• Title, Summary, Keyword: RSA

Search Result 592, Processing Time 0.032 seconds

Key Recovery Algorithm of Erroneous RSA Private Key Bits Using Generalized Probabilistic Measure (일반화된 확률 측도를 이용하여 에러가 있는 RSA 개인키를 복구하는 알고리즘)

  • Baek, Yoo-Jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.5
    • /
    • pp.1089-1097
    • /
    • 2016
  • It is well-known that, if additional information other than a plaintext-ciphertext pair is available, breaking the RSA cryptosystem may be much easier than factorizing the RSA modulus. For example, Coppersmith showed that, given the 1/2 fraction of the least or most significant bits of one of two RSA primes, the RSA modulus can be factorized in a polynomial time. More recently, Henecka et. al showed that the RSA private key of the form (p, q, d, $d_p$, $d_q$) can efficiently be recovered whenever the bits of the private key are erroneous with error rate less than 23.7%. It is notable that their algorithm is based on counting the matching bits between the candidate key bit string and the given decayed RSA private key bit string. And, extending the algorithm, this paper proposes a new RSA private key recovery algorithm using a generalized probabilistic measure for measuring the consistency between the candidate key bits and the given decayed RSA private key bits.

RI-RSA system design to increase security between nodes in RFID/USN environments (RFID/USN 환경에서 노드들간의 보안성 증대를 위한 RI-RSA 시스템 설계)

  • Lee, Seon-Keun
    • Journal of the Korea Society of Computer and Information
    • /
    • v.15 no.11
    • /
    • pp.157-162
    • /
    • 2010
  • Due to the IT development, RFID/USN became very familiar means of communication. However, because of increased number, security, and size constraints of nodes, it is insufficient to implement a variety of services. To solve these problems, this paper suggests RI-RSA, which is an appropriate asymmetric cryptographic system for RFID/USN environment. The proposed RI-RSA cryptographic system is easy to implement. To increase the processing speed, RI-RSA was suggested by subdividing the multiplication section into two-dimensional, where bottleneck phenomena occurs, and it was implemented in the hardware chip level. The simulation result verified that it caused 6% of circuit reduction, and for the processing speed, RI-RSA was 30% faster compare to the existing RSA.

Hardware Fault Attack Resistant RSA-CRT with Parallel Support (오류주입 공격에 강건하며 병렬연산이 가능한 RSA-CRT)

  • Eun, Ha-Soo;Oh, Hee-Kuck;Kim, Sang-Jin
    • Journal of the Korea Society of Computer and Information
    • /
    • v.17 no.5
    • /
    • pp.59-70
    • /
    • 2012
  • RSA-CRT is one of the commonly used techniques to speedup RSA operation. Since RSA-CRT performs its operations based on the modulus of two private primes, it is about four times faster than RSA. In RSA, the two primes are normally thrown away after generating the public key pair. However, in RSA-CRT, the two primes are directly used in RSA operations. This led to hardware fault attacks which can be used to factor the public modulus. The most common way to counter these attacks is based on error propagation. In these schemes, all the outputs of RSA are affected by the infected error which makes it difficult for an adversary to use the output to factor the public modulus. However, the error propagation has sequentialized the RSA operation. Moreover, these schemes have been found to be still vulnerable to hardware fault attacks. In this paper, we propose two new RSA-CRT schemes which are both resistant to hardware fault attack and support parallel execution: one uses common modulus and the other one perform operations in each prime modulus. Both proposed schemes takes about a time equal to two exponentiations to complete the RSA operation if parallel execution is fully used and can protect the two private primes from hardware fault attacks.

2,048 bits RSA public-key cryptography processor based on 32-bit Montgomery modular multiplier (32-비트 몽고메리 모듈러 곱셈기 기반의 2,048 비트 RSA 공개키 암호 프로세서)

  • Cho, Wook-Lae;Shin, Kyung-Wook
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.21 no.8
    • /
    • pp.1471-1479
    • /
    • 2017
  • This paper describes a design of RSA public-key cryptography processor supporting key length of 2,048 bits. A modular multiplier that is core arithmetic function in RSA cryptography was designed using word-based Montgomery multiplication algorithm, and a modular exponentiation was implemented by using Left-to-Right (LR) binary exponentiation algorithm. A computation of a modular multiplication takes 8,386 clock cycles, and RSA encryption and decryption requires 185,724 and 25,561,076 clock cycles, respectively. The RSA processor was verified by FPGA implementation using Virtex5 device. The RSA cryptographic processor synthesized with 100 MHz clock frequency using a 0.18 um CMOS cell library occupies 12,540 gate equivalents (GEs) and 12 kbits memory. It was estimated that the RSA processor can operate up to 165 MHz, and the estimated time for RSA encryption and decryption operations are 1.12 ms and 154.91 ms, respectively.

A Public-Key Cryptography Processor Supporting GF(p) 224-bit ECC and 2048-bit RSA (GF(p) 224-비트 ECC와 2048-비트 RSA를 지원하는 공개키 암호 프로세서)

  • Sung, Byung-Yoon;Shin, Kyung-Wook
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • /
    • pp.163-165
    • /
    • 2018
  • GF(p)상 타원곡선 암호(ECC)와 RSA를 단일 하드웨어로 통합하여 구현한 공개키 암호 프로세서를 설계하였다. 설계된 EC-RSA 공개키 암호 프로세서는 NIST 표준에 정의된 소수체 상의 224-비트 타원 곡선 P-224와 2048-비트 키 길이의 RSA를 지원한다. ECC와 RSA가 갖는 연산의 공통점을 기반으로 워드기반 몽고메리 곱셈기와 메모리 블록을 효율적으로 결합하여 최적화된 데이터 패스 구조를 적용하였다. EC-RSA 공개키 암호 프로세서는 Modelsim을 이용한 기능검증을 통하여 정상동작을 확인하였으며, $0.18{\mu}m$ CMOS 셀 라이브러리로 합성한 결과 11,779 GEs와 14-Kbit RAM의 경량 하드웨어로 구현되었다. EC-RSA 공개키 암호 프로세서는 최대 동작주파수 133 MHz이며, ECC 연산에는 867,746 클록주기가 소요되며, RSA 복호화 연산에는 26,149,013 클록주기가 소요된다.

  • PDF

A Public-key Cryptography Processor supporting P-224 ECC and 2048-bit RSA (P-224 ECC와 2048-비트 RSA를 지원하는 공개키 암호 프로세서)

  • Sung, Byung-Yoon;Lee, Sang-Hyun;Shin, Kyung-Wook
    • Journal of IKEEE
    • /
    • v.22 no.3
    • /
    • pp.522-531
    • /
    • 2018
  • A public-key cryptography processor EC-RSA was designed, which integrates a 224-bit prime field elliptic curve cryptography (ECC) defined in the FIPS 186-2 as well as RSA with 2048-bit key length into a single hardware structure. A finite field arithmetic core used in both scalar multiplication for ECC and exponentiation for RSA was designed with 32-bit data-path. A lightweight implementation was achieved by an efficient hardware sharing of the finite field arithmetic core and internal memory for ECC and RSA operations. The EC-RSA processor was verified by FPGA implementation. It occupied 11,779 gate equivalents (GEs) and 14 kbit RAM synthesized with a 180-nm CMOS cell library and the estimated maximum clock frequency was 133 MHz. It takes 867,746 clock cycles for ECC scalar multiplication resulting in the estimated throughput of 34.3 kbps, and takes 26,149,013 clock cycles for RSA decryption resulting in the estimated throughput of 10.4 kbps.

Design of an Optimal RSA Crypto-processor for Embedded Systems (내장형 시스템을 위한 최적화된 RSA 암호화 프로세서 설계)

  • 허석원;김문경;이용석
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.29 no.4A
    • /
    • pp.447-457
    • /
    • 2004
  • This paper proposes a RSA crypto-processor for embedded systems. The architecture of the RSA crypto-processor should be used relying on Big Montgomery algorithm, and is supported by configurable bit size. The RSA crypto-processor includes a RSA control signal generator, an optimal Big Montgomery processor(adder, multiplier). We use diverse arithmetic unit (adder, multiplier) algorithm. After we compared the various results, we selected the optimal arithmetic unit which can be connected with ARM core-processor. The RSA crypto-processor was implemented with Verilog HDL with top-down methodology, and it was verified by C language and Cadence Verilog-XL. The verified models were synthesized with a Hynix 0.25${\mu}{\textrm}{m}$, CMOS standard cell library while using Synopsys Design Compiler. The RSA crypto-processor can operate at a clock speed of 51 MHz in this worst case conditions of 2.7V, 10$0^{\circ}C$ and has about 36,639 gates.

Evaluating Scapular Notching after Reverse Total Shoulder Arthroplasty

  • Kim, Young-Kyu;Won, Jun-Sung;Park, Chang-Kyu;Kim, Jong-Geun
    • Clinics in Shoulder and Elbow
    • /
    • v.18 no.4
    • /
    • pp.248-253
    • /
    • 2015
  • Background: Scapular notching can happen at diverse location depending on implant design or operative technique, therefore, it is easily misdiagnosed. Thus, this study purposed to suggest a method helpful to assess scapular notching. Methods: The subjects were 73 cases of reverse shoulder arthroplasty (RSA) for cuff tear arthropathy during the period from May 2009 to April 2014 and followed-up for over a year. There was medialized RSA in 22 cases, bone increased offset RSA (BIO-RSA) in 36 cases, and metal increased offset RSA (metal-RSA) in 15 cases. Scapular notching was not determined by bone defect at the inferior of glenosphere as Sirveaux's classification, but scapular notching at the site where the rotational route of the polyethylene of humeral implant met the scapular neck were examined. The results were compared with conventional method. Results: By conventional method, scapular notching was observed in 10 cases (45.5%) in medialized RSA, 12 cases (33.3%) in BIO-RSA, and none in metal-RSA. By new method, it was observed in 9 cases (40.9%) in medialized RSA, 10 cases (27.8%) in BIO-RSA, and none of metal-RSA. The site of scapular notching was apart from glenoshpere in 18 cases, and at inferior of glenosphere in 1 case. Absorption of bone graft was observed in 4 (11.1%) out of 36 cases of BIO-RSA. Conclusions: It is hard to distinguish scapular notching from absorption of bone graft in BIO-RSA, and bone absorption at the lateral lower end of glenoid in medialized RSA. Thus, it is considered useful to assess scapular notching at the site where the rotational route of the polyethylene insert meets scapular neck.

On Recovering Erased RSA Private Key Bits

  • Baek, Yoo-Jin
    • International Journal of Internet, Broadcasting and Communication
    • /
    • v.10 no.3
    • /
    • pp.11-25
    • /
    • 2018
  • While being believed that decrypting any RSA ciphertext is as hard as factorizing the RSA modulus, it was also shown that, if additional information is available, breaking the RSA cryptosystem may be much easier than factoring. For example, Coppersmith showed that, given the 1/2 fraction of the least or the most significant bits of one of two RSA primes, one can factorize the RSA modulus very efficiently, using the lattice-based technique. More recently, introducing the so called cold boot attack, Halderman et al. showed that one can recover cryptographic keys from a decayed DRAM image. And, following up this result, Heninger and Shacham presented a polynomial-time attack which, given 0.27-fraction of the RSA private key of the form (p, q, d, $d_p$, $d_q$), can recover the whole key, provided that the given bits are uniformly distributed. And, based on the work of Heninger and Shacham, this paper presents a different approach for recovering RSA private key bits from decayed key information, under the assumption that some random portion of the private key bits is known. More precisely, we present the algorithm of recovering RSA private key bits from erased key material and elaborate the formula of describing the number of partially-recovered RSA private key candidates in terms of the given erasure rate. Then, the result is justified by some extensive experiments.

Hardware Design of Efficient Montgomery Multiplier for Low Area RSA (저면적 RSA를 위한 효율적인 Montgomery 곱셈기 하드웨어 설계)

  • Nti, Richard B.;Ryoo, Kwangki
    • Proceedings of the Korean Institute of Information and Commucation Sciences Conference
    • /
    • /
    • pp.575-577
    • /
    • 2017
  • In public key cryptography such as RSA, modular exponentiation is the most time-consuming operation. RSA's modular exponentiation can be computed by repeated modular multiplication. To attain high efficiency for RSA, fast modular multiplication algorithms have been proposed to speed up decryption/encryption. Montgomery multiplication is limited by the carry propagation delay from the addition of long operands. In this paper, we propose a hardware structure that reduces the area of the Montgomery multiplication implementation for lightweight applications of RSA. Experimental results showed that the new design can achieve higher performance and reduce hardware area. A frequency of 884.9MHz and 250MHz were achieved with 84K and 56K gates respectively using the 90nm technology.

  • PDF