|
| From: | Andre Amorim |
| Subject: | Re: [Taler] Fault attacks on RSA in libgcrypt |
| Date: | Mon, 7 Nov 2016 16:17:20 +0000 |
On 08/22/2016 07:42 PM, Jeff Burdges wrote:
Dear gcrypt-devel,
I implemented the protection against fault attacks recommended in
"Making RSA-PSS Provably Secure Against Non-Random Faults" by Gilles
Barthe, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire,
Mehdi Tibouchi and Jean-Christophe Zapalowicz.
https://eprint.iacr.org/2014/252
It worries that a targeted fault attack could subvert the conditional
currently used to protect against fault attacks.
Their fault model seems to assume a Harvard architecture, where it is conceivable that powerful attacks targeting data are available, but no such attacks exist for code. Most current systems have a unified memory subsystem which provides pages for both code and data, so this assumption does not seem very realistic. This means that their security proof does not apply to current systems.
Thanks,
Florian
_______________________________________________
Gcrypt-devel mailing list
address@hidden
http://lists.gnupg.org/mailman/listinfo/gcrypt-devel
| [Prev in Thread] | Current Thread | [Next in Thread] |