[Cryptography] Vulnerability of RSA vs. DLP to single-bit faults

Peter Gutmann pgut001 at cs.auckland.ac.nz
Wed Nov 12 03:55:05 EST 2014

Jerry Leichter <leichter at lrw.com> writes:

>Peter specifically asked about catching "all possible problems"

What I meant was "all posible problems within the context of the discussion",
i.e. bit flips, memory corruption, stuck-at faults, etc.  Dealing with ebola,
global warming, and world hunger were implicitly excluded from the problem

So the question remains, would a pairwise consistency test detect any memory- 
based problems, or would you still need checksumming to detect specific 
changes in the public and private keys where the RSA/DLP operation succeeded 
on a modified form of the key?  And as a corollary, can you modify the key 
values so that you leak the private key but the pairwise check still succeeds 
(in other words you don't just replace key parameters wholesale to meet the 
"modified key" criteria).


More information about the cryptography mailing list