{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2025,8,22]],"date-time":"2025-08-22T04:51:40Z","timestamp":1755838300286},"reference-count":42,"publisher":"Springer Science and Business Media LLC","issue":"1","license":[{"start":{"date-parts":[[2013,2,20]],"date-time":"2013-02-20T00:00:00Z","timestamp":1361318400000},"content-version":"tdm","delay-in-days":0,"URL":"http:\/\/www.springer.com\/tdm"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["J Cryptogr Eng"],"published-print":{"date-parts":[[2013,4]]},"DOI":"10.1007\/s13389-013-0050-x","type":"journal-article","created":{"date-parts":[[2013,2,19]],"date-time":"2013-02-19T11:12:39Z","timestamp":1361272359000},"page":"59-72","source":"Crossref","is-referenced-by-count":7,"title":["Attacking RSA\u2013CRT signatures with faults on montgomery multiplication"],"prefix":"10.1007","volume":"3","author":[{"given":"Pierre-Alain","family":"Fouque","sequence":"first","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Nicolas","family":"Guillermin","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Delphine","family":"Leresteux","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Mehdi","family":"Tibouchi","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Jean-Christophe","family":"Zapalowicz","sequence":"additional","affiliation":[],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"297","published-online":{"date-parts":[[2013,2,20]]},"reference":[{"key":"50_CR1","doi-asserted-by":"crossref","unstructured":"Acii\u00e7mez, O., Schindler, W., Ko\u00e7, \u00c7.K.: Improving Brumley and Boneh timing attack on unprotected SSL implementations, pp. 139\u2013146. In ACM Conference on Computer and Communications, Security (2005)","DOI":"10.1145\/1102120.1102140"},{"key":"50_CR2","doi-asserted-by":"crossref","unstructured":"Aum\u00fcller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.-P.: Fault attacks on RSA with CRT: concrete results and practical countermeasures. In CHES, pp. 260\u2013275 (2002)","DOI":"10.1007\/3-540-36400-5_20"},{"key":"50_CR3","unstructured":"Bellare, M., Rogaway, P.: PSS: provably secure encoding method for digital signatures. Submission to IEEE P1363 (1998)"},{"key":"50_CR4","unstructured":"Bellare, M., Rogaway, P.: Probabilistic signature scheme. Patent, 2001. US 6266771"},{"key":"50_CR5","doi-asserted-by":"crossref","unstructured":"Bl\u00f6mer, J., Otto, M., Seifert, J.-P.: A new CRT-RSA algorithm secure against Bellcore attacks, pp. 311\u2013320. In: ACM Conference on Computer and Communications, Security (2003)","DOI":"10.1145\/948109.948151"},{"key":"50_CR6","doi-asserted-by":"crossref","unstructured":"Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In EUROCRYPT, pp. 37\u201351 (1997)","DOI":"10.1007\/3-540-69053-0_4"},{"issue":"2","key":"50_CR7","doi-asserted-by":"crossref","first-page":"101","DOI":"10.1007\/s001450010016","volume":"14","author":"D Boneh","year":"2001","unstructured":"Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of eliminating errors in cryptographic computations. J. Cryptol. 14(2), 101\u2013119 (2001)","journal-title":"J. Cryptol."},{"key":"50_CR8","doi-asserted-by":"crossref","unstructured":"Brier, E., Naccache, D., Nguyen, P.Q., Tibouchi, M.: Modulus fault attacks against RSA-CRT signatures. In: CHES, pp. 192\u2013206 (2011)","DOI":"10.1007\/978-3-642-23951-9_13"},{"issue":"5","key":"50_CR9","doi-asserted-by":"crossref","first-page":"701","DOI":"10.1016\/j.comnet.2005.01.010","volume":"48","author":"D Brumley","year":"2005","unstructured":"Brumley, D., Boneh, D.: Remote timing attacks are practical. Comput. Netw. 48(5), 701\u2013716 (2005)","journal-title":"Comput. Netw."},{"key":"50_CR10","doi-asserted-by":"crossref","unstructured":"Chen, Y., Nguyen, P.Q.: Faster algorithms for approximate common divisors. In: EUROCRYPT, pp. 502\u2013519 (2012)","DOI":"10.1007\/978-3-642-29011-4_30"},{"key":"50_CR11","doi-asserted-by":"crossref","unstructured":"Chow, G.C.T., Eguro, K., Luk, W., Leong, P.: A Karatsuba-based Montgomery multiplier. In: FPL\u201910, pp. 434\u2013437 (2010)","DOI":"10.1109\/FPL.2010.89"},{"key":"50_CR12","unstructured":"Ciet, M., Joye, M.: Practical fault countermeasures for Chinese remaindering based cryptosystems. In: Breveglieri, L., Koren, I. (eds.) FDTC, pp. 124\u2013131 (2005)"},{"key":"50_CR13","unstructured":"Cohn, H., Heninger, N.: Approximate common divisors via lattices. Cryptology ePrint Archive, Report 2011\/437, 2011. http:\/\/eprint.iacr.org\/ . Presented at ANTS-X"},{"key":"50_CR14","doi-asserted-by":"crossref","unstructured":"Coron, J.-S., Giraud, C., Morin, N., Piret, G., Vigilant, D.: Fault attacks and countermeasures on Vigilant\u2019s RSA-CRT algorithm. In FDTC, pp. 89\u201396 (2010)","DOI":"10.1109\/FDTC.2010.9"},{"key":"50_CR15","doi-asserted-by":"crossref","unstructured":"Coron, J.-S., Joux, A., Kizhvatov, I., Naccache, D., Paillier, P.: Fault attacks on RSA signatures with partially unknown messages. In: CHES, pp. 444\u2013456 (2009)","DOI":"10.1007\/978-3-642-04138-9_31"},{"key":"50_CR16","doi-asserted-by":"crossref","unstructured":"Coron, J.-S., Mandal, A.: PSS is secure against random fault attacks. In: ASIACRYPT, pp. 653\u2013666 (2009)","DOI":"10.1007\/978-3-642-10366-7_38"},{"key":"50_CR17","doi-asserted-by":"crossref","unstructured":"Coron, J.-S., Naccache, D., Tibouchi, M.: Fault attacks against EMV signatures. In: CT-RSA, pp. 208\u2013220 (2010)","DOI":"10.1007\/978-3-642-11925-5_15"},{"key":"50_CR18","doi-asserted-by":"crossref","unstructured":"Fouque, P.-A., Guillermin, N., Leresteux, D., Tibouchi, M., Zapalowicz, J.-C.: Attacking rsa-crt signatures with faults on montgomery multiplication. In CHES, pp. 447\u2013462 (2012)","DOI":"10.1007\/978-3-642-33027-8_26"},{"key":"50_CR19","doi-asserted-by":"crossref","unstructured":"Garner, H.L.: The residue number system. In: IRE-AIEE-ACM \u201959 (Western), pp. 146\u2013153. ACM (1959)","DOI":"10.1145\/1457838.1457864"},{"issue":"9","key":"50_CR20","doi-asserted-by":"crossref","first-page":"1116","DOI":"10.1109\/TC.2006.135","volume":"55","author":"C Giraud","year":"2006","unstructured":"Giraud, C.: An RSA implementation resistant to fault attacks and to simple power analysis. IEEE Trans. Comput. 55(9), 1116\u20131120 (2006)","journal-title":"IEEE Trans. Comput."},{"key":"50_CR21","doi-asserted-by":"crossref","unstructured":"Howgrave-Graham, N.: Approximate integer common divisors. In: CaLC, pp. 51\u201366 (2001)","DOI":"10.1007\/3-540-44670-2_6"},{"key":"50_CR22","doi-asserted-by":"crossref","unstructured":"Huang, M., Gaj, K., Kwon, S., El-Ghazawi, T.A.: An optimized hardware architecture for the Montgomery multiplication algorithm. In: Public Key Cryptography, pp. 214\u2013228 (2008)","DOI":"10.1007\/978-3-540-78440-1_13"},{"key":"50_CR23","unstructured":"Kaliski, B.S.: Raising the standard for RSA signatures: RSA-PSS. CryptoBytes Technical Newsletter, February 2003. http:\/\/www.rsa.com\/rsalabs\/node.asp?id=2005"},{"issue":"3","key":"50_CR24","doi-asserted-by":"crossref","first-page":"26","DOI":"10.1109\/40.502403","volume":"16","author":"\u00c7K Ko\u00e7","year":"1996","unstructured":"Ko\u00e7, \u00c7.K., Acar, T.: Analyzing and comparing Montgomery multiplication algorithms. IEEE Micro 16(3), 26\u201333 (1996)","journal-title":"IEEE Micro"},{"issue":"6","key":"50_CR25","doi-asserted-by":"crossref","first-page":"402","DOI":"10.1049\/ip-cdt:20040791","volume":"151","author":"C McIvor","year":"2004","unstructured":"McIvor, C., McLoone, M., McCanny, J.: Modified Montgomery modular multiplication and RSA exponentiation techniques. IEE Proc. Comput. Digital Tech. 151(6), 402\u2013408 (2004)","journal-title":"IEE Proc. Comput. Digital Tech."},{"key":"50_CR26","doi-asserted-by":"crossref","unstructured":"Mentens, N., Sakiyama, K., Preneel, B., Verbauwhede, I.: Efficient pipelining for modular multiplication architectures in prime fields. In: Proceedings of the 17th ACM Great Lakes symposium on VLSI, GLSVLSI \u201907, pp. 534\u2013539, New York, NY, USA, ACM (2007)","DOI":"10.1145\/1228784.1228911"},{"key":"50_CR27","doi-asserted-by":"crossref","first-page":"519","DOI":"10.1090\/S0025-5718-1985-0777282-X","volume":"44","author":"PL Montgomery","year":"1985","unstructured":"Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44, 519\u2013521 (1985)","journal-title":"Math. Comput."},{"key":"50_CR28","doi-asserted-by":"crossref","unstructured":"Nozaki, H., Motoyama, M., Shimbo, A., Kawamura, S.: Implementation of RSA algorithm based on RNS Montgomery multiplication. In: CHES, pp. 364\u2013376 (2001)","DOI":"10.1007\/3-540-44709-1_30"},{"key":"50_CR29","unstructured":"Oracle. JavaCard 3.0.1 Platform Specification. http:\/\/www.oracle.com\/technetwork\/java\/javacard\/overview\/"},{"key":"50_CR30","doi-asserted-by":"crossref","unstructured":"Orup, H.: Simplifying quotient determination in high-radix modular multiplication. In: IEEE Symposium on Computer Arithmetic\u201995, pp. 193\u2013193 (1995)","DOI":"10.1109\/ARITH.1995.465359"},{"key":"50_CR31","doi-asserted-by":"crossref","unstructured":"Rivain, M.: Securing RSA against fault analysis by double addition chain exponentiation. In: CT-RSA, pp. 459\u2013480 (2009)","DOI":"10.1007\/978-3-642-00862-7_31"},{"key":"50_CR32","doi-asserted-by":"crossref","unstructured":"Schindler, W.: A timing attack against RSA with the Chinese remainder theorem. In: CHES, pp. 109\u2013124 (2000)","DOI":"10.1007\/3-540-44499-8_8"},{"key":"50_CR33","unstructured":"Shamir, A.: Improved method and apparatus for protecting public key schemes from timing and fault attacks. Patent Application, 1998. WO 1998\/052319 A1"},{"key":"50_CR34","doi-asserted-by":"crossref","unstructured":"Skorobogatov, S.: Optical fault masking attacks. In: FDTC, pp. 23\u201329 (2010)","DOI":"10.1109\/FDTC.2010.18"},{"key":"50_CR35","doi-asserted-by":"crossref","unstructured":"Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: CHES, pp. 2\u201312 (2002)","DOI":"10.1007\/3-540-36400-5_2"},{"key":"50_CR36","unstructured":"Stein, W., et al.: Sage Mathematics Software (Version 4.8). The Sage Development Team, 2012. http:\/\/www.sagemath.org"},{"key":"50_CR37","doi-asserted-by":"crossref","unstructured":"Suzuki, D.: How to maximize the potential of FPGA resources for modular exponentiation. In: CHES, pp. 272\u2013288 (2007)","DOI":"10.1007\/978-3-540-74735-2_19"},{"key":"50_CR38","doi-asserted-by":"crossref","unstructured":"Tenca, A.F., Ko\u00e7, \u00c7.K.: A scalable architecture for Montgomery multiplication. In: Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems, CHES \u201999, PP. 94\u2013108, London, UK. Springer, Berlin (1999)","DOI":"10.1007\/3-540-48059-5_10"},{"key":"50_CR39","unstructured":"The OpenSSL Project. OpenSSL: The open source toolkit for SSL\/TLS. http:\/\/www.openssl.org\/"},{"key":"50_CR40","doi-asserted-by":"crossref","unstructured":"Vigilant, D.: RSA with CRT: a new cost-effective solution to thwart fault attacks. In: CHES, pp. 130\u2013145 (2008)","DOI":"10.1007\/978-3-540-85053-3_9"},{"key":"50_CR41","doi-asserted-by":"crossref","unstructured":"Walter, C.D.: Montgomery\u2019s multiplication technique: How to make it smaller and faster. In: CHES, pp. 80\u201393 (1999)","DOI":"10.1007\/3-540-48059-5_9"},{"key":"50_CR42","doi-asserted-by":"crossref","unstructured":"Yen, S.-M., Moon, S.-J., Ha, J.: Hardware fault attack on RSA with CRT revisited. In: ICISC, pp. 374\u2013388 (2002)","DOI":"10.1007\/3-540-36552-4_26"}],"container-title":["Journal of Cryptographic Engineering"],"original-title":[],"language":"en","link":[{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s13389-013-0050-x.pdf","content-type":"application\/pdf","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/article\/10.1007\/s13389-013-0050-x\/fulltext.html","content-type":"text\/html","content-version":"vor","intended-application":"text-mining"},{"URL":"http:\/\/link.springer.com\/content\/pdf\/10.1007\/s13389-013-0050-x","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2019,7,9]],"date-time":"2019-07-09T18:10:41Z","timestamp":1562695841000},"score":1,"resource":{"primary":{"URL":"http:\/\/link.springer.com\/10.1007\/s13389-013-0050-x"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2013,2,20]]},"references-count":42,"journal-issue":{"issue":"1","published-print":{"date-parts":[[2013,4]]}},"alternative-id":["50"],"URL":"https:\/\/doi.org\/10.1007\/s13389-013-0050-x","relation":{},"ISSN":["2190-8508","2190-8516"],"issn-type":[{"value":"2190-8508","type":"print"},{"value":"2190-8516","type":"electronic"}],"subject":[],"published":{"date-parts":[[2013,2,20]]}}}