Issue No.09 - September (2000 vol.49)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/12.869328
<p><b>Abstract</b>—In order to avoid fault-based attacks on cryptographic security modules (e.g., smart-cards), some authors suggest that the computation results should be checked for faults before being transmitted. In this paper, we describe a potential fault-based attack where key bits leak only through the information whether the device produces a correct answer after a temporary fault or not. This information is available to the adversary even if a check is performed before output.</p>
Cryptography, exponentiation, fault-based cryptanalysis, tamper resistance, interleaved modular multiplication.
Sung-Ming Yen, Marc Joye, "Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis", IEEE Transactions on Computers, vol.49, no. 9, pp. 967-970, September 2000, doi:10.1109/12.869328