Crashing Modulus Attack on Modular Squaring for Rabin Cryptosystem

TL;DR

This paper introduces a new fault attack called crashing modulus attack on the Rabin cryptosystem's modular squaring, demonstrating its effectiveness and providing algorithms for message reconstruction under fault conditions.

Contribution

The paper presents the crashing modulus attack on Rabin encryption, along with a rigorous message reconstruction algorithm for complex fault scenarios and an exact formula for candidate message count.

Findings

Attack success rate exceeds 50% with several faults

Effective message reconstruction algorithms are developed

Number of candidate messages varies, not always a power of two

Abstract

The Rabin cryptosystem has been proposed protect the unique ID (UID) in radio-frequency identification tags. The Rabin cryptosystem is a type of lightweight public key system that is theoretetically quite secure; however it is vulnerable to several side-channel attacks. In this paper, a crashing modulus attack is presented as a new fault attack on modular squaring during Rabin encryption. This attack requires only one fault in the public key if its perturbed public key can be factored. Our simulation results indicate that the attack is more than 50\% successful with several faults in practical time. A complicated situation arises when reconstrucing the message, including the UID, from ciphertext, i.e., the message and the perturbed public key are not relatively prime. We present a complete and mathematically rigorous message reconstruction algorithm for such a case. Moreover, we propose an exact formula to obtain a number of candidate messages. We show that the number is not generally equal to a power of two.