Power Attack on Small RSA Public Exponent

  • Pierre-Alain Fouque
  • Sébastien Kunz-Jacques
  • Gwenaëlle Martinet
  • Frédéric Muller
  • Frédéric Valette
Part of the Lecture Notes in Computer Science book series (LNCS, volume 4249)


In this paper, we present a new attack on RSA when the public exponent is short, for instance 3 or 216+1, and when the classical exponent randomization is used. This attack works even if blinding is used on the messages.

From a Simple Power Analysis (SPA) we study the problem of recovering the RSA private key when non consecutive bits of it leak from the implementation. We also show that such information can be gained from sliding window implementations not protected against SPA.


RSA cryptosystem sliding window methods exponent randomization Simple Power Analysis 


  1. 1.
    Boneh, D., Durfee, G., Frankel, Y.: An attack on RSA given a fraction of the private key bits. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 25–34. Springer, Heidelberg (1998)CrossRefGoogle Scholar
  2. 2.
    Bos, J., Coster, M.: Addition Chain Heuristics. In: Brassard, G. (ed.) CRYPTO 1989. LNCS, vol. 435, pp. 400–407. Springer, Heidelberg (1990)Google Scholar
  3. 3.
    Knuth, D.E.: The Art of Computer Programming. Semi Numerical Algorithms, vol. 2. Addison Wesley, Reading (1969)MATHGoogle Scholar
  4. 4.
    Koç, C.K.: High Speed RSA Implementation. Technical report, Tech Rep. 201, RSA Laboratories (1994)Google Scholar
  5. 5.
    Koç, C.K.: Analysis of Sliding Window Technique for Exponentiation. Computers and Mathematics with Applications 10(30), 17–24 (1995)CrossRefGoogle Scholar
  6. 6.
    Kocher, P.C.: Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  7. 7.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Power analysis attacks of modular exponentiation in smartcards. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 144–157. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  8. 8.
    Stinson, D.R.: Some Baby-Step Giant-Step Algorithms for the Low Hamming Weight Discrete Logarithm Problem. Mathematics of Computation 71, 379–391 (2002)MATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Walter, C.D.: Sliding Windows Succumbs to Big Mac Attack. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 286–299. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Walter, C.D.: Seeing through MIST Given a Small Fraction of an RSA Private Key. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 391–402. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2006

Authors and Affiliations

  • Pierre-Alain Fouque
    • 1
  • Sébastien Kunz-Jacques
    • 1
    • 2
  • Gwenaëlle Martinet
    • 2
  • Frédéric Muller
    • 3
  • Frédéric Valette
    • 4
  1. 1.École normale supérieureParisFrance
  2. 2.DCSSI Crypto LabParis 07 SPFrance
  3. 3.HSBCFrance
  4. 4.CELAR35 BruzFrance

Personalised recommendations