Distinguishing Exponent Digits by Observing Modular Subtractions

  • Colin D. Walter
  • Susan Thompson
Conference paper

DOI: 10.1007/3-540-45353-9_15

Part of the Lecture Notes in Computer Science book series (LNCS, volume 2020)
Cite this paper as:
Walter C.D., Thompson S. (2001) Distinguishing Exponent Digits by Observing Modular Subtractions. In: Naccache D. (eds) Topics in Cryptology — CT-RSA 2001. CT-RSA 2001. Lecture Notes in Computer Science, vol 2020. Springer, Berlin, Heidelberg

Abstract

We analyse timing variations in an implementation of modular multiplication which has certain standard characteristics. This shows that squarings and multiplications behave differently when averaged over a number of random observations. Since power analysis can reveal such data, secret RSA exponents can be deduced if a standard square and multiply exponentiation algorithm is used. No knowledge of the modulus or input is required to do this. The technique generalises to the m-ary and sliding windows exponentiation methods since different multipliers can be distinguished. Moreover, only a small number of observations (independent of the key size and well under 1k) are required to perform the cryptanalysis successfully. Thus, if the modular multiplication algorithm cannot be made any safer, the exponent must be modified on every use.

Keywords

Exponentiation modular multiplication Montgomery multiplication RSA cryptosystem m-ary method sliding windows timing attack power analysis 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • Colin D. Walter
    • 1
  • Susan Thompson
    • 1
  1. 1.Datacard platform 7sevenUK

Personalised recommendations