On the Implementation of a Fast Prime Generation Algorithm

  • Christophe Clavier
  • Jean-Sébastien Coron
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4727)


A side-channel analysis of a cryptographic algorithm generally concentrates on the encryption or decryption phases, rarely on the key generation phase. In this paper, we show that, when not properly implemented, the fast prime generation algorithm proposed by Joye and Paillier at CHES 2006 is susceptible to side-channel analysis; its main application is the generation of RSA key-pairs for embedded platforms like smart-cards. Our attack assumes that some parity bit can be recovered through SPA when it appears in a branch condition. Our attack can be combined with Coppersmith’s theorem to improve its efficiency; we show that for 1024-bit RSA moduli, one can recover the factorization of roughly 1/1000 of the RSA moduli.


Simple Power Analysis Prime generation algorithm Coppersmith’s theorem 


  1. 1.
    Coppersmith, D.: Small solutions to polynomial equations, and low exponent vulnerabilities. J. of Cryptology 10(4), 233–260 (1997)zbMATHCrossRefMathSciNetGoogle Scholar
  2. 2.
    Coron, J.S.: Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, Springer, Heidelberg (1999)CrossRefGoogle Scholar
  3. 3.
    Dupuy, W., Kunz-Jacques, S.: Resistance of Randomized Projective Coordinates Against Power Analysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, Springer, Heidelberg (2005)CrossRefGoogle Scholar
  4. 4.
    Fouque, P.A., Kunz-Jacques, S., Martinet, G., Muller, F., Valette, F.: Power Attack on Small RSA Public Exponent. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  5. 5.
    Joye, M., Paillier, P., Vaudenay, S.: Efficient Generation of Prime Numbers. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 340–354. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  6. 6.
    Joye, M., Paillier, P.: Fast Generation of Prime Numbers of Portable Devices: An Update. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 160–173. Springer, Heidelberg (2006)CrossRefGoogle Scholar
  7. 7.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  8. 8.
    Miller, G.: Riemann’s Hypothesis and Tests for Primality. J. Comp. Syst. Sci. 13, 300–317 (1976)zbMATHGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2007

Authors and Affiliations

  • Christophe Clavier
    • 1
  • Jean-Sébastien Coron
    • 2
  1. 1.Gemalto, Security Labs, La Vigie, Avenue du Jujubier, ZI Athélia IV, F-13705 La Ciotat CedexFrance
  2. 2.University of Luxembourg, Faculty of Sciences, Technology and Communication, 6, rue Richard Coudenhove-Kalergi, L-1359Luxembourg

Personalised recommendations