Method and device for countering fault attacks

摘要

The public exponent e of an RSA key is embedded in a RSA key object that lacks this exponent. During exponentiation, the public exponent e may be extracted and used to verify that the result of the exponentiation is correct. The result is output only if this is the case. The invention counters fault-attacks. Also provided are an apparatus and a computer program product.

主权项

1. A method for calculating an exponentiation, the method being resistant against fault-attacks and comprising the steps, in a device, of:
obtaining a RSA private key object, the RSA private key object being associated with a matching public exponent; obtaining a result of an exponentiation using the RSA private key object; obtaining the matching public exponent; and verifying, using the matching public exponent, that the result of the exponentiation is correct; wherein, in standard mode: the RSA private key object comprises the RSA modulus N, the matching public exponent e being obtained by extraction from the RSA modulus N in which it is embedded; and wherein, in CRT mode: the RSA private key object comprises the factors of the RSA modulus N, the matching public exponent e being obtained by extraction from one of the factors of the RSA modulus N or from a product of the factors of the RSA modulus N.