Is it wise to publish your public RSA keys?

Abstract

Only very recently, the study of introducing faults into the public-key elements of the RSA signature scheme was initiated. Following the seminal work of Seifert on fault inductions during the RSA signature verification, Brier, Chevallier-Mames, Ciet, and Clavier considered in a recent paper the signature counterpart and showed how to recover the private exponent - even with absolutely no knowledge of the faults behavior, Consequently, this paper reconsiders the RSA signature verification and proposes two embassaring simple new fault attacks against the RSA verification process. Despite their trivial nature, both of our methods bear heavy practical consequences. While the first new attack of our methods simply eliminates the "somehow cumbersome" and subtle mathematical two-phase attack analysis of Seifert's attack, the second methodology removes the so called "one-shot success" of Seifert's attack and paves the way for a permanent and universal "mass-market" RSA signature forgery. Motivated by the obvious security threats through tampering attacks during the RSA verification process we will also consider some heuristic but practical countermeasures. © Springer-Verlag Berlin Heidelberg 2006.