[Cryptography] Vulnerability of RSA vs. DLP to single-bit faults

[Peter Gutmann]

Jerry Leichter <leichter at lrw.com> writes:

>Peter specifically asked about catching "all possible problems"

What I meant was "all posible problems within the context of the discussion",
i.e. bit flips, memory corruption, stuck-at faults, etc.  Dealing with ebola,
global warming, and world hunger were implicitly excluded from the problem
space.

So the question remains, would a pairwise consistency test detect any memory- 
based problems, or would you still need checksumming to detect specific 
changes in the public and private keys where the RSA/DLP operation succeeded 
on a modified form of the key?  And as a corollary, can you modify the key 
values so that you leak the private key but the pairwise check still succeeds 
(in other words you don't just replace key parameters wholesale to meet the 
"modified key" criteria).

Peter.