An Equidistant Message Power Attack Using Restricted Number of Traces on Reduction Algorithm

  • Jong-Yeon Park
  • Dong-Guk Han
  • Okyeon Yi
  • JeongNyeo Kim
Conference paper
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 214)


The RSA-CRT algorithm has been widely used because of the efficiency of its exponent operation. The physical susceptibility of RSA-CRT to various side channel attacks has been investigated in several studies. Boer et al. proposed MRED (Modular Reduction on Equidistant Data), a brilliant differential power analysis (DPA) of CRT reduction with equidistant chosen messages. This attack targets intermediate data that depend on the \(r=x\mathrm{{mod}}p\) value. We introduce a new approach the MRED attack, related to a subtraction algorithm that is not solely based on the \(r\) value. Our approach is superficially similar to previous DPA attacks; however, is based on a totally different assumption from that of data dependent analysis. According to our results, only 256 traces are needed to reduce 1 block key to 2 key candidates, so it is a more efficient analysis method on restricted trace environments. Moreover, it can be used to attack a data-dependent trace system. One example of this kind of attack is non-Hamming weight. We describe our technique with its advantages and disadvantages, and we show simulation results using an MSP430 and based software board.


RSA-CRT Differential power analysis (DPA) Correlation power analysis (CPA) Modular reduction on equidistant data (MRED) 


  1. 1.
    Kocher, P., Jaffe, J., Jun, B.: Timming attacks on implementations of diffe-hellman, rsa, dss, and other systems. In: Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology, CRYPTO 96 (1996). ISBN 3-540-61512-1Google Scholar
  2. 2.
    Kocher, P., Jaffe, J., Jun, B.: Introduction to differential power analysis and related attacks, 1998, White paper, cryptography research. (1998)
  3. 3.
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: proceedings of CHES 2004, LNCS3156, pp. 16–29 (2004)Google Scholar
  4. 4.
    Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetMATHCrossRefGoogle Scholar
  5. 5.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Power analysis attacks of modular exponentiation in smartcards. In: Proceedings of CHES 99, LNCS1717, pp. 144–157 (1999)Google Scholar
  6. 6.
    Boer, B.D., Lemke, K., Wicke, G.: A DPA attack against the modular reduction within a crt implementation of RSA. In: Proceedings of CHES 2002, LNCS2523, pp. 228–243 (2002)Google Scholar
  7. 7.
    Park, J., Han, D., Yi, O., Choi, D.: Ghost key patterns of MRED power analysis on RSA-CRT. In: SCIS 2011, Kitakyushu Japan (2011)Google Scholar
  8. 8.
    Amiel, F., Feix, B., Villegas, K.: Power analysis for secret recovering and reverse engineering of public key algorithms. In: SAC 2007, LNCS4876, pp. 110–125 (2007)Google Scholar
  9. 9.
    Menezes, A.J., van Oorschot, P.C., Vanstone, S.A.: Handbook Applied Cryptography. CRC press, Boca Raton (1996). ISBN: 0-8493-8523-7Google Scholar

Copyright information

© Springer Science+Business Media Dordrecht 2013

Authors and Affiliations

  • Jong-Yeon Park
    • 1
  • Dong-Guk Han
    • 2
  • Okyeon Yi
    • 2
  • JeongNyeo Kim
    • 1
  1. 1.Electronic and Telecommunication Research Institute (ETRI)Yuseong-gu, DaejeonKorea
  2. 2.Cryptography and Information Security Institute (CISI)Department of Mathematics Kookmin UniversitySeoulKorea

Personalised recommendations