[Cryptography] Vulnerability of RSA vs. DLP to single-bit faults
pgut001 at cs.auckland.ac.nz
Wed Nov 12 03:55:05 EST 2014
Jerry Leichter <leichter at lrw.com> writes:
>Peter specifically asked about catching "all possible problems"
What I meant was "all posible problems within the context of the discussion",
i.e. bit flips, memory corruption, stuck-at faults, etc. Dealing with ebola,
global warming, and world hunger were implicitly excluded from the problem
So the question remains, would a pairwise consistency test detect any memory-
based problems, or would you still need checksumming to detect specific
changes in the public and private keys where the RSA/DLP operation succeeded
on a modified form of the key? And as a corollary, can you modify the key
values so that you leak the private key but the pairwise check still succeeds
(in other words you don't just replace key parameters wholesale to meet the
"modified key" criteria).
More information about the cryptography