Abstract
A standard SPA protection for RSA implementations is exponent blinding (see [7]). Fouque et al., [4] and more recently Schindler and Itoh, [8] have described side-channel attacks against such implementations. The attack in [4] requires that the attacker knows some bits of the blinded exponent with certainty. The attack methods of [8] can be defeated by choosing a sufficiently large blinding factor (about 64 bit).
In this paper we start from a more realistic model for the information an attacker can obtain by simple power analysis (SPA) than the one that forms the base of the attack in [4]. We show how the methods of [4] can be extended to work in this setting. This new attack works, under certain restrictions, even for long blinding factors (i.e. 64 bit or more).
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Boneh, D.: Twenty Years of Attacks on the RSA Cryptosystem. Notices of the AMS 46, 203–213 (1999)
Chari, S., Rao, J.R., Rohatgi, P.: Template Attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)
Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Horizontal Correlation Analysis on Exponentiation. Cryptology ePrint Archive, Report 2010/394 (2010), http://eprint.iacr.org/2010/394
Fouque, P.-A., Kunz-Jacques, S., Martinet, G., Muller, F., Valette, F.: Power Attack on Small RSA Public Exponent. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 339–353. Springer, Heidelberg (2006)
Halderman, J.A., Schoen, S.D., Heninger, N., Clarkson, W., Paul, W., Calandrino, J.A., Feldman, A.J., Appelbaum, J., Felten, E.W.: Lest We Remember: Cold Boot Attacks on Encryption Keys. In: 2008 USENIX Security Symposium (2008), http://www.usenix.org/events/sec08/tech/full_papers/halderman/halderman.pdf
Heninger, N., Shacham, H.: Reconstructing RSA Private Keys from Random Key Bits. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 1–17. Springer, Heidelberg (2009)
Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Schindler, W., Itoh, K.: Exponent Blinding Does Not Always Lift (Partial) Spa Resistance to Higher-Level Security. In: Lopez, J., Tsudik, G. (eds.) ACNS 2011. LNCS, vol. 6715, pp. 73–90. Springer, Heidelberg (2011)
Walter, C.D.: Sliding Windows Succumbs to Big Mac Attack. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 286–299. Springer, Heidelberg (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2012 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bauer, S. (2012). Attacking Exponent Blinding in RSA without CRT. In: Schindler, W., Huss, S.A. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2012. Lecture Notes in Computer Science, vol 7275. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-29912-4_7
Download citation
DOI: https://doi.org/10.1007/978-3-642-29912-4_7
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-29911-7
Online ISBN: 978-3-642-29912-4
eBook Packages: Computer ScienceComputer Science (R0)