Abstract
In this paper we present a new kind of cryptanalytic attack which utilizes bugs in the hardware implementation of computer instructions. The best known example of such a bug is the Intel division bug, which resulted in slightly inaccurate results for extremely rare inputs. Whereas in most applications such bugs can be viewed as a minor nuisance, we show that in the case of RSA (even when protected by OAEP), Pohlig-Hellman, elliptic curve cryptography, and several other schemes, such bugs can be a security disaster: Decrypting ciphertexts on any computer which multiplies even one pair of numbers incorrectly can lead to full leakage of the secret key, sometimes with a single well-chosen ciphertext.
Keywords
References
Bellare, M., Rogaway, P.: Optimal Asymmetric Encryption – How to encrypt with RSA (Extended Abstract). In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995)
Black, J., Halevi, S., Krawczyk, H., Krovetz, T., Rogaway, P.: UMAC: Fast and Secure Message Authentication. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 215–233. Springer, Heidelberg (1999)
Boesgaard, M., Vesterager, M., Pedersen, T., Christiansen, J., Scavenius, O.: Rabbit: A New High Performance Stream Cipher. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 307–329. Springer, Heidelberg (2003)
Boneh, D., DeMillo, R.A., Lipton, R.J.: On The Importance of Checking Cryptographic Protocols for Faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)
Burwick, C., Coppersmith, D., D’Avignon, E., Gennaro, R., Halevi, S., Jutla, C., Matyas Jr., S.M., O’Connor, L., Peyravian, M., Safford, D., Zunic, N.: MARS: A Candidate Cipher for AES. In: AES—The First Advanced Encryption Standard Candidate Conference, Conference Proceedings (1998)
Gilbert, H., Girault, M., Hoogvorst, P., Noilhan, F., Pornin, T., Poupard, G., Stern, J., Vaudenay, S.: Decorrelated Fast Cipher: An AES Candidate. In: AES—The First Advanced Encryption Standard Candidate Conference, Conference Proceedings (1998)
King, S.T., Tucek, J., Cozzie, A., Grier, C., Jiang, W., Zhou, Y.: Designing and Implementing Malicious Hardware, presented in LEET 08, http://www.usenix.org/events/leet08/tech/full_papers/king/king.pdf
Lai, X., Massey, J.L., Murphy, S.: Markov Ciphers and Differential Cryptanalysis. In: Davies, D.W. (ed.) EUROCRYPT 1991. LNCS, vol. 547, pp. 17–38. Springer, Heidelberg (1991)
Markoff, J.: F.B.I. Says the Military Had Bogus Computer Gear, New York Times (May 9, 2008), http://www.nytimes.com/2008/05/09/technology/09cisco.html
Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press, Boca Raton (1996)
Pohlig, S.C., Hellman, M.E.: An Improved Algorithm for Computing Logarithms Over GF(p) and Its Cryptographic Significance. IEEE Transactions on Information Theory 24(1), 106–111 (1978)
Rivest, R.L., Robshaw, M.J.B., Sidney, R., Yin, Y.L.: The RC6 Block Cipher. In: AES—The First Advanced Encryption Standard Candidate Conference, Conference Proceedings (1998)
Rivest, R.L., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978)
Screamer, B.: Microsoft’s Digital Rights Management Scheme – Technical Details (October 2001), http://cryptome.org/ms-drm.htm
Shamir, A., Rivest, R.L., Adleman, L.M.: Mental Poker. In: Klarner, D.A. (ed.) The Mathematical Gardner, pp. 37–43. Wadsworth (1981)
Shoup, V.: OAEP Reconsidered (Extended Abstract). In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 239–259. Springer, Heidelberg (2001)
U.S.D. of Defense, Defense science board task force on high performance microchip supply (February 2005), http://www.acq.osd.mil/dsb/reports/2005-02-HPMS_Report_Final.pdf
Warner Machado, A.: The Nimbus Cipher: A Proposal for NESSIE, NESSIE Proposal (September 2000)
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 2008 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Biham, E., Carmeli, Y., Shamir, A. (2008). Bug Attacks. In: Wagner, D. (eds) Advances in Cryptology – CRYPTO 2008. CRYPTO 2008. Lecture Notes in Computer Science, vol 5157. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-85174-5_13
Download citation
DOI: https://doi.org/10.1007/978-3-540-85174-5_13
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-85173-8
Online ISBN: 978-3-540-85174-5
eBook Packages: Computer ScienceComputer Science (R0)