Researcher: Mathematical error in chip can lead to global e-commerce disaster
By Ruben Francia
One of the designers of the RSA public key algorithm has warned about the theoretical existence of mathematical flaws in widely used processors that could make the algorithm vulnerable and lead to a global e-commerce disaster.
Adi Shamir, professor at the Weizmann Institute of Science in Israel and the “S” in RSA software that is widely used to protect e-commerce transaction from hackers, said that the bugs could be exploited undetected.
Shamir said that “if an intelligence organization discovered a math error in a widely used chip, then security software on a PC with that chip could be trivially broken with a single chosen message,” New York Times writes.
“In addition, the problem is not limited to microprocessors: Many cellular telephones are running RSA or elliptic curve computations on signal processors made by TI and others, FPGA or ASIC devices can embed in their design flawed multipliers from popular libraries of standard cell designs, and many security programs use optimized “bignum packages” written by others without being able to fully verify their correctness.”
Shamir, however, admitted that he had no evidence that anyone is exploiting the flaws.
Paul Kocher, president of Cryptography Research firm based in San Francisco, disclosed that the issue described by Shamir has been deeply studied. However, he added that it illustrated how small flaws could subvert even the strongest security.
An Intel spokesman noted that the issue was a theoretical one but acknowledges that it is something that required a lot of contingencies.
However, there seems to have a work around solution to the issue.
In a post on cryptome, Wei Dai said “It’s been well known for some time that in order to protect against this kind of fault attack, after doing the RSA private key operation y=x^d mod n, one should check that the result is correct by verifying that x=y^e mod n.”
Dai also disclosed that the RSA implementation in Crypto++ is already protected against this attack since the release of Crypto++ version 5.1.
Related:
Stumble It!
Entry was posted
on Monday, November 19th, 2007 at 1:14 am
under 
Print
Read more entries by Ruben Francia.
