Michael Tunstall (2007) Secure Cryptographic Algorithm Implementation on Embedded Platforms.
Full text access: Open
Sensitive systems that are based on smart cards use well-studied and well-developed cryptosystems. Generally these cryptosystems have been subject to rigorous mathematical analysis in an effort to uncover cryptographic weaknesses in the system. The cryptosystems used in smart cards are, therefore, not usually vulnerable to these types of attacks. Since smart cards are small objects that can be easily placed in an environment where physical vulnerabilities can be exploited, adversaries have turned to different avenues of attack. This thesis describes the current state-of-the-art in side channel and fault analysis against smart cards, and the countermeasures necessary to provide a secure implementation. Both attack techniques need to be taken into consideration when implementing cryptographic algorithms in smart cards. In the domain of side-channel analysis a new application of using cache accesses to attack an implementation of AES by observing the power consumption is described, including an unpublished extension. Several new fault attacks are proposed based on finding collisions between a correct and a fault-induced execution of a secure secret algorithm. Other new fault attacks include reducing the number of rounds of an algorithm to make a differential cryptanalysis trivial, and fixing portions of the random value used in DSA to allow key recovery. Countermeasures are proposed for all the attacks described. The use of random delays, a simple countermeasure, is improved to render it more secure and less costly to implement. Several new countermeasures are proposed to counteract the particular fault attacks proposed in this thesis. A new method of calculating a modular exponentiation that is secure against side channel analysis is described, based on ideas which have been proposed previously or are known within the smart card industry. A novel method for protecting RSA against fault attacks is also proposed based on securing the underlying Montgomery multiplication. The majority of the fault attacks detailed have been implemented against actual chips to demonstrate the feasibility of these attacks. Details of these experiments are given in appendices. The experiments conducted to optimise the performance of random delays are also described in an appendix.
This is a Published version This version's date is: 29/05/2007 This item is peer reviewed
https://repository.royalholloway.ac.uk/items/6009fd5f-cbc2-7487-4ac9-73a34445bebd/1/
Deposited by () on 28-Jun-2010 in Royal Holloway Research Online.Last modified on 14-Dec-2010
[1] L. Adams, E. J. Daly, R. Harboe-Sorensen, R. Nickson, J. Haines, W. Schafer,M. Conrad, H. Griech, J. Merkel, T. Schwall, and R. Henneck, A verifiedproton induced latchup in space, IEEE Transactions on Nuclear Science 39(1992), 1804–1808.
[2] M.-L. Akkar and C. Giraud, An implementation of DES and AES secureagainst some attacks, Cryptogaphic Hardware and Embedded Systems —CHES 2001 (C. K. Ko¸c, D. Naccache, and C. Paar, eds.), Lecture Notes inComputer Science, vol. 2162, Springer-Verlag, 2001, pp. 309–318.
[3] American National Standards Institute, Financial institution key management(wholesale), April 1985.
[4] F. Amiel, C. Clavier, and M. Tunstall, Collision fault analysis of DPAresistantalgorithms, Fault Diagnosis and Tolerance in Cryptography 2006— FDTC 06 (L. Breveglieri, I. Koren, D. Naccache, and J.-P. Seifert, eds.),Lecture Notes in Computer Science, vol. 4236, Springer-Verlag, 2006, pp. 223–236.
[5] R. Anderson and M. Kuhn, Tamper resistance — a cautionary note, Proceedingsof the Second USENIX Workshop of Electronic Commerce, 1996,pp. 1–11.
[6] , Low cost attacks on tamper resistant devices, Security Protocols(B. Christianson, B. Crispo, T. M. A. Lomas, and M. Roe, eds.), LectureNotes in Computer Science, vol. 1361, Springer-Verlag, 1997, pp. 125–136.
[7] Anonymous, Season 2 interface, http://www.maxking.co.uk/.
[8] C. Aum¨uller, P. Bier, P. Hofreiter, W. Fischer, and J.-P. Seifert, Fault attackson RSA with CRT: Concrete results and practical countermeasures, CryptographicHardware and Embedded Systems — CHES 2002 (B. S. Kaliski,C. K. Ko¸c, and C. Paar, eds.), Lecture Notes in Computer Science, vol. 2523,Springer-Verlag, 2002, pp. 260–275.
[9] F. Bao, R. H. Deng, Y. Han, A. Jeng, A. D. Narasimhalu, and T. Ngair,Breaking public key cryptosystems on tamper resistant devices in the presenceof transient faults, Security Protocols (B. Christianson, B. Crispo, T. M. A.Lomas, and M. Roe, eds.), Lecture Notes in Computer Science, vol. 1361,Springer-Verlag, 1997, pp. 115–124.
[10] H. Bar-El, H. Choukri, D. Naccache, M. Tunstall, and C. Whelan, The sorcerer’sapprentice guide to fault attacks, Workshop on Fault Diagnosis an Tolerancein Cryptography, in association with DSN 2004 – The InternationalConference on Dependable Systems and Networks, June 2004.
[11] , The sorcerers apprentice guide to fault attacks, Proceedings of theIEEE 94 (2006), no. 2, 370–382.
[12] O. Benoit and M. Tunstall, Efficient use of random delays, Cryptology ePrintArchive, Report 2006/272, 2006, http://eprint.iacr.org/.
[13] G. Berger, G. Ryckewaert, R. Harboe-Sorensen, and L. Adams, The heavyion irradiation facility at CYCLONE — a dedicated SEE beam line, IEEERadiation Effects Data Workshop (1996), 78–83.
[14] D. J. Bernstein, Cache timing attacks on AES, 2005,http://cr.yp.to/antiforgery/cachetiming-20050414.pdf.
[15] G. Bertoni, V. Zaccaria, L. Breveglieri, M. Monchiero, and G. Palermo, AESpower attack based on induced cache miss and countermeasures, InternationalSymposium on Information Technology: Coding and Computing — ITCC2005, IEEE Computer Society, 2005, pp. 586–591.
[16] E. Biham and A. Shamir, Differential cryptanalysis of DES-like cryptosystems,Advances in Cryptology — CRYPTO ’90 (A. Menezes and S. Vanstone, eds.),Lecture Notes in Computer Science, vol. 537, Springer-Verlag, 1991, pp. 2–21.
[17] , Differential cryptanalysis of DES-like cryptosystems., Journal ofCryptology 4 (1991), no. 1, 3–72.
[18] , Differential fault analysis of secret key cryptosystems, Advances inCryptology — CRYPTO ’97 (B. S. Kaliski, ed.), Lecture Notes in ComputerScience, vol. 1294, Springer-Verlag, 1997, pp. 513–525.
[19] J. Bl¨omer and V. Krummel, Fault based collision attacks on AES, Fault Diagnosisand Tolerance in Cryptography — FDTC 2006 (L. Breveglieri, I. Koren,D. Naccache, and J.-P. Seifert, eds.), Lecture Notes in Computer Science, vol.4236, Springer-Verlag, 2006, pp. 106–120.
[20] J. Bl¨omer, M. Otto, and J.-P. Seifert, A new RSA-CRT algorithm secureagainst bellcore attacks, ACM Conference on Computer and CommunicationsSecurity—CCS ’03 (S. Jajodia, V. Atluri, and T. Jaeger, eds.), 2003, pp. 311–320.
[21] , Wagners attack on a secure CRT-RSA algorithm reconsidered, FaultDiagnosis and Tolerance in Cryptography 2006 — FDTC 06 (L. Breveglieri,I. Koren, D. Naccache, and J.-P. Seifert, eds.), Lecture Notes in ComputerScience, vol. 4236, Springer-Verlag, 2006, pp. 13–23.
[22] J. Bl¨omer and J.-P. Seifert, Fault based cryptanalysis of the advanced encryptionstandard (AES), Financial Cryptography — FC 2003 (R. N. Wright, ed.),Lecture Notes in Computer Science, vol. 2742, Springer-Verlag, 2003, pp. 162–181.
[23] D. Boneh, R. A. DeMillo, and R. J. Lipton, On the importance of checkingcomputations, Advances in Cryptology — EUROCRYPT ’97 (W. Fumy, ed.),Lecture Notes in Computer Science, vol. 1233, Springer-Verlag, 1997, pp. 37–51.
[24] D. Boneh and R. Venkatesan, Hardness of computing the most significant bitsof secret keys in diffie-hellman and related schemes, Advances in Cryptology— CRYPTO ’96 (N. Koblitz, ed.), Lecture Notes in Computer Science, vol.1109, Springer-Verlag, 1996, pp. 126–142.
[25] E. Brier, B. Chevallier-Mames, M. Ciet, and C. Clavier, Why one shouldalso secure RSA public key elements, Cryptographic Hardware and EmbeddedSystems — CHES 2006 (L. Goubin and M. Matsui, eds.), Lecture Notes inComputer Science, vol. 4249, Springer-Verlag, 2006, pp. 324–338.
[26] E. Brier, C. Clavier, and F. Olivier, Correlation power analysis with a leakagemodel, Cryptographic Hardware and Embedded Systems — CHES 2004(M. Joye and J.-J. Quisquater, eds.), Lecture Notes in Computer Science, vol.3156, Springer-Verlag, 2004, pp. 16–29.
[27] P. Cazenave, P. Fouillat, X. Montagner, H. Barnaby, R. D. Schrimpf,L. Bonora, J. P. David, A. Touboul, M.-C. Calvet, and P. Calvel, Total doseeffects on gate controlled lateral pnp bipolar junction transistors, IEEE Transactionson Nuclear Science 45 (1998), 2577–2583.
[28] S. Chari, C. S. Jutla, J. R. Rao, and P. Rohatgi, Towards approaches tocounteract power-analysis attacks, Advances in Cryptology — CRYPTO ’99(M. Wiener, ed.), Lecture Notes in Computer Science, vol. 1666, Springer-Verlag, 1999, pp. 398–412.
[29] C.-N. Chen and S.-M. Yen, Differential fault analysis on AES key scheduleand some countermeasures, Australasian Conference on Information Securityand Privacy — ACISP 2003 (G. Goos, J. Hartmanis, and J. van Leeuwen,eds.), Lecture Notes in Computer Science, vol. 2727, Springer-Verlag, 2003,pp. 118–129.
[30] B. Chevallier-Mames, M. Ciet, and M. Joye, Low-cost solutions for preventingsimple side-channel analysis: Side-channel atomicity, IEEE Transactions onComputers 53 (2004), no. 6, 760–768.
[31] H. Choukri and M. Tunstall, Round reduction using faults, Workshop on FaultDiagnosis and Tolerance in Cryptography 2005 — FDTC 05 (L. Breveglieriand I. Koren, eds.), 2005, pp. 13–24.
[32] M. Ciet and M. Joye, Practical fault countermeasures for chinese remainderingbased RSA,Workshop on Fault Diagnosis and Tolerance in Cryptography 2005— FDTC 2005 (L. Breveglieri and I. Koren, eds.), 2005, pp. 124–131.
[33] C. Clavier, Private communication, 2005.
[34] C. Clavier, J.-S. Coron, and N. Dabbous, Differential power analysis in thepresence of hardware countermeasures, Cryptographic Hardware and EmbeddedSystems — CHES 2000 (C. K. Ko¸c and C. Paar, eds.), Lecture Notes inComputer Science, vol. 1965, Springer-Verlag, 2000, pp. 252–263.
[35] J.-S. Coron, Resistance against differential power analysis for elliptic curvecryptosystems, Cryptographic Hardware and Embedded Systems — CHES 99(C. K. Ko¸c and C. Paar, eds.), Lecture Notes in Computer Science, vol. 1717,Springer-Verlag, 1999, pp. 292–302.
[36] P. Dusart, G. Letourneux, and O. Vivolo, Differential fault analysis onA.E.S., Applied Cryptography and Network Security — ACNS 2003 (J. Zhou,M. Yung, and Y. Han, eds.), Lecture Notes in Computer Science, vol. 2846,Springer-Verlag, 2003, pp. 293–306.
[37] P. Fouillat, Contribution `a l’´etude de l’interaction entre un faisceau laser etun milieu semiconducteur, applications `a l’´etude du latchup et `a l’analysed’´etats logiques dans les circuits int´egr´es en technologie CMOS, Ph.D. thesis,University of Bordeaux, 1990.
[38] J. Fournier and M. Tunstall, Cache based power analysis attacks on AES,Australasian Conference on Information Security and Privacy — ACISP 2006(L. M. Batten and R. Safavi-Naini, eds.), Lecture Notes in Computer Science,vol. 4058, Springer-Verlag, 2006, pp. 17–28.
[39] K. Gandolfi, C. Mourtel, and F. Olivier, Electromagnetic analysis: Concreteresults, Cryptographic Hardware and Embedded Systems — CHES 2001(C. K. Ko¸c, D. Naccache, and C. Paar, eds.), Lecture Notes in Computer Science,vol. 2162, Springer-Verlag, 2001, pp. 251–261.
[40] C. Giraud, DFA on AES, International Conference Advanced EncryptionStandard — AES 2004 (H. Dobbertin, V. Rijmen, and A. Sowa, eds.), LectureNotes in Computer Science, vol. 3373, Springer-Verlag, 2004, pp. 27–41.
[41] C. Giraud and E. W. Knudsen, Fault attacks on signature schemes, AustralasianConference on Information Security and Privacy — ACISP 2004(H. Wang, J. Pieprzyk, and V. Varadharajan, eds.), Lecture Notes in ComputerScience, vol. 3108, Springer-Verlag, 2004, pp. 478–491.
[42] C. Giraud and H. Thiebeauld, A survey on fault attacks, Smart Card Researchand Advanced Applications VI — 18th IFIPWorld Computer Congress(Y. Deswarte and A. A. El Kalam, eds.), Kluwer Academic, 2004, pp. 159–176.
[43] Global Platfom, Global platform card specification, version 2.1, 2001.
[44] S. Govindavajhala and A. W. Appel, Using memory errors to attack a virtualmachine, IEEE Symposium on Security and Privacy 2003, 2003, pp. 154–165.
[45] D. H. Habing, The use of lasers to simulate radiation-induced transients insemiconductor devices and circuits, IEEE Transactions On Nuclear Science39 (1992), 1647–1653.
[46] G. Hachez and J.-J. Quisquater, Montgomery exponentiation with no final subtractions:Improved results, Cryptographic Hardware and Embedded Systems— CHES 2000 (C. K. Ko¸c and C. Paar, eds.), Lecture Notes in ComputerScience, vol. 1965, Springer-Verlag, 2000, pp. 293–301.
[47] Y. Han, A. Jeng, A. D. Narasimhalu, F. Bao, R. H. Deng, and T. Nagir,Breaking public key cryptosystems on tamper resistant devices in the presenceof faults, International Workshop Security Protocols (M. Lomas, B. Christianson,and B. Crispo, eds.), Lecture Notes in Computer Science, vol. 1361,Springer-Verlag, 1998, pp. 115–124.
[48] L. Hemme, A differential fault attack against early rounds of (triple-)DES.,Cryptographic Hardware and Embedded Systems — CHES 2004 (M. Joyeand J.-J. Quisquater, eds.), Lecture Notes in Computer Science, vol. 3156,Springer-Verlag, 2004, pp. 254–267.
[49] J. L. Hennessy and D. A. Patterson, Computer architecture: A quantitativeapproach, Morgan Kaufmann, 2003.
[50] N. A. Howgrave-Graham and N. P. Smart, Lattice attacks on digital signatureschemes, Design, Codes and Cryptography 23 (2001), 283–290.
[51] Infineon Technologies AG Secure and Mobile Solutions Security Group, Security& chip cards ICs SLE88CX4000P, preliminary short product information04.03, 2003.
[52] International Organization for Standardization, ISO/IEC 7816–3 informationtechnology – identification cards – integrated circuit(s) cards with contacts –part 3: Electronic signals and transmission protocols, 1997.
[53] International Organization for Standardization, ISO/IEC 7816–1 identificationcards – integrated circuit(s) cards with contacts – part 1: Physical characteristics,1998.
[54] International Organization for Standardization, ISO/IEC 7816–2 identificationcards – integrated circuit cards – part 2: Cards with contacts – dimensionsand location of the contacts, 1999.
[55] M. Joye and F. Olivier, Side-channel attacks, Encyclopedia of Cryptographyand Security (H. van Tilborg, ed.), Kluwer Academic Publishers, 2005,pp. 571–576.
[56] M. Joye, J.-J. Quisquater, F. Bao, and R. H. Deng, RSA-type signatures inthe presense of transient faults, Cryptography and Coding (M. Darnell, ed.),Lecture Notes in Computer Science, vol. 1355, Springer-Verlag, 1997, pp. 155–160.
[57] M. Joye and S.-M. Yen, Checking before output may not be enough againstfault based cryptanalysis, IEEE Transactions on Computers 49 (2000), no. 9,967–970.
[58] D. Knuth, The art of computer programming, third ed., vol. 2, SeminumericalAlgorithms, Addison–Wesley, 2001.
[59] C. K. Ko¸c, Analysis of sliding window techniques for exponentiation, Computersand Mathematics with Applications 30 (1995), no. 10, 17–24.
[60] P. Kocher, Timing attacks on implementations of Diffie-Hellman, RSA, DSS,and other systems, Advances in Cryptology — CRYPTO ’96 (N. Koblitz,ed.), Lecture Notes in Computer Science, vol. 1109, Springer-Verlag, 1996,pp. 104–113.
[61] P. Kocher, J. Jaffe, and B. Jun, Differential power analysis, Advances inCryptology — CRYPTO ’99 (M. J. Wiener, ed.), Lecture Notes in ComputerScience, vol. 1666, Springer-Verlag, 1999, pp. 388–397.
[62] R. Koga and W. A. Kolasinski, Heavy ion induced snapback in CMOS devices,IEEE Transactions on Nuclear Science 36 (1989), 2367–2374.
[63] R. Koga, M. D. Looper, S. D. Pinkerton, W. J. Stapor, and P. T. McDonald,Low dose rate proton irradiation of quartz crystal resonators, IEEE Transactionson Nuclear Science 43 (1996), 3174–3181.
[64] O. Kommerling and M. Kuhn, Design principles for tamper resistant smartcardprocessors, USENIXWorkshop on Smartcard Technology, 1999, pp. 9–20.
[65] S. Kuboyama, S. Matsuda, T. Kanno, and T. Ishii, Mechanism for singleeventburnout of power MOSFETs and its characterization technique, IEEETransactions On Nuclear Science 39 (1992), 1698–1703.
[66] T. May and M. Woods, A new physical mechanism for soft erros in dynamicmemories, In 16th International Reliability Physics Symposium, 1978.
[67] A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of applied cryptography,CRC Press, 1997.
[68] T. S. Messerges, Using second-order power analysis to attack DPA resistantsoftware, Cryptographic Hardware and Embedded Systems — CHES 2000(C¸ . K. Ko¸c and C. Paar, eds.), Lecture Notes in Computer Science, vol. 1965,Springer-Verlag, 2000, pp. 71–77.
[69] T. S. Messerges, E. A. Dabbish, and R. H. Sloan, Investigations of poweranalysis attacks on smartcards, USENIX Workshop on Smartcard Technology,1998, pp. 151–161.
[70] , Power analysis attacks of modular exponentiation in smartcards,Cryptogaphic Hardware and Embedded Systems — CHES ’99 (C¸ . K. Ko¸cand C. Paar, eds.), Lecture Notes in Computer Science, vol. 1717, Springer-Verlag, 1999, pp. 144–157.
[71] MIPS-Technologies, SmartMIPS ASE, http://www.mips.com/content/Products/.
[72] MIPSTMarchitecture for programmers volume I: Introduction to theMIPS32TMarchitecture, Technical Report MD00082, Revision 0.95, March2001.
[73] P. Montgomery, Modular multiplication without trial division, Mathematics ofComputation 44 (1985), 519–521.
[74] J. Muir, Seiferts RSA fault attack: Simplified analysis and generalizations,Cryptology ePrint Archive, Report 2005/458, 2005, http://eprint.iacr.org/.
[75] M. Murdocca and V. P. Heuring, Principles of computer architecture, Addison-Wesley, 2000.
[76] D. Naccache, P. Q. Nguyen, M. Tunstall, and C. Whelan, Experimenting withfaults, lattices and the DSA, Public Key Cryptography — PKC 2005 (S. Vaudenay,ed.), Lecture Notes in Computer Science, vol. 3386, Springer-Verlag,2005, pp. 16–28.
[77] D. Naccache, M. Tunstall, and C. Whelan, Computational improvements todifferential side channel attacks, NATO Security through Science Series D:Information and Communication Security, vol. 2, IOS Press, 2006, pp. 26–35.
[78] National Institute of Standards and Technology, Data encryption standard(DES) (FIPS–46-3), 1999.
[79] National Institute of Standards and Technology, Advanced encryption standard(AES) (FIPS–197), 2001.
[80] National Institute of Standards and Technology, Security requirements forcryptographic modules (FIPS–140-2), 2002.
[81] K. Nguyen and M. Tunstall, Montgomery multiplication with redundancycheck, 2006.
[82] P. Q. Nguyen and I. E. Shparlinski, The insecurity of the digital signaturealgorithm with partially known nonces, Journal of Cryptology 15 (2002), no. 3,151–176.
[83] National Institute of Standards and Technology, Digital signature standard(DSS) (FIPS–186-2), 2000.
[84] T. J. O’Gorman, The effect of cosmic rays on soft error rate of a DRAM atground level, IEEE Transactions On Electronics Devices 41 (1994), 553–557.
[85] D. A. Osvik, A. Shamir, and E. Tromer, Cache attacks and countermeasures:the case of AES, Topics in Cryptology — CT-RSA 2006 (D. Pointcheval, ed.),Lecture Notes in Computer Science, vol. 3860, Springer-Verlag, 2006, pp. 1–20.
[86] E. Oswald, S. Mangard, C. Herbst, and S. Tillich, Practical second-order DPAattacks for masked smart card implementations of block ciphers, Topics inCryptology—CT-RSA 2006 (D. Pointcheval, ed.), Lecture Notes in ComputerScience, vol. 3860, Springer-Verlag, 2006, pp. 192–207.
[87] D. Page, Theoretical use of cache memory as a cryptanalytic side–channel,Cryptology ePrint Archive, Report 2002/169, 2002, http://eprint.iacr.org/.
[88] J. C. Pickel and J. T. Blandford Jr., Cosmic ray induced errors in MOSmemory circuits, IEEE Transactions On Nuclear Science 25 (1978), 1166–1171.
[89] G. Piret and J.-J. Quisquater, A differential fault attack technique againstSPN structure, with application to the AES and KHAZAD, CryptographicHardware and Embedded Systems — CHES 2003 (C. D. Walter, C¸ . K. Ko¸c,and C. Paar, eds.), Lecture Notes in Computer Science, vol. 2779, Springer-Verlag, 2003, pp. 77–88.
[90] V. Pouget, Simulation exp´erimentale par impulsions laser ultra-courtes des effetsdes radiations ionisantes sur les circuits int´egr´es, Ph.D. thesis, Universityof Bordeaux, 2000.
[91] W. Rankl and W. Effing, Smart card handbook, Wiley, 2003.
[92] J. R. Rao, P. Rohatgi, H. Scherzer, and S. Tinguely, Partitioning attacks:or how to rapidly clone some GSM cards, IEEE Symposium on Security andPrivacy, 2002, pp. 31–41.
[93] B. G. Rax, C. I. Lee, A. H. Johnston, and C. E. Barnes, Total dose andproton damage in optocouplers, IEEE Transactions on Nuclear Science 43(1996), 3167–3173.
[94] R. Rivest, A. Shamir, and L. M. Adleman, Method for obtaining digital signaturesand public-key cryptosystems, Communications of the ACM 21 (1978),no. 2, 120–126.
[95] D. Samyde, S. P. Skorobogatov, R. J. Anderson, and J.-J. Quisquater, On anew way to read data from memory, Proceedings of the First InternationalIEEE Security in Storage Workshop, 2002, pp. 65–69.
[96] C. P. Schnorr and M. Euchner, Lattice basis reduction: improved practicalalgorithms and solving subset sum problems, Math. Programming 66 (1994),181–199.
[97] J.-P. Seifert, On authenticated computing and RSA-based authentication, ACMConference on Computer and Communications Security – CCS 2005, 2005,pp. 122–127.
[98] A. Shamir, Method and apparatus for protecting public key schemes from timingand fault attacks, U.S. Patent Number 5,991,415, 1997, Also presented atthe rump session of EUROCRYPT ’97.
[99] V. Shoup, Number theory C++ library (NTL), http://www.shoup.net/ntl/.
[100] S. Skorobogatov and R. Anderson, Optical fault induction attacks, CryptographicHardware and Embedded Systems — CHES 2002 (B. S. Kaliski, C¸ .K. Ko¸c, and C. Paar, eds.), Lecture Notes in Computer Science, vol. 2523,Springer-Verlag, 2002, pp. 2–12.
[101] E. G. Stassinopoulos, G. J. Brucker, P. Calvel, A. Baiget, C. Peyrotte, andR. Gaillard, Charge generation by heavy ions in power MOSFETs, burnoutspace predictions and dynamic SEB sensitivity, IEEE Transactions On NuclearScience 39 (1992), 1794–1711.
[102] Sun Microsystems, Java card 2.2.1 virtual machine specification, 2003.
[103] TechnoData Interware, Matrix software protection system, http://www.matrixlock.de/english/e_allgem.htm.
[104] Y. Tsunoo, T. Saito, T. Suzaki, M. Shigeri, and H. Miyauchi, Cryptanalysisof DES implemented on computers with cache, Cryptographic Hardware andEmbedded Systems — CHES 2003 (C. D. Walter, C¸ . K. Ko¸c, and C. Paar,eds.), Lecture Notes in Computer Science, vol. 2779, Springer-Verlag, 2003,pp. 62–76.
[105] K. Villegas, Private communication, 2006.
[106] D. Wagner, Cryptanalysis of a provable secure CRT-RSA algorithm, ACMConference on Computer and Communications Security — CCS ’04 (B. Pfitzmannand P. Liu, eds.), 2004, pp. 82–91.
[107] C. D. Walter, Montgomery exponentiation needs no final subtractions, ElectronicLetters 35 (1999), no. 21, 1831–1832.
[108] , Montgomery’s multiplication technique: How to make it smaller andfaster, Cryptogaphic Hardware and Embedded Systems — CHES ’99 (C¸ .K. Ko¸c and C. Paar, eds.), Lecture Notes in Computer Science, vol. 1717,Springer-Verlag, 1999, pp. 80–93.
[109] , Data integrity in hardware for modular arithmetic, CryptographicHardware and Embedded Systems — CHES 2000 (C¸ . K. Ko¸c and C. Paar,eds.), Lecture Notes in Computer Science, vol. 1965, Springer-Verlag, 2000,pp. 204–215.
[110] S.-M. Yen and D. Kim, Cryptanalysis of two protocols for RSA with CRT basedon fault infection,Workshop on Fault Diagnosis an Tolerance in Cryptography,in association with DSN 2004 — The International Conference on DependableSystems and Networks, June 2004.
[111] S.-M. Yen, S. Kim, S. Lim, and S.-J. Moon, RSA speedup with residue numbersystem immune against hardware fault cryptanalysis, Information Security andCryptology — ICISC 2001 (K. Kim, ed.), Lecture Notes in Computer Science,vol. 2288, Springer-Verlag, 2001, pp. 397–413.
[112] J. Ziegler, Effect of cosmic rays on computer memories, Science 206 (1979),776–788.