Filters








38 Hits in 6.0 sec

New Results for Partial Key Exposure on RSA with Exponent Blinding

Stelvio Cimato, Silvia Mella, Ruggero Susella
2015 Proceedings of the 12th International Conference on Security and Cryptography  
In 1998, Boneh, Durfee and Frankel introduced partial key exposure attacks, a novel application of Coppersmith's method, to retrieve an RSA private key given only a fraction of its bits.  ...  This countermeasure has also the side-effect of modifying the RSA equation used by partial key exposure attacks, in a way studied by Joye and Lepoint in 2012.  ...  The application of partial key exposure, when exponent blinding is used as side-channel countermeasure, would allow the imperfect attacker to still recover the correct private exponent.  ... 
doi:10.5220/0005571701360147 dblp:conf/secrypt/CimatoMS15 fatcat:z4xlwabdrvadblonvhaln6izvy

Déjà Vu: Side-Channel Analysis of Mozilla's NSS [article]

Sohaib ul Hassan, Iaroslav Gridin, Ignacio M. Delgado-Lozano, Cesar Pereida García, Jesús-Javier Chi-Domínguez, Alejandro Cabrera Aldaya, Billy Bob Brumley
2020 arXiv   pre-print
Our evaluation uncovers several new vulnerabilities in NSS affecting DSA, ECDSA, and RSA cryptosystems.  ...  In this work, we present another instance of this issue by performing the first library-wide SCA security evaluation of Mozilla's NSS security library.  ...  The first author was supported in part by the Tuula and Yrjö Neuvo Fund through the Industrial Research Fund at Tampere University of Technology.  ... 
arXiv:2008.06004v1 fatcat:nmushfo5ujg5boynvxumo5dhsy

On the Insecurity of Proactive RSA in the URSA Mobile Ad Hoc Network Access Control Protocol

Stanisław Jarecki, Nitesh Saxena
2010 IEEE Transactions on Information Forensics and Security  
Our attack stems from the fact that the threshold signature protocol which is a part of this proactive RSA scheme leaks some seemingly innocuous information about the secret signature key.  ...  In this paper, we show an attack on this proposed proactive RSA scheme, in which an admissible threshold of malicious group members can completely recover the group RSA secret key in the course of the  ...  Note that revealing φ(N ) enables anyone to immediately compute the RSA private key d = e −1 (mod φ(N )) from the RSA public key (e, N ).  ... 
doi:10.1109/tifs.2010.2058104 fatcat:4qa52da3qbgupigimk4ymajxtm

Certified Side Channels [article]

Cesar Pereida García, Sohaib ul Hassan, Nicola Tuveri, Iaroslav Gridin, Alejandro Cabrera Aldaya, Billy Bob Brumley
2020 arXiv   pre-print
We demonstrate that the format in which private keys are persisted impacts Side Channel Analysis (SCA) security.  ...  We uncover a combination of weaknesses and vulnerabilities, in extreme cases inducing completely disjoint multi-precision arithmetic stacks deep within the cryptosystem level for keys that otherwise seem  ...  The check function takes as input an RSA key, parses the key, and reads all of the private and public components, checking the correctness of all the components.  ... 
arXiv:1909.01785v2 fatcat:3j2dpdg2k5b3ze5cgyzoq2yzii

Return of the Hidden Number Problem

Keegan Ryan
2018 Transactions on Cryptographic Hardware and Embedded Systems  
This pattern is exploited in a full proof of concept attack against OpenSSL, demonstrating that it is possible to extract a 256-bit ECDSA private key using a simple cache attack after observing only a  ...  Side channels have long been recognized as a threat to the security of cryptographic applications.  ...  Acknowledgments I would like to thank Thomas Pornin for his insightful review of early drafts, and I would also like to thank David Wong, Andy Grant, Audrey Erpelding, and the anonymous reviewers for their  ... 
doi:10.13154/tches.v2019.i1.146-168 dblp:journals/tches/Ryan19 fatcat:gkgsgz6rwvbunmqay7ji7vcqoe

The Return of Coppersmith's Attack

Matus Nemec, Marek Sys, Petr Svenda, Dusan Klinec, Vashek Matyas
2017 Proceedings of the 2017 ACM SIGSAC Conference on Computer and Communications Security - CCS '17  
library su er from a signi cant loss of entropy.  ...  We report on our discovery of an algorithmic aw in the construction of primes for RSA key generation in a widely-used library of a major manufacturer of cryptographic hardware. e primes generated by the  ...  We acknowledge the support of the Czech Science Foundation under project GA16-08565S. e access to the computing and storage resources of National Grid Infrastructure MetaCentrum (LM2010005) is also greatly  ... 
doi:10.1145/3133956.3133969 dblp:conf/ccs/NemecSSKM17 fatcat:jamh4nu7njasxl3tqaagpztlua

Just a Little Bit More [chapter]

Joop van de Pol, Nigel P. Smart, Yuval Yarom
2015 Lecture Notes in Computer Science  
Furthermore, whereas previous works require direct information on ephemeral key bits, our attack utilizes the indirect information from the wNAF double and add chain.  ...  We extend the FLUSH+RELOAD side-channel attack of Benger et al. to extract a significantly larger number of bits of information per observed signature when using OpenSSL.  ...  Acknowledgements The authors would like to thank Ben Sach for helpful conversations during the course of this work.  ... 
doi:10.1007/978-3-319-16715-2_1 fatcat:mvmmm7kjnvg57fabjjwcrfwffu

RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis [chapter]

Daniel Genkin, Adi Shamir, Eran Tromer
2014 Lecture Notes in Computer Science  
The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts  ...  In this paper we describe a new acoustic cryptanalysis key extraction attack, applicable to GnuPG's current implementation of RSA.  ...  We are indebted to Pankaj Rohatgi for inspiring the origin of this research, and to Nir Yaniv for use of the Nir Space Station recording studio and for valuable advice on audio recording.  ... 
doi:10.1007/978-3-662-44371-2_25 fatcat:x4zapyj7ujcl7pzvw7ukhaen3y

PKC-PC: A Variant of the McEliece Public Key Cryptosystem based on Polar Codes

Reza Hooshmand, Masoumeh Koochak Shooshtari, Mohammad Reza Aref
2020 IET Communications  
Polar codes are novel and efficient error-correcting codes with low encoding and decoding complexities.  ...  A variant of the McEliece public-key cryptosystem based on polar codes, called the PKC-PC, is studied.  ...  To generate the private and public keys of the McEliece scheme, four matrices are generated as follows: (i) G is a k × n binary Goppa code's generator matrix with t error correction capability and its  ... 
doi:10.1049/iet-com.2019.0689 fatcat:gzqegh3qu5g6zce2jbakb42lvy

Guarding Machine Learning Hardware Against Physical Side-Channel Attacks [article]

Anuj Dubey, Rosario Cammarota, Vikram Suresh, Aydin Aysu
2021 arXiv   pre-print
We quantify that the area-delay overhead of masking ranges from 5.4× to 4.7× depending on the adder topology used and demonstrate first-order side-channel security of millions of power traces.  ...  ML being a relatively new target compared to cryptography poses the problem of side-channel analysis in a context that lacks published literature.  ...  This is analogous to the scenario in cryptography where an adversary, even after knowing the implementation of a cipher, cannot break it without the correct key.  ... 
arXiv:2109.00187v1 fatcat:u3oetgwqvnbxpahgbfl6clh6ym

Wireless Sensor Network Security

An Liu, Mihui Kim, Leonardo B. Oliveira, Hailun Tan
2013 International Journal of Distributed Sensor Networks  
Acknowledgements We wish to thank Alexander Becher and Maximillian Dornseif for many helpful discussions and the delightful previous cooperation in breaking sensors [6] which formed the basis of Section  ...  From this we can already conclude that the RSA encryption (public operation) is much more efficient than RSA decryption (private operation).  ...  RSA, Rabin and DSA Signatures RSA Signature Scheme The key setup of the RSA signature scheme is the same as the key setup of the RSA encryption scheme.  ... 
doi:10.1155/2013/362385 fatcat:2ph46uukonbtbdkc5q6t4mvgcq

Ultra-Low-Power Design and Hardware Security Using Emerging Technologies for Internet of Things

2017 Electronics  
There is a large amount of rush-through current from the power supply to ground when a multi-threshold CMOS circuit switches from sleep to active mode.  ...  Key Low Power Techniques in Digital, Analog, and Mixed-Signal Circuits Digital Circuits Scaling of CMOS devices have continued for many decades to provide faster switching speed and lower power consumption  ...  Conflicts of Interest: The authors declare no conflict of interest.  ... 
doi:10.3390/electronics6030067 fatcat:ozssarlb2ng5pcdsupo2hljyna

On the Properties of Non-Media Digital Watermarking: A Review of State of the Art Techniques

Arezou Soltani Panah, Ron Van Schyndel, Timos Sellis, Elisa Bertino
2016 IEEE Access  
For example, a loose definition of robustness might be in terms of the resilience of a watermark against normal host data operations, and of invisibility as resilience of the data interpretation against  ...  As the last aim, we look at the new challenges of digital watermarking that have arisen with the evolution of big data.  ...  The authentication watermark is a group basis hash generated from two private keys that returns L bits from a string R in a random fashion.  ... 
doi:10.1109/access.2016.2570812 fatcat:2xxteahvprepzekaqqbbyey7hi

The Secure Machine: Efficient Secure Execution On Untrusted Platforms [article]

Ofir Shwartz, Yitzhak Birk
2018 arXiv   pre-print
SeM uses a small amount of in-chip additional hardware that monitors key communication channels inside the CPU chip, and only acts when required.  ...  SeM supports existing binaries of single- and multi-threaded applications running on single- or multi-core, multi-CPU.  ...  program's private key.  ... 
arXiv:1803.03951v1 fatcat:judqg442wvekdbevambchu3o6i

Cryptanalysis of RSA variants using small roots of polynomials [article]

Jochemsz, E (Ellen), Tilborg, HCA (Henk) Van, Weger, BMM (Benne) De
2007
Partial key exposure attacks on RSA 4 .2 Known attacks The known attacks from [12] on RSA-Small-e with known MSBs of d are summarized in the following theorem.  ...  Using a side channel, an attacker can expose a part of d, generally some MSBs (most significant bits) or LSBs (least significant bits).  ...  In this way, one profits from the fast decryption method of CRT-Small-d p , d q , while one only has to store one of the two private CRT-exponents.  ... 
doi:10.6100/ir628814 fatcat:ajzqgeihbfbardq6x5dileansy
« Previous Showing results 1 — 15 out of 38 results