More Detail for a Combined Timing and Power Attack against Implementations of RSA
نویسندگان
چکیده
Implementations of Montgomery’s modular multiplication algorithm (MMM) typically make conditional subtractions in order to keep the output within register or modulus bounds. For some standard exponentiation algorithms such as m-ary, it has been shown that this yields enough information to deduce the value of the exponent. This has serious implications for revealing the secret key in cryptographic applications without adequate counter-measures. Much more detail is provided here about the distribution of output values from MMM when the output is only reduced to keep it within register bounds, about how implementations of sliding windows can be attacked, and about handling errors.
منابع مشابه
An SPA-Based Extension of Schindler's Timing Attack against RSA Using CRT
At CHES 2000, Schindler introduced a timing attack that enables the factorization of an RSA-modulus if RSA implementations use the Chinese Remainder Theorem and Montgomery multiplication. In this paper we introduce another approach for deriving the secret prime factor by focusing on the conditional branch Schindler used in his attack. One of the countermeasures against Schindler’s attack is the...
متن کاملTiming Attacks on Implementations of Di e-Hellman, RSA, DSS, and Other Systems
By carefully measuring the amount of time required to perform private key operations, attackers may be able to nd xed Di eHellman exponents, factor RSA keys, and break other cryptosystems. Against a vulnerable system, the attack is computationally inexpensive and often requires only known ciphertext. Actual systems are potentially at risk, including cryptographic tokens, network-based cryptosys...
متن کاملTiming Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
By carefully measuring the amount of time required to perform private key operations, attackers may be able to nd xed Di eHellman exponents, factor RSA keys, and break other cryptosystems. Against a vulnerable system, the attack is computationally inexpensive and often requires only known ciphertext. Actual systems are potentially at risk, including cryptographic tokens, network-based cryptosys...
متن کاملManger's Attack Revisited
In this work we examine a number of different open source implementations of the RSA Optimal Asymmetric Encryption Padding (OAEP) and generally RSA with respect to the message-aimed timing attack introduced by James Manger in CRYPTO 2001. We show the shortcomings concerning the countermeasures in two libraries for personal computers, and address potential flaws in previously proposed countermea...
متن کاملThreshold Implementation as a Countermeasure against Power Analysis Attacks
One of the usual ways to find sensitive data or secret parameters of cryptographic devices is to use their physical leakages. Power analysis is one of the attacks which lay in such a model. In comparison with other types of side-channels, power analysis is so efficient and has a high success rate. So it is important to provide a countermeasure against it. Different types of countermeasures use ...
متن کامل