Self-Randomized Exponentiation Algorithms

  • Benoît Chevallier-Mames
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2964)


Exponentiation is a central process in many public-key cryptosystems such as RSA and DH. This paper introduces the concept of self-randomized exponentiation as an efficient means for preventing DPA-type attacks. Self-randomized exponentiation features several interesting properties:

  • it is fully generic in the sense that it is not restricted to a particular exponentiation algorithm;

  • it is parameterizable: a parameter allows to choose the best trade-off between security and performance;

  • it can be combined with most other counter-measures;

  • it is space-efficient as only an additional long-integer register is required;

  • it is flexible in the sense that it does not rely on certain group properties;

  • it does not require the prior knowledge of the order of the group in which the exponentiation is performed.

All these advantages make our method particularly well suited to secure implementations of the RSA cryptosystem in standard mode, on constrained devices like smart cards.


Exponentiation implementation attacks fault attacks side-channel attacks (DPA SPA) randomization exponent masking blinding RSA standard mode smart cards 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BDL01]
    Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of eliminating errors in cryptographic computations. Journal of Cryptology 14(2), 101–119 (2001)zbMATHCrossRefMathSciNetGoogle Scholar
  2. [Bon99]
    Boneh, D.: Twenty years of attacks on the RSA cryptosystem. Notices of the AMS 46(2), 203–213 (1999)zbMATHMathSciNetGoogle Scholar
  3. [BR95]
    Bellare, M., Rogaway, P.: Optimal asymmetric encryption. In: De Santis, A. (ed.) EUROCRYPT 1994. LNCS, vol. 950, pp. 92–111. Springer, Heidelberg (1995)CrossRefGoogle Scholar
  4. [BR96]
    Bellare, M., Rogaway, P.: The exact security of digital signatures - How to sign with RSA and Rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996)Google Scholar
  5. [CJ01]
    Clavier, C., Joye, M.: Universal exponentiation algorithm: A first step towards provable SPA-resistance. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 300–308. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. [CJRR99]
    Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999)Google Scholar
  7. [CCJ]
    Chevallier-Mames, B., Ciet, M., Joye, M.: Low cost solutions for preventing simple side-channel power analysis: Side-channel atomicity. Preprint available on IACR ePrint (to appear)Google Scholar
  8. [DH76]
    Diffie, W., Hellman, M.E.: New directions in cryptography. IEEE Transactions on Information Theory IT-22(6), 644–654 (1976)CrossRefMathSciNetGoogle Scholar
  9. [IYTT02]
    Itoh, K., Yajima, J., Takenaka, M., Torii, N.: DPA countermeasures by improving the window method. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 303–317. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. [KJJ99]
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  11. [Kob87]
    Koblitz, N.: Elliptic curve cryptosystems. Mathematics of Computation 48(177), 203–209 (1987)zbMATHMathSciNetCrossRefGoogle Scholar
  12. [Koc96]
    Kocher, P.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  13. [MDS99]
    Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Power analysis attacks of modular exponentiation in smartcards. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 144–157. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  14. [Mil86]
    Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
  15. [MvV97]
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook of applied cryptography. CRC Press, Boca Raton (1997)zbMATHGoogle Scholar
  16. [PKC02]
    PKCS #1 v2.1: RSA cryptography standard. RSA Laboratories, June 14 (2002)Google Scholar
  17. [QC82]
    Quisquater, J.-J., Couvreur, C.: Fast decipherment algorithm for RSA public-key cryptosystem. Electronics Letters 18, 905–907 (1982)CrossRefGoogle Scholar
  18. [RSA78]
    Rivest, R.L., Shamir, A., Adleman, L.M.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)zbMATHCrossRefMathSciNetGoogle Scholar
  19. [Wal98]
    Walter, C.D.: Exponentiation using division chains. IEEE Transactions on Computers 47(7), 757–765 (1998)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Benoît Chevallier-Mames
    • 1
  1. 1.Gemplus, Card Security GroupLa Ciotat CedexFrance

Personalised recommendations