Fault attacks on RSA in libgcrypt

Andre Amorim andre at amorim.me
Mon Nov 7 17:17:20 CET 2016


Thanks Jeff

On 7 November 2016 at 14:39, Florian Weimer <fweimer at redhat.com> wrote:

> On 08/22/2016 07:42 PM, Jeff Burdges wrote:
>
>>
>> Dear gcrypt-devel,
>>
>> I implemented the protection against fault attacks recommended in
>> "Making RSA-PSS Provably Secure Against Non-Random Faults" by Gilles
>> Barthe, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire,
>> Mehdi Tibouchi and Jean-Christophe Zapalowicz.
>>   https://eprint.iacr.org/2014/252
>> It worries that a targeted fault attack could subvert the conditional
>> currently used to protect against fault attacks.
>>
>
> Their fault model seems to assume a Harvard architecture, where it is
> conceivable that powerful attacks targeting data are available, but no such
> attacks exist for code.  Most current systems have a unified memory
> subsystem which provides pages for both code and data, so this assumption
> does not seem very realistic.  This means that their security proof does
> not apply to current systems.
>
> Thanks,
> Florian
>
>
> _______________________________________________
> Gcrypt-devel mailing list
> Gcrypt-devel at gnupg.org
> http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20161107/c29672f1/attachment.html>


More information about the Gcrypt-devel mailing list