Example) 11

CRT-1 Protocol (Example) 11

CRT-1 Protocol (Example-Cont. ) 12

CRT-1 Protocol (Example-Cont. ) 12

CRT-2 Protocol 13

CRT-2 Protocol 13

CRT-2 Protocol (Example) 14

CRT-2 Protocol (Example) 14

Performance n n Step 2 of CRT-1 need more time but less resource than

Performance n n Step 2 of CRT-1 need more time but less resource than Step 2 of CRT-2 Some computation of CRT can be finished earlier 15

Performance(Complexity) CRT-Based CRT-1 when One of sp and sq is error Complexity of that

Performance(Complexity) CRT-Based CRT-1 when One of sp and sq is error Complexity of that generate p or q O(1) CRT-2 One of sp and sq is error with er be known O(n) 16

Conclusions n n n Two novel protocols can speed up the RSA signature or

Conclusions n n n Two novel protocols can speed up the RSA signature or decryption with RNS(residue number system) Immune against hardware fault cryptanalysis No need to performing calculations twice and Applying a verification on the computed result to detect any fault 17