Skip to main content
SpringerLink
Log in

Weaknesses in Current RSA Signature Schemes

  • Conference paper
Information Security and Cryptology - ICISC 2011 (ICISC 2011)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 7259))

Included in the following conference series:

Abstract

This work presents several classes of messages that lead to data leakage during modular exponentiation. Such messages allow for the recovery of the entire secret exponent with a single power measurement. We show that padding schemes as defined by industry standards such as PKCS#1 and ANSI x9.31 are vulnerable to side-channel attacks since they meet the characteristics defined by our classes. Though PKCS#1 states that there are no known attacks against RSASSA-PKCS1-v1_5, the EMSA-PKCS1-v1_5 encoding in fact makes the scheme vulnerable to side-channel analysis. These attacks were validated against a real-world smartcard system, the Infineon SLE78, which ran our proof of concept implementation. Additionally, we introduce methods for the elegant recovery of the full RSA private key from blinded RSA CRT exponents.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. American National Standards Institute: ANSI X9.31-1998: Public Key Cryptography Using Reversible Algorithms for the Financial Services Industry (rDSA) (1998)

    Google Scholar 

  2. Campagna, M., Sethi, A.: Key recovery method for CRT implementation of RSA (2004)

    Google Scholar 

  3. Courrège, J.-C., Feix, B., Roussellet, M.: Simple Power Analysis on Exponentiation Revisited. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 65–79. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  4. Dhem, J.F., et al.: A Practical Implementation of the Timing Attack. In: Working Conference on Smart Card Research and Advanced Application, pp. 167–182 (1998)

    Google Scholar 

  5. Fischer, W., Seifert, J.-P.: High-Speed Modular Multiplication. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 264–277. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  6. Halderman, J.A., et al.: Lest we remember: cold-boot attacks on encryption keys. Commun. ACM 52(5), 91–98 (2009)

    Article  Google Scholar 

  7. Infineon Technologies AG: Contactless SLE 78 family: Next Generation Security, http://goo.gl/qbQ30

  8. Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)

    Google Scholar 

  9. Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Google Scholar 

  10. Krämer, J., Nedospasov, D., Seifert, J.P.: Weaknesses in Current RSA Signature Schemes, Extended Version (2011), http://goo.gl/bu5MS

  11. LeCroy Corporation: WavePro 7 Zi Oscilloscope, http://www.lecroy.com/Oscilloscope/OscilloscopeSeries.aspx?mseries=39

  12. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security). Springer New York, Inc. (2007)

    Google Scholar 

  13. Menezes, A., van Oorschot, P., Vanstone, S.: Handbook of Applied Cryptography. CRC Press (1997)

    Google Scholar 

  14. Miyamoto, A., Homma, N., Aoki, T., Satoh, A.: Enhanced power analysis attack using chosen message against RSA hardware implementations. In: ISCAS, pp. 3282–3285 (2008)

    Google Scholar 

  15. Percival, C.: Cache missing for fun and profit. In: Proc. of BSDCan 2005 (2005)

    Google Scholar 

  16. Quisquater, J.J., Couvreur, C.: Fast decipherment algorithm for RSA public-key cryptosystem. Electronic Letters 18(21), 905–907 (1982)

    Article  Google Scholar 

  17. Quisquater, J.-J., Samyde, D.: ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  18. RSA: PKCS #1 v2.1: RSA Cryptography Standard (2002), ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf

  19. Schindler, W.: A Timing Attack against RSA with the Chinese Remainder Theorem. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 109–124. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  20. Sedlak, H.: Konzept und Entwurf eines Public-Key-Code Kryptographie-Prozessors (1985)

    Google Scholar 

  21. Sedlak, H.: The RSA Cryptography Processor. In: Price, W.L., Chaum, D. (eds.) EUROCRYPT 1987. LNCS, vol. 304, pp. 95–105. Springer, Heidelberg (1988)

    Google Scholar 

  22. Shamir, A.: Method and Apparatus for Protecting Public Key Schemes from Timing and Fault Attacks. US Patent 5991415 (November 23, 1999)

    Google Scholar 

  23. Walter, C., Thompson, S.: Distinguishing Exponent Digits by Observing Modular Subtractions. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 192–207. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  24. Yen, S.-M., Lien, W.-C., Moon, S.-J., Ha, J.C.: Power Analysis by Exploiting Chosen Message and Internal Collisions – Vulnerability of Checking Mechanism for RSA-Decryption. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 183–195. Springer, Heidelberg (2005)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Security in Telecommunications, Technische Universität Berlin and Deutsche Telekom Innovation Laboratories, Germany

    Juliane Krämer, Dmitry Nedospasov & Jean-Pierre Seifert

Authors
  1. Juliane Krämer
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dmitry Nedospasov
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Jean-Pierre Seifert
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. (A06) 6503 School of Computer Science and Engineering, Pusan National University, San-30, JangJeon-Dong, 609-735, GeumJeong-Gu, Busan, South Korea

    Howon Kim

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Krämer, J., Nedospasov, D., Seifert, JP. (2012). Weaknesses in Current RSA Signature Schemes. In: Kim, H. (eds) Information Security and Cryptology - ICISC 2011. ICISC 2011. Lecture Notes in Computer Science, vol 7259. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-31912-9_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-31912-9_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-31911-2

  • Online ISBN: 978-3-642-31912-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation