Re: [Taler] Fault attacks on RSA in libgcrypt

taler

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] Fault attacks on RSA in libgcrypt

From:	Florian Weimer
Subject:	Re: [Taler] Fault attacks on RSA in libgcrypt
Date:	Mon, 7 Nov 2016 15:39:23 +0100
User-agent:	Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0

On 08/22/2016 07:42 PM, Jeff Burdges wrote:

Dear gcrypt-devel,

I implemented the protection against fault attacks recommended in
"Making RSA-PSS Provably Secure Against Non-Random Faults" by Gilles
Barthe, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire,
Mehdi Tibouchi and Jean-Christophe Zapalowicz.
  https://eprint.iacr.org/2014/252
It worries that a targeted fault attack could subvert the conditional
currently used to protect against fault attacks.

Their fault model seems to assume a Harvard architecture, where it isconceivable that powerful attacks targeting data are available, but nosuch attacks exist for code. Most current systems have a unified memorysubsystem which provides pages for both code and data, so thisassumption does not seem very realistic. This means that their securityproof does not apply to current systems.

Thanks,
Florian

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [Taler] Fault attacks on RSA in libgcrypt, Florian Weimer <=
- Re: [Taler] Fault attacks on RSA in libgcrypt, Andre Amorim, 2016/11/07

Prev by Date: [Taler] git.taler.net
Next by Date: [Taler] Monero
Previous by thread: [Taler] git.taler.net
Next by thread: Re: [Taler] Fault attacks on RSA in libgcrypt
Index(es):
- Date
- Thread