1 research outputs found
Formal Analysis of CRT-RSA Vigilant's Countermeasure Against the BellCoRe Attack: A Pledge for Formal Methods in the Field of Implementation Security
In our paper at PROOFS 2013, we formally studied a few known countermeasures
to protect CRT-RSA against the BellCoRe fault injection attack. However, we
left Vigilant's countermeasure and its alleged repaired version by Coron et al.
as future work, because the arithmetical framework of our tool was not
sufficiently powerful. In this paper we bridge this gap and then use the same
methodology to formally study both versions of the countermeasure. We obtain
surprising results, which we believe demonstrate the importance of formal
analysis in the field of implementation security. Indeed, the original version
of Vigilant's countermeasure is actually broken, but not as much as Coron et
al. thought it was. As a consequence, the repaired version they proposed can be
simplified. It can actually be simplified even further as two of the nine
modular verifications happen to be unnecessary. Fortunately, we could formally
prove the simplified repaired version to be resistant to the BellCoRe attack,
which was considered a "challenging issue" by the authors of the countermeasure
themselves.Comment: arXiv admin note: substantial text overlap with arXiv:1401.817