Re: 1024 bit RSA cracked?

[Nicolas Williams]

On Wed, Mar 10, 2010 at 09:27:06PM +0530, Udhay Shankar N wrote:
> Anyone know more?
> 
> http://news.techworld.com/security/3214360/rsa-1024-bit-private-key-encryption-cracked/

My initial reaction from reading only the abstract and parts of the
introduction is that the authors are talking about attacking hardware
that implements RSA (say, a cell phone) by injecting faults into the
system via the power supply of the device.

This isn't really applicable to server hardware in a data center (where
the power, presumably, will be conditioned and physical security will be
provided, also presumably) but this attack is definitely applicable to
portable devices -- laptops, mobiles, smartcards.

> "The RSA algorithm gives security under the assumption that as long as
> the private key is private, you can't break in unless you guess it.
> We've shown that that's not true," said Valeria Bertacco, an associate
> professor in the Department of Electrical Engineering and Computer
> Science, in a statement.

They're not the first ones to show that!  Side-channel attacks have been
around for a while now.  It's not just the algorithms, but the machine
executing them and its physical characteristics that matter.

Nico
-- 

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

1024 bit RSA cracked?

[Udhay Shankar N]

Anyone know more?

http://news.techworld.com/security/3214360/rsa-1024-bit-private-key-encryption-cracked/

RSA 1024-bit private key encryption cracked
Researchers find weakness in security system

By Network World Staff | Network World US
Published: 13:26 GMT, 05 March 10

Three University of Michigan computer scientists say they have found a
way to exploit a weakness in RSA security technology used to protect
everything from media players to smartphones and ecommerce servers.

RSA authentication is susceptible, they say, to changes in the voltage
supply to a private key holder. The researchers – Andrea Pellegrini,
Valeria Bertacco and Todd Austin - outline their findings in a paper
titled “Fault-based attack of RSA authentication”  to be presented 10
March at the Design, Automation and Test in Europe conference.

"The RSA algorithm gives security under the assumption that as long as
the private key is private, you can't break in unless you guess it.
We've shown that that's not true," said Valeria Bertacco, an associate
professor in the Department of Electrical Engineering and Computer
Science, in a statement.

The RSA algorithm was introduced in a 1978 paper outlining the
public-key cryptosystem. The annual RSA security conference is being
held this week in San Francisco.

While guessing the 1,000-plus digits of binary code in a private key
would take unfathomable hours, the researchers say that by varying
electric current to a secured computer using an inexpensive
purpose-built device they were able to stress out the computer and
figure out the 1,024-bit private key in about 100 hours – all without
leaving a trace.

The researchers in their paper outline how they made the attack on a
SPARC system running Linux. They also say they have come up with a
solution, which involves a cryptographic technique called salting that
involves randomly juggling a private key's digits.

The research is funded by the National Science Foundation and the
Gigascale Systems Research Center.

-- 
((Udhay Shankar N)) ((udhay @ pobox.com)) ((www.digeratus.com))

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Fwd: Workshop on Elliptic Curves

[R.A. Hettinga]

Begin forwarded message:

From: Tanja Lange 
Date: March 9, 2010 5:54:46 PM AST
To: Tanja Lange 
Subject: Workshop on Elliptic Curves

The study of Elliptic Curves has been closely connected with Machine
computation almost since the invention of computers -- in 1952 Emil
Artin had John von Neumann perform an extensive calculation relating
to elliptic curves on the IAS MANIAC computer.  The fundamental papers
of Birch and Swinnerton-Dyer in 1965, which gave rise to the
Birch-Swinnerton-Dyer conjecture were buttressed with extensive
machine computation.  There has been extensive interplay between
theory and computation relating to ranks of elliptic curves, Heegner
points, Galois representations, Sato-Tate distributions, and many
other areas.

The year 2010 marks the beginning of a 25 year period in which a
number of influential papers initiated a fundamental connection
between elliptic curves, cryptology and the theory of computation.

. Rene Schoof about fast algorithms for counting points on elliptic
 curves over finite fields
. Hendrik Lenstra about integer factorization using elliptic curves
. Victor Miller and Neal Koblitz about the security of using elliptic
 Curves over finite fields in a Diffie-Hellman key exchange.
. Shafi Goldwasser and Joe Kilian about primality proving using elliptic
 curves
. Len Adleman and Ming-Deh Huang about primality proving using abelian
 varieties
. Oliver Atkin and Francois Morain about primality proving using elliptic
 curves.

Since 1997 there has been an annual workshop on Elliptic Curve
Cryptography.  To celebrate the 25th anniversary of the above papers
we will hold a full week meeting intermixing talks which are concerned
with the applications of elliptic curves in cryptography and other
fundamental results concerning elliptic curves and computation.

The meeting will be held from Oct 18-22, 2010 at Microsoft Research in
Redmond, Washington, USA.
The organizers are Victor Miller (Center for Communications Research),
William Stein and Neal Koblitz (University of Washington), and Kristin
Lauter (Microsoft Research)

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

PayPal freezes Cryptome account

[R.A. Hettinga]

Cheers,
RAH

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Fault-Based Attack of RSA Authentication

[Eugen Leitl]

From: basile 
Date: Thu, 04 Mar 2010 19:20:36 -0500
To: or-t...@freehaven.net
Subject: Fault-Based Attack of RSA Authentication
User-Agent: Thunderbird 2.0.0.23 (X11/20090817)
Reply-To: or-t...@freehaven.net

Hi everyone,

I thought this might be of interest to the list.   Pellegrini, Bertacco
and Austin at U of Michigan have found an interesting way to deduce the
secret key by fluctuating a device's power supply.  Its a minimal threat
against servers, but against hand held devices its more practical.  The
openssl people say there's an easy fix by salting.

Here's some referneces:

http://www.theregister.co.uk/2010/03/04/severe_openssl_vulnerability/

http://www.eecs.umich.edu/~valeria/research/publications/DATE10RSA.pdf


-- 

Anthony G. Basile, Ph.D.
Chair of Information Technology
D'Youville College
Buffalo, NY 14201
USA

(716) 829-8197






--

-- 
Eugen* Leitl http://leitl.org";>leitl http://leitl.org
__
ICBM: 48.07100, 11.36820 http://www.ativel.com http://postbiota.org
8B29F6BE: 099D 78BA 2FD3 B014 B08A  7779 75B0 2443 8B29 F6BE

-
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com