From: John Young <jya@pipeline.com>
Date: Thu, 31 Oct 1996 14:02:35 -0800 (PST)
To: cypherpunks@toad.com
Subject: On the Importance of Checking Computations
Message-ID: <1.5.4.32.19961031220115.006ad018@pop.pipeline.com>
MIME-Version: 1.0
Content-Type: text/plain


The Bellcore report,  "On the Importance of Checking Computations" 
on technical details of fault-based cracking reported in today's FT, 
is available at:

     http://www.bellcore.com/SMART/index.html

Here's an outline:

On the Importance of Checking Computations
(Extended abstract)

Don Boneh, Richard A. DeMillo, and Richard J. Lipton
Math and Cryptography Research Group, Bellcore

Abstract: We present a theoretical model for breaking various
cryptographic schemes by taking advantage of random hardware
faults. We show how to attack certain implementations of RSA
and Rabin signatures. We also show how various authentication
protocols, such as Fiat-Shamir and Schnoor, can be broken
using hardware faults.

1. Introduction

     Transient faults
     Latent faults
     Induced faults

2. Chinese remainder based implementations

     2.1 The RSA system
     2.2 RSA's vulnerability to hardware faults

3. Register faults

4. The Fiat-Shamir identification scheme

     Theorem 4.1

     4.1 A modification of the Fiat-Shamir scheme

5. Attacking Schnoor's identification scheme

     Theorem 5.1

6. Breaking other implementations of RSA

     Theorem 6.1

7. Protecting against an attack based on hardware faults

8. Summary

References

-----

Registration is required for access. Two formats are available: 
Acrobat PDF (112kb) and Postscript PS (86kb).

Before registration, there is a brief "context" at:

     http://www.bellcore.com/SMART/secwp.html

Here's the first two paragraphs:


Context for "On the Importance of Checking Computations"

"On the Importance of Checking Computations" describes a 
fault-based method for breaking various cryptographic 
algorithms and exposes the degree to which computing faults 
can compromise information security. Once the authors -- 
Richard DeMillo, Dan Boneh and Richard Lipton -- articulated 
and proved their conceptual breakthrough, they realized that 
it might be successful in a wide variety of application
scenarios. Fault-based attacks potentially endanger many 
network security products and systems. The paper
summarizes the proof for the basic attack. 

Proof for fault-based cryptanalysis builds on the premise that 
an adversary can observe a faulty computation that occurs 
during cryptographic transactions. The faults that are exploited 
can occur at various sublevels within the logic level of a 
computing device -- that is, in the switching circuitry where 
arithmetic operations are performed or in the register transfer 
area where temporary values are stored in memory. The 
likelihood of faults occurring is not discussed in the paper. 

[Snip balance of Context]