2011 | OriginalPaper | Chapter
Fault Attacks on the Montgomery Powering Ladder
Authors : Jörn-Marc Schmidt, Marcel Medwed
Published in: Information Security and Cryptology - ICISC 2010
Publisher: Springer Berlin Heidelberg
Activate our intelligent search to find suitable subject content or patents.
Select sections of text to find matching patents with Artificial Intelligence. powered by
Select sections of text to find additional relevant content using AI-assisted search. powered by
Security-aware embedded devices which are likely to operate in hostile environments need protection against physical attacks. For the RSA public-key algorithm, protected versions of the Montgomery powering ladder have gained popularity as countermeasures for such attacks.
In this paper, we present a general fault attack against RSA implementations which use the Montgomery powering ladder. In a first step, we discuss under which realistic fault assumptions our observation can be used to attack basic implementations. In a second step, we extend our attack to a scenario, where the message is blinded at the beginning of the exponentiation algorithm. To the best of our knowledge this is the first fault attack on a blinded Montgomery powering ladder.