{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T04:51:38Z","timestamp":1755838298447,"version":"3.40.3"},"publisher-location":"Berlin, Heidelberg","reference-count":40,"publisher":"Springer Berlin Heidelberg","isbn-type":[{"type":"print","value":"9783642363610"},{"type":"electronic","value":"9783642363627"}],"license":[{"start":{"date-parts":[[2013,1,1]],"date-time":"2013-01-01T00:00:00Z","timestamp":1356998400000},"content-version":"tdm","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"},{"start":{"date-parts":[[2013,1,1]],"date-time":"2013-01-01T00:00:00Z","timestamp":1356998400000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":["link.springer.com"],"crossmark-restriction":false},"short-container-title":[],"published-print":{"date-parts":[[2013]]},"DOI":"10.1007\/978-3-642-36362-7_13","type":"book-chapter","created":{"date-parts":[[2013,2,4]],"date-time":"2013-02-04T13:35:17Z","timestamp":1359984917000},"page":"198-215","update-policy":"https:\/\/doi.org\/10.1007\/springer_crossmark_policy","source":"Crossref","is-referenced-by-count":4,"title":["Combined Attack on CRT-RSA"],"prefix":"10.1007","author":[{"given":"Guillaume","family":"Barbu","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Alberto","family":"Battistello","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Guillaume","family":"Dabosville","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Christophe","family":"Giraud","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Gu\u00e9na\u00ebl","family":"Renault","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Soline","family":"Renner","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Rina","family":"Zeitoun","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","reference":[{"key":"13_CR1","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"104","DOI":"10.1007\/3-540-68697-5_9","volume-title":"Advances in Cryptology - CRYPTO \u201996","author":"P.C. Kocher","year":"1996","unstructured":"Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol.\u00a01109, pp. 104\u2013113. Springer, Heidelberg (1996)"},{"key":"13_CR2","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"388","DOI":"10.1007\/3-540-48405-1_25","volume-title":"Advances in Cryptology - CRYPTO \u201999","author":"P.C. Kocher","year":"1999","unstructured":"Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol.\u00a01666, pp. 388\u2013397. Springer, Heidelberg (1999)"},{"key":"13_CR3","unstructured":"Quisquater, J.J., Samyde, D.: A New Tool for Non-intrusive Analysis of Smart Cards Based on Electro-magnetic Emissions, the SEMA and DEMA Methods. Presented at EUROCRYPT 2000 Rump Session (2000)"},{"key":"13_CR4","unstructured":"Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks \u2013 Revealing the Secrets of Smartcards. Springer (2007)"},{"key":"13_CR5","doi-asserted-by":"crossref","unstructured":"Giraud, C., Thiebeauld, H.: A Survey on Fault Attacks. In: CARDIS 2004, pp. 159\u2013176. Kluwer Academic Publishers (2004)","DOI":"10.1007\/1-4020-8147-2_11"},{"key":"13_CR6","unstructured":"Bellcore: New Threat Model Breaks Crypto Codes. Press Release (1996)"},{"key":"13_CR7","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"513","DOI":"10.1007\/BFb0052259","volume-title":"Advances in Cryptology - CRYPTO \u201997","author":"E. Biham","year":"1997","unstructured":"Biham, E., Shamir, A.: Differential Fault Analysis of Secret Key Cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol.\u00a01294, pp. 513\u2013525. Springer, Heidelberg (1997)"},{"key":"13_CR8","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"115","DOI":"10.1007\/BFb0028164","volume-title":"Security Protocols","author":"F. Bao","year":"1998","unstructured":"Bao, F., Deng, R.H., Han, Y., Jeng, A., Narasimhalu, A.D., Ngair, T.: Breaking Public Key Cryptosystems an Tamper Resistance Devices in the Presence of Transient Fault. In: Christianson, B., Crispo, B., Lomas, M., Roe, M. (eds.) Security Protocols 1997. LNCS, vol.\u00a01361, pp. 115\u2013124. Springer, Heidelberg (1998)"},{"key":"13_CR9","doi-asserted-by":"crossref","unstructured":"Joye, M., Tunstall, M.: Fault Analysis in Cryptography. Information Security and Cryptography. Springer (2012)","DOI":"10.1007\/978-3-642-29656-7"},{"key":"13_CR10","doi-asserted-by":"crossref","unstructured":"Amiel, F., Feix, B., Marcel, L., Villegas, K.: Passive and Active Combined Attacks \u2013 Combining Fault Attacks and Side Channel Analysis. In: FDTC 2007, pp. 92\u201399. IEEE Computer Society (2007)","DOI":"10.1109\/FDTC.2007.4318989"},{"key":"13_CR11","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"143","DOI":"10.1007\/978-3-642-23951-9_10","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2011","author":"J. Fan","year":"2011","unstructured":"Fan, J., Gierlichs, B., Vercauteren, F.: To Infinity and Beyond: Combined Attack on ECC Using Points of Low Order. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol.\u00a06917, pp. 143\u2013159. Springer, Heidelberg (2011)"},{"key":"13_CR12","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"65","DOI":"10.1007\/978-3-642-27257-8_5","volume-title":"Smart Card Research and Advanced Applications","author":"T. Roche","year":"2011","unstructured":"Roche, T., Lomn\u00e9, V., Khalfallah, K.: Combined Fault and Side-Channel Attack on Protected Implementations of AES. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol.\u00a07079, pp. 65\u201383. Springer, Heidelberg (2011)"},{"key":"13_CR13","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"413","DOI":"10.1007\/978-3-540-74735-2_28","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2007","author":"B. Robisson","year":"2007","unstructured":"Robisson, B., Manet, P.: Differential Behavioral Analysis. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol.\u00a04727, pp. 413\u2013426. Springer, Heidelberg (2007)"},{"key":"13_CR14","doi-asserted-by":"publisher","first-page":"120","DOI":"10.1145\/359340.359342","volume":"21","author":"R. Rivest","year":"1978","unstructured":"Rivest, R., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM\u00a021, 120\u2013126 (1978)","journal-title":"Communications of the ACM"},{"key":"13_CR15","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"155","DOI":"10.1007\/3-540-68339-9_14","volume-title":"Advances in Cryptology - EUROCRYPT \u201996","author":"D. Coppersmith","year":"1996","unstructured":"Coppersmith, D.: Finding a Small Root of a Univariate Modular Equation. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol.\u00a01070, pp. 155\u2013165. Springer, Heidelberg (1996)"},{"key":"13_CR16","doi-asserted-by":"publisher","first-page":"233","DOI":"10.1007\/s001459900030","volume":"10","author":"D. Coppersmith","year":"1997","unstructured":"Coppersmith, D.: Small Solutions to Polynomial Equations, and Low Exponent RSA Vulnerabilities. Journal of Cryptology\u00a010, 233\u2013260 (1997)","journal-title":"Journal of Cryptology"},{"key":"13_CR17","doi-asserted-by":"publisher","first-page":"905","DOI":"10.1049\/el:19820617","volume":"18","author":"C. Couvreur","year":"1982","unstructured":"Couvreur, C., Quisquater, J.J.: Fast Decipherment Algorithm for RSA Public-Key Cryptosystem. Electronics Letters\u00a018, 905\u2013907 (1982)","journal-title":"Electronics Letters"},{"key":"13_CR18","doi-asserted-by":"publisher","first-page":"140","DOI":"10.1109\/TEC.1959.5219515","volume":"8","author":"H. Garner","year":"1959","unstructured":"Garner, H.: The Residue Number System. IRE Transactions on Electronic Computers\u00a08, 140\u2013147 (1959)","journal-title":"IRE Transactions on Electronic Computers"},{"key":"13_CR19","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"291","DOI":"10.1007\/3-540-36400-5_22","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2002","author":"M. Joye","year":"2003","unstructured":"Joye, M., Yen, S.M.: The Montgomery Powering Ladder. In: Kaliski Jr., B.S., Ko\u00e7, \u00c7.K., Paar, C. (eds.) CHES 2002. LNCS, vol.\u00a02523, pp. 291\u2013302. Springer, Heidelberg (2003)"},{"key":"13_CR20","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"40","DOI":"10.1007\/978-3-642-25578-6_5","volume-title":"Progress in Cryptology \u2013 INDOCRYPT 2011","author":"C. Clavier","year":"2011","unstructured":"Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Square Always Exponentiation. In: Bernstein, D.J., Chatterjee, S. (eds.) INDOCRYPT 2011. LNCS, vol.\u00a07107, pp. 40\u201357. Springer, Heidelberg (2011)"},{"key":"13_CR21","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"16","DOI":"10.1007\/978-3-540-28632-5_2","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2004","author":"E. Brier","year":"2004","unstructured":"Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol.\u00a03156, pp. 16\u201329. Springer, Heidelberg (2004)"},{"key":"13_CR22","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"110","DOI":"10.1007\/978-3-540-77360-3_8","volume-title":"Selected Areas in Cryptography","author":"F. Amiel","year":"2007","unstructured":"Amiel, F., Feix, B., Villegas, K.: Power Analysis for Secret Recovering and Reverse Engineering of Public Key Algorithms. In: Adams, C., Miri, A., Wiener, M. (eds.) SAC 2007. LNCS, vol.\u00a04876, pp. 110\u2013125. Springer, Heidelberg (2007)"},{"key":"13_CR23","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"178","DOI":"10.1007\/3-540-68339-9_16","volume-title":"Advances in Cryptology - EUROCRYPT \u201996","author":"D. Coppersmith","year":"1996","unstructured":"Coppersmith, D.: Finding a Small Root of a Bivariate Integer Equation; Factoring with High Bits Known. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol.\u00a01070, pp. 178\u2013189. Springer, Heidelberg (1996)"},{"key":"13_CR24","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"37","DOI":"10.1007\/3-540-69053-0_4","volume-title":"Advances in Cryptology - EUROCRYPT \u201997","author":"D. Boneh","year":"1997","unstructured":"Boneh, D., DeMillo, R.A., Lipton, R.J.: On the Importance of Checking Cryptographic Protocols for Faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol.\u00a01233, pp. 37\u201351. Springer, Heidelberg (1997)"},{"key":"13_CR25","unstructured":"Lenstra, A.: Memo on RSA Signature Generation in the Presence of Faults. Manuscript (1996)"},{"key":"13_CR26","doi-asserted-by":"crossref","unstructured":"Bl\u00f6mer, J., Otto, M., Seifert, J.P.: A New RSA-CRT Algorithm Secure against Bellcore Attacks. In: CCS 2003 ACM Conference, pp. 311\u2013320. ACM Press (2003)","DOI":"10.1145\/948109.948151"},{"key":"13_CR27","doi-asserted-by":"publisher","first-page":"1116","DOI":"10.1109\/TC.2006.135","volume":"55","author":"C. Giraud","year":"2006","unstructured":"Giraud, C.: An RSA Implementation Resistant to Fault Attacks and to Simple Power Analysis. IEEE Transactions on Computers\u00a055, 1116\u20131120 (2006)","journal-title":"IEEE Transactions on Computers"},{"key":"13_CR28","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"130","DOI":"10.1007\/978-3-540-85053-3_9","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2008","author":"D. Vigilant","year":"2008","unstructured":"Vigilant, D.: RSA with CRT: A New Cost-Effective Solution to Thwart Fault Attacks. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol.\u00a05154, pp. 130\u2013145. Springer, Heidelberg (2008)"},{"key":"13_CR29","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"459","DOI":"10.1007\/978-3-642-00862-7_31","volume-title":"Topics in Cryptology \u2013 CT-RSA 2009","author":"M. Rivain","year":"2009","unstructured":"Rivain, M.: Securing RSA against Fault Analysis by Double Addition Chain Exponentiation. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol.\u00a05473, pp. 459\u2013480. Springer, Heidelberg (2009)"},{"key":"13_CR30","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"444","DOI":"10.1007\/978-3-642-04138-9_31","volume-title":"Cryptographic Hardware and Embedded Systems - CHES 2009","author":"J.-S. Coron","year":"2009","unstructured":"Coron, J.-S., Joux, A., Kizhvatov, I., Naccache, D., Paillier, P.: Fault Attacks on RSA Signatures with Partially Unknown Messages. In: Clavier, C., Gaj, K. (eds.) CHES 2009. LNCS, vol.\u00a05747, pp. 444\u2013456. Springer, Heidelberg (2009)"},{"key":"13_CR31","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"208","DOI":"10.1007\/978-3-642-11925-5_15","volume-title":"Topics in Cryptology - CT-RSA 2010","author":"J.-S. Coron","year":"2010","unstructured":"Coron, J.-S., Naccache, D., Tibouchi, M.: Fault Attacks Against emv Signatures. In: Pieprzyk, J. (ed.) CT-RSA 2010. LNCS, vol.\u00a05985, pp. 208\u2013220. Springer, Heidelberg (2010)"},{"key":"13_CR32","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"192","DOI":"10.1007\/978-3-642-23951-9_13","volume-title":"Cryptographic Hardware and Embedded Systems \u2013 CHES 2011","author":"\u00c9. Brier","year":"2011","unstructured":"Brier, \u00c9., Naccache, D., Nguyen, P.Q., Tibouchi, M.: Modulus Fault Attacks against RSA-CRT Signatures. In: Preneel, B., Takagi, T. (eds.) CHES 2011. LNCS, vol.\u00a06917, pp. 192\u2013206. Springer, Heidelberg (2011)"},{"key":"13_CR33","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"77","DOI":"10.1007\/978-3-642-19074-2_6","volume-title":"Topics in Cryptology \u2013 CT-RSA 2011","author":"M.F. Witteman","year":"2011","unstructured":"Witteman, M.F., van Woudenberg, J.G.J., Menarini, F.: Defeating RSA Multiply-Always and Message Blinding Countermeasures. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol.\u00a06558, pp. 77\u201388. Springer, Heidelberg (2011)"},{"key":"13_CR34","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"102","DOI":"10.1007\/978-3-642-27257-8_7","volume-title":"Smart Card Research and Advanced Applications","author":"V. Dupaquis","year":"2011","unstructured":"Dupaquis, V., Venelli, A.: Redundant Modular Reduction Algorithms. In: Prouff, E. (ed.) CARDIS 2011. LNCS, vol.\u00a07079, pp. 102\u2013114. Springer, Heidelberg (2011)"},{"key":"13_CR35","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"68","DOI":"10.1007\/978-3-642-03944-7_6","volume-title":"Information Security Theory and Practice. Smart Devices, Pervasive Systems, and Ubiquitous Networks","author":"E. Dottax","year":"2009","unstructured":"Dottax, E., Giraud, C., Rivain, M., Sierra, Y.: On Second-Order Fault Analysis Resistance for CRT-RSA Implementations. In: Markowitch, O., Bilas, A., Hoepman, J.-H., Mitchell, C.J., Quisquater, J.-J. (eds.) WISTP 2009. LNCS, vol.\u00a05746, pp. 68\u201383. Springer, Heidelberg (2009)"},{"key":"13_CR36","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"251","DOI":"10.1007\/11426639_15","volume-title":"Advances in Cryptology \u2013 EUROCRYPT 2005","author":"J. Bl\u00f6mer","year":"2005","unstructured":"Bl\u00f6mer, J., May, A.: A Tool Kit for Finding Small Roots of Bivariate Polynomials over the Integers. In: Cramer, R. (ed.) EUROCRYPT 2005. LNCS, vol.\u00a03494, pp. 251\u2013267. Springer, Heidelberg (2005)"},{"key":"13_CR37","doi-asserted-by":"publisher","first-page":"235","DOI":"10.1006\/jsco.1996.0125","volume":"24","author":"W. Bosma","year":"1997","unstructured":"Bosma, W., Cannon, J., Playoust, C.: The Magma algebra system. I. The user language. J. Symbolic Comput.\u00a024, 235\u2013265 (1997)","journal-title":"J. Symbolic Comput."},{"key":"13_CR38","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"crossref","first-page":"131","DOI":"10.1007\/BFb0024458","volume-title":"Cryptography and Coding","author":"N. Howgrave-Graham","year":"1997","unstructured":"Howgrave-Graham, N.: Finding Small Roots of Univariate Modular Equations Revisited. In: Darnell, M.J. (ed.) Cryptography and Coding 1997. LNCS, vol.\u00a01355, pp. 131\u2013142. Springer, Heidelberg (1997)"},{"key":"13_CR39","series-title":"Lecture Notes in Computer Science","doi-asserted-by":"publisher","first-page":"267","DOI":"10.1007\/11935230_18","volume-title":"Advances in Cryptology \u2013 ASIACRYPT 2006","author":"E. Jochemsz","year":"2006","unstructured":"Jochemsz, E., May, A.: A Strategy for Finding Roots of Multivariate Polynomials with New Applications in Attacking RSA Variants. In: Lai, X., Chen, K. (eds.) ASIACRYPT 2006. LNCS, vol.\u00a04284, pp. 267\u2013282. Springer, Heidelberg (2006)"},{"key":"13_CR40","doi-asserted-by":"crossref","unstructured":"Lomne, V., Roche, T., Thillard, A.: On the Need of Randomness in Fault Attack Countermeasures \u2013 Application to AES. In: FDTC 2012, pp. 85\u201394. IEEE Computer Society (2012)","DOI":"10.1109\/FDTC.2012.19"}],"container-title":["Lecture Notes in Computer Science","Public-Key Cryptography \u2013 PKC 2013"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/link.springer.com\/content\/pdf\/10.1007\/978-3-642-36362-7_13","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2021,9,1]],"date-time":"2021-09-01T00:30:35Z","timestamp":1630456235000},"score":1,"resource":{"primary":{"URL":"https:\/\/link.springer.com\/10.1007\/978-3-642-36362-7_13"}},"subtitle":["Why Public Verification Must Not Be Public?"],"short-title":[],"issued":{"date-parts":[[2013]]},"ISBN":["9783642363610","9783642363627"],"references-count":40,"URL":"https:\/\/doi.org\/10.1007\/978-3-642-36362-7_13","relation":{},"ISSN":["0302-9743","1611-3349"],"issn-type":[{"type":"print","value":"0302-9743"},{"type":"electronic","value":"1611-3349"}],"subject":[],"published":{"date-parts":[[2013]]},"assertion":[{"value":"This content has been made available to all.","name":"free","label":"Free to read"}]}}