On the Importance of Checking Cryptographic Protocols for Faults

On the Importance of Checking Cryptographic Protocols for Faults

1997 | Dan Boneh, Richard A. DeMillo, Richard J. Lipton
The paper presents a theoretical model for breaking various cryptographic schemes by exploiting random hardware faults. It demonstrates how to attack implementations of RSA and Rabin signatures, as well as authentication protocols like Fiat-Shamir and Schnorr, using hardware faults. The authors introduce three types of faults: transient faults, latent faults, and induced faults, and show that these can be used to recover secret information or break the security of cryptographic systems. Specifically, they demonstrate that: 1. **RSA and Rabin Signatures**: Using transient faults, it is possible to factor the modulus and recover the secret exponent with high probability. 2. **Fiat-Shamir Identification Scheme**: By inducing register faults during the protocol execution, an adversary can recover the secret key with a small number of faulty runs of the protocol. 3. **Schnorr Identification Scheme**: With a sufficient number of faulty runs, the secret can be recovered with high probability. The paper also discusses methods to defend against such attacks, such as verifying computations and adding error detection bits to protect internal state. The authors emphasize the importance of these measures for security and highlight open problems, including the potential to reduce the number of required faults.The paper presents a theoretical model for breaking various cryptographic schemes by exploiting random hardware faults. It demonstrates how to attack implementations of RSA and Rabin signatures, as well as authentication protocols like Fiat-Shamir and Schnorr, using hardware faults. The authors introduce three types of faults: transient faults, latent faults, and induced faults, and show that these can be used to recover secret information or break the security of cryptographic systems. Specifically, they demonstrate that: 1. **RSA and Rabin Signatures**: Using transient faults, it is possible to factor the modulus and recover the secret exponent with high probability. 2. **Fiat-Shamir Identification Scheme**: By inducing register faults during the protocol execution, an adversary can recover the secret key with a small number of faulty runs of the protocol. 3. **Schnorr Identification Scheme**: With a sufficient number of faulty runs, the secret can be recovered with high probability. The paper also discusses methods to defend against such attacks, such as verifying computations and adding error detection bits to protect internal state. The authors emphasize the importance of these measures for security and highlight open problems, including the potential to reduce the number of required faults.
Reach us at info@study.space