|Subject:||Re: [Taler] Fault attacks on RSA in libgcrypt|
|Date:||Mon, 7 Nov 2016 16:17:20 +0000|
On 08/22/2016 07:42 PM, Jeff Burdges wrote:
I implemented the protection against fault attacks recommended in
"Making RSA-PSS Provably Secure Against Non-Random Faults" by Gilles
Barthe, François Dupressoir, Pierre-Alain Fouque, Benjamin Grégoire,
Mehdi Tibouchi and Jean-Christophe Zapalowicz.
It worries that a targeted fault attack could subvert the conditional
currently used to protect against fault attacks.
Their fault model seems to assume a Harvard architecture, where it is conceivable that powerful attacks targeting data are available, but no such attacks exist for code. Most current systems have a unified memory subsystem which provides pages for both code and data, so this assumption does not seem very realistic. This means that their security proof does not apply to current systems.
Gcrypt-devel mailing list
|[Prev in Thread]||Current Thread||[Next in Thread]|