taler
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] Fault attacks on RSA in libgcrypt


From: Florian Weimer
Subject: Re: [Taler] Fault attacks on RSA in libgcrypt
Date: Mon, 7 Nov 2016 15:39:23 +0100
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.4.0

On 08/22/2016 07:42 PM, Jeff Burdges wrote:

Dear gcrypt-devel,

I implemented the protection against fault attacks recommended in
"Making RSA-PSS Provably Secure Against Non-Random Faults" by Gilles
Barthe, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire,
Mehdi Tibouchi and Jean-Christophe Zapalowicz.
  https://eprint.iacr.org/2014/252
It worries that a targeted fault attack could subvert the conditional
currently used to protect against fault attacks.

Their fault model seems to assume a Harvard architecture, where it is conceivable that powerful attacks targeting data are available, but no such attacks exist for code. Most current systems have a unified memory subsystem which provides pages for both code and data, so this assumption does not seem very realistic. This means that their security proof does not apply to current systems.

Thanks,
Florian




reply via email to

[Prev in Thread] Current Thread [Next in Thread]