| dc.description.abstract | With the growing of computer technology and networks, many applications, such as micropayment and on-line shopping, have been widely used in our daily life. These applications need to transport much information through the Internet connections. Consequently, to protect personal secrets and privacy, the security has become more and more important.
Since Bellcore laboratory proposed the fault attacks, the fault attacks have become serious threats to the implementation of cryptography, especially on smart cards, and many kinds of fault attacks have been proposed to break various cryptosystems. For security, to resist fault attacks is an important thing when implementing cryptosystems.
RSA is a widely used cryptosystem nowadays, and an efficient method to speed up the computation of RSA is using Chinese Remainder Theorem (CRT). However, it has been presented that the RSA modulus N can be factored easily under fault attacks on CRT-RSA. Many countermeasures have been proposed, and the fault infection is a kind of method which can remove the danger of fault attacks against checking procedures. However, most countermeasures based on fault infection have been proved insecure. In this thesis, we will first show that the Yang et al.’’s countermeasure based on fault infection is still insecure, and then propose two countermeasures with secure fault infective computation. We prove that our countermeasures can resist all known fault attacks against CRT-RSA. Moreover, the proposed infective computation can combine with other fast checking methods to improve the efficiency.
The exponentiation (or scalar multiplication on ECC) is a critical operation in most publickey cryptosystems. Some fault attacks against the exponentiation or the scalar multiplication have been proposed. In this thesis, based on the previous fault attacks against right-to-left exponentiation, we propose an extended fault attack against the left-to-right exponentiation (or scalar multiplication) on discrete logarithm based publickey cryptosystems. Our attack can also extend to the Montgomery ladder algorithm.
| en_US |