Since its first introduction by Bellcore researchers [BDL97], fault injections have been considered as a powerful and practical way to attack cryptosystems, especially when they are implemented on embedded devices. Among published attacks, Brier et al. followed the work initiated by Seifert to raise the problem of protecting RSA public elements. We describe here a new fault attack on RSA public elements. Under a very natural fault model, we show that our attack is more efficient than previously published ones. Moreover, the general strategy described here can be applied using multiple transient fault models, increasing the practicability of the attack. Both the theoretical analysis of the success probability, and the experimental results - obtained with the GMP Library on a PC -, provide evidence that this is a real threat for all RSA implementations, and confirm the need for protection of the public key.
展开▼