[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] Fault attacks on RSA in libgcrypt

From: Stephan Mueller
Subject: Re: [Taler] Fault attacks on RSA in libgcrypt
Date: Tue, 23 Aug 2016 07:54:22 +0200
User-agent: KMail/5.2.3 (Linux/4.6.6-300.fc24.x86_64; KDE/5.25.0; x86_64; ; )

Am Montag, 22. August 2016, 19:42:42 CEST schrieb Jeff Burdges:

Hi Jeff,

> Dear gcrypt-devel,
> I implemented the protection against fault attacks recommended in
> "Making RSA-PSS Provably Secure Against Non-Random Faults" by Gilles
> Barthe, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire,
> Mehdi Tibouchi and Jean-Christophe Zapalowicz.
>   https://eprint.iacr.org/2014/252
> It worries that a targeted fault attack could subvert the conditional
> currently used to protect against fault attacks.

May I ask why that patch is limited to rsa_sign? Shouldn't the decrypt part 
also be covered with a similar logic considering that it also operates with 
the private key?


reply via email to

[Prev in Thread] Current Thread [Next in Thread]