# Martin Otto, Dr. rer. nat.

## Reserach Areas

Cryptography, especially side-channel cryptanalysis

## Projects

Fault attacks on cryptosystems, especially fault attacks on public key cryptosystems deployed on smartcards

## Publications

Johannes Blömer, Martin Otto:

**Wagner's Attack on a Secure CRT-RSA Algorithm Reconsidered**

In Fault Diagnosis and Tolerance in Cryptography, Lecture Notes in Computer Science Volume, vol. 4236, pp. 13-23, Springer Verlag, 2006.

[BibTeX]@inproceedings{BloemerOtto06,

author = {Johannes Bl{\"o}mer AND Martin Otto},

title = {Wagner's Attack on a Secure CRT-RSA Algorithm Reconsidered},

year = {2006},

booktitle = {Fault Diagnosis and Tolerance in Cryptography},

pages = {13-23},

publisher = {Springer Verlag},

url = {http://www.cs.uni-paderborn.de/uploads/tx_sibibtex/WagnersAttackReconsidered.pdf}

}

[Download]

Martin Otto:

**Fault Attacks and Countermeasures**

PhD thesis, University of Paderborn, 2005.

[BibTeX]@phdthesis{Otto05,

author = {Martin Otto},

title = {Fault Attacks and Countermeasures},

school = {University of Paderborn},

year = {2005},

url = {http://www.cs.uni-paderborn.de/uploads/tx_sibibtex/DissertationMartinOtto.pdf}

}

[Download]

Johannes Blömer, Martin Otto, Jean-Pierre Seifert:

**Sign Change Fault Attacks on Elliptic Curve Cryptosystems**

In Fault Diagnosis and Tolerance in Cryptography, Lecture Notes in Computer Science Volume, vol. 4236, pp. 36-52, 2005.

[BibTeX]@inproceedings{BloemerOttoSeifert05,

author = {Johannes Bl{\"o}mer AND Martin Otto AND Jean-Pierre Seifert},

title = {Sign Change Fault Attacks on Elliptic Curve Cryptosystems},

year = {2005},

booktitle = {Fault Diagnosis and Tolerance in Cryptography},

pages = {36-52},

url = {http://www.cs.uni-paderborn.de/uploads/tx_sibibtex/SignChangeFaultAttacksOnECC.pdf},

abstract = {We present a new type of fault attacks on elliptic curve scalar multiplications: Sign Change Attacks. These attacks exploit different number representations as they are often employed in modern cryptographic applications. Previously, fault attacks on elliptic curves aimed to force a device to output points which are on a cryptographically weak curve. Such attacks can easily be defended against. Our attack produces points which do not leave the curve and are not easily detected. The attack is practical and has a very high chance of success. The paper also presents a revised scalar multiplication algorithm that provably protects against Sign Change Attacks.}

}

[Download] [Abstract]We present a new type of fault attacks on elliptic curve scalar multiplications: Sign Change Attacks. These attacks exploit different number representations as they are often employed in modern cryptographic applications. Previously, fault attacks on elliptic curves aimed to force a device to output points which are on a cryptographically weak curve. Such attacks can easily be defended against. Our attack produces points which do not leave the curve and are not easily detected. The attack is practical and has a very high chance of success. The paper also presents a revised scalar multiplication algorithm that provably protects against Sign Change Attacks.

Johannes Blömer, Martin Otto, Jean-Pierre Seifert:

**A New CRT-RSA Algorithm Secure Against Bellcore Attacks**

In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS 2003), pp. 311-320, ACM Press, 2003.

[BibTeX]@inproceedings{BloemerOttoSeifert03,

author = {Johannes Bl{\"o}mer AND Martin Otto AND Jean-Pierre Seifert},

title = {A New CRT-RSA Algorithm Secure Against Bellcore Attacks},

year = {2003},

booktitle = {Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS 2003)},

pages = {311--320},

publisher = {ACM Press},

url = {http://www.cs.uni-paderborn.de/uploads/tx_sibibtex/SecureCRT.pdf},

abstract = {In this paper we describe a new algorithm to prevent fault attacks on RSA signature algorithms using the Chinese Remainder Theorem (CRT-RSA). This variant of the RSA signature algorithm is widely used on smartcards. Smartcards on the other hand are particularly susceptible to fault attacks like the one described in [7]. Recent results have shown that fault attacks are practical and easy to accomplish ([21], [17]). Therefore, they establish a practical need for fault attack protected CRT-RSA schemes. Starting from a careful derivation and classification of fault models, we describe a new variant of the CRT-RSA algorithm. For the most realistic fault model described, we rigorously analyze the success probability of an adversary. Thereby, we prove that our new algorithm is secure against the Bellcore attack. Only once in the analysis do we need to refer to a plausible number theoretic assumption.}

}

[Download] [Abstract]In this paper we describe a new algorithm to prevent fault attacks on RSA signature algorithms using the Chinese Remainder Theorem (CRT-RSA). This variant of the RSA signature algorithm is widely used on smartcards. Smartcards on the other hand are particularly susceptible to fault attacks like the one described in [7]. Recent results have shown that fault attacks are practical and easy to accomplish ([21], [17]). Therefore, they establish a practical need for fault attack protected CRT-RSA schemes. Starting from a careful derivation and classification of fault models, we describe a new variant of the CRT-RSA algorithm. For the most realistic fault model described, we rigorously analyze the success probability of an adversary. Thereby, we prove that our new algorithm is secure against the Bellcore attack. Only once in the analysis do we need to refer to a plausible number theoretic assumption.

Martin Otto:

**Brauer Addition-Subtraction Chains**

Master's thesis, University of Paderborn, 2001.

[BibTeX]@mastersthesis{Otto01,

author = {Martin Otto},

title = {Brauer Addition-Subtraction Chains},

school = {University of Paderborn},

year = {2001},

url = {http://www.cs.uni-paderborn.de/uploads/tx_sibibtex/2001_Otto_BrauerAddition-SubtractionChains_Diplom.ps.gz}

}

[Download]

## PGP/GnuPG Key

available at my homepage http://www.martin-otto.de

## Service

**clrprogram.sty** - LaTeX style-file to typeset algorithms in pseudocode
to resemble the style used by Cormen, Leiserson, Rivest:

- clrprogram.sty (Version V1.1.4, 19 May 2004)
- program.sty (The style file clrprogram.sty
modifies and requires the file program.sty, Version 3.3.8, by Martin Ward)
- Example implementation (Version V1.1, 19 May 2004)

Substitute for a real documentation for the style file clrprogram.sty.

Note that this style file is far from being perfect. If you find a bug, please
feel free to report it to me such that it gets fixed.

**Usage:**
Windows: install MiKTeX, create C:/localtexmf/tex/latex/clrprogram/,
copy clrprogram.sty into that directory, start the MiKTeX Wizard and run
refresh filename database". If you are updating an old installation of
clrprogram.sty, you may omit the Wizard.

Linux: create texmf/tex/latex/clrprogram/ in your home directory (cd ~),
copy clrprogram.sty into that directory, and call "texhash ${HOME}/texmf"
in a shell. If you are updating an old installation of clrprogram.sty,
you may omit texhash.

Imprint |
Webmaster |
Recent changes: 16.10.2013

Back to Top,
Menu