Fault attacks on multi-prime RSA signatures

At CHES 2009, Coron et al. proposed a fault attack on standard RSA signatures based on Coppersmith’s method. This work greatly enhances the practicality of fault attacks on RSA signatures. In practice, multi-prime RSA signatures are widely used due to their faster generation speed. In this paper, we propose fault attacks on multi-prime RSA signatures under the PKCS#1 v2.x protocols. We conduct the fault attacks based on Coppersmith’s method in various scenarios. To be specific, we first consider the case where there is only one fault signature, and then we consider the cases where there are multiple fault signatures with co-prime moduli, common moduli, and arbitrary moduli. For each case, we give the upper bound of the unknowns that can be solved in polynomial time, which improves the practicability of the attacks. Our research is grounded in the EMSA-PKCS1-v1_5 encoding method and has been verified by experiments.