| 摘要: | 隨著電腦與網路科技的進步,許多電子消費系統已經被廣泛地應用在我們日常生活之中,這些系統需要透過網路傳遞大量的資訊,為了保護個人資料與隱私,資訊安全的重要性逐漸地受到大家的重視。 自從Bellcore實驗室於1996年提出錯誤攻擊之後,此攻擊已經對密碼系統的實作造成重大的威脅,尤其是實作在智慧卡上之系統。到目前為止,許多常用的密碼系統皆被證實會遭受到錯誤攻擊,為了維護安全性,在實作密碼系統時我們必需考慮如何防禦錯誤攻擊。 RSA是一個被廣泛使用的密碼系統,利用中國餘數定理(CRT)可以加速RSA的運算,然而CRT -RSA卻會遭受到錯誤攻擊,造成模數N被輕易地分解。錯誤傳染(fault infection)是種防禦錯誤攻擊的方式,此方式可以移除檢查程序會遭受錯誤攻擊的危機。在本論文的第一部分,我們將先分析舊有錯誤傳染防禦法之缺點,然後根據這些缺失設計新的防禦法,新的防禦法將可以抵擋已被提出的錯誤攻擊方式。 指數運算是許多公開金鑰密碼系統的核心運算,也和系統的安全性息息相關。過去有不少針對右到左指數運算演算法的錯誤攻擊被提出,在本論文的第二部分,我們將舊有的錯誤攻擊方式經改良後,延伸來攻擊左到右指數運算演算法,而改良過後的錯誤攻擊也能適用於Montgomery ladder指數運算演算法。 With the growing of computer technology and networks, many applications, such as micropayment and on-line shopping, have been widely used in our daily life. These applications need to transport much information through the Internet connections. Consequently, to protect personal secrets and privacy, the security has become more and more important. Since Bellcore laboratory proposed the fault attacks, the fault attacks have become serious threats to the implementation of cryptography, especially on smart cards, and many kinds of fault attacks have been proposed to break various cryptosystems. For security, to resist fault attacks is an important thing when implementing cryptosystems. RSA is a widely used cryptosystem nowadays, and an efficient method to speed up the computation of RSA is using Chinese Remainder Theorem (CRT). However, it has been presented that the RSA modulus N can be factored easily under fault attacks on CRT-RSA. Many countermeasures have been proposed, and the fault infection is a kind of method which can remove the danger of fault attacks against checking procedures. However, most countermeasures based on fault infection have been proved insecure. In this thesis, we will first show that the Yang et al.'s countermeasure based on fault infection is still insecure, and then propose two countermeasures with secure fault infective computation. We prove that our countermeasures can resist all known fault attacks against CRT-RSA. Moreover, the proposed infective computation can combine with other fast checking methods to improve the efficiency. The exponentiation (or scalar multiplication on ECC) is a critical operation in most publickey cryptosystems. Some fault attacks against the exponentiation or the scalar multiplication have been proposed. In this thesis, based on the previous fault attacks against right-to-left exponentiation, we propose an extended fault attack against the left-to-right exponentiation (or scalar multiplication) on discrete logarithm based publickey cryptosystems. Our attack can also extend to the Montgomery ladder algorithm. |
