More Detail for a Combined Timing and Power Attack against Implementations of RSA

نویسندگان

  • Werner Schindler
  • Colin D. Walter
چکیده

Implementations of Montgomery’s modular multiplication algorithm (MMM) typically make conditional subtractions in order to keep the output within register or modulus bounds. For some standard exponentiation algorithms such as m-ary, it has been shown that this yields enough information to deduce the value of the exponent. This has serious implications for revealing the secret key in cryptographic applications without adequate counter-measures. Much more detail is provided here about the distribution of output values from MMM when the output is only reduced to keep it within register bounds, about how implementations of sliding windows can be attacked, and about handling errors.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

An SPA-Based Extension of Schindler's Timing Attack against RSA Using CRT

At CHES 2000, Schindler introduced a timing attack that enables the factorization of an RSA-modulus if RSA implementations use the Chinese Remainder Theorem and Montgomery multiplication. In this paper we introduce another approach for deriving the secret prime factor by focusing on the conditional branch Schindler used in his attack. One of the countermeasures against Schindler’s attack is the...

متن کامل

Timing Attacks on Implementations of Di e-Hellman, RSA, DSS, and Other Systems

By carefully measuring the amount of time required to perform private key operations, attackers may be able to nd xed Di eHellman exponents, factor RSA keys, and break other cryptosystems. Against a vulnerable system, the attack is computationally inexpensive and often requires only known ciphertext. Actual systems are potentially at risk, including cryptographic tokens, network-based cryptosys...

متن کامل

Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

By carefully measuring the amount of time required to perform private key operations, attackers may be able to nd xed Di eHellman exponents, factor RSA keys, and break other cryptosystems. Against a vulnerable system, the attack is computationally inexpensive and often requires only known ciphertext. Actual systems are potentially at risk, including cryptographic tokens, network-based cryptosys...

متن کامل

Manger's Attack Revisited

In this work we examine a number of different open source implementations of the RSA Optimal Asymmetric Encryption Padding (OAEP) and generally RSA with respect to the message-aimed timing attack introduced by James Manger in CRYPTO 2001. We show the shortcomings concerning the countermeasures in two libraries for personal computers, and address potential flaws in previously proposed countermea...

متن کامل

Threshold Implementation as a Countermeasure against Power Analysis Attacks

One of the usual ways to find sensitive data or secret parameters of cryptographic devices is to use their physical leakages. Power analysis is one of the attacks which lay in such a model. In comparison with other types of side-channels, power analysis is so efficient and has a high success rate. So it is important to provide a countermeasure against it. Different types of countermeasures use ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:

دوره   شماره 

صفحات  -

تاریخ انتشار 2003