[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Taler] Fault attacks on RSA in libgcrypt
|
From: |
Stephan Mueller |
|
Subject: |
Re: [Taler] Fault attacks on RSA in libgcrypt |
|
Date: |
Tue, 23 Aug 2016 07:54:22 +0200 |
|
User-agent: |
KMail/5.2.3 (Linux/4.6.6-300.fc24.x86_64; KDE/5.25.0; x86_64; ; ) |
Am Montag, 22. August 2016, 19:42:42 CEST schrieb Jeff Burdges:
Hi Jeff,
> Dear gcrypt-devel,
>
> I implemented the protection against fault attacks recommended in
> "Making RSA-PSS Provably Secure Against Non-Random Faults" by Gilles
> Barthe, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire,
> Mehdi Tibouchi and Jean-Christophe Zapalowicz.
> https://eprint.iacr.org/2014/252
> It worries that a targeted fault attack could subvert the conditional
> currently used to protect against fault attacks.
May I ask why that patch is limited to rsa_sign? Shouldn't the decrypt part
also be covered with a similar logic considering that it also operates with
the private key?
Ciao
Stephan