An Improved Timing Attack with Error Detection on RSA-CRT

نویسندگان

  • Cai-Sen Chen
  • Tao Wang
  • Jun-Jian Tian
چکیده

Several types of timing attacks have been published, but they are either in theory or hard to be taken into practice. In order to improve the feasibility of attack, this paper proposes an advance timing attack scheme on RSA-CRT with T-test. Similar timing attacks have been presented, such as BBAttack and Shindler’s attack, however none of them applied statistical tool in their methods with such efficiency, and showed the complete recovery in practice by attacking on RSA-CRT. With T-test, we enlarge the 0-1 gap, reduce the neighborhood size and improve the precision of decision. The most contribution of this paper is that our algorithm has an error detection mechanism which can detect the erroneous decision of guessing qk and correct it. Experiment results show that we could make the success rate of recovering q to be 100% indeed for interprocess timing attack, recovery 1024 bits RSA key completely in practice.

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Improving timing attack on RSA-CRT via error detection and correction strategy

In timing attack, a class of side channel attack, the attacker attempts to break a cryptographic algorithm by timing the operations of a specific system. Several studies on different types of timing attacks have been published, but they are either theoretical or hard to put into practice. To improve the feasibility of timing attack, the current study proposes an improved timing attack scheme on...

متن کامل

Side Channel Attack to Actual Cryptanalysis: Breaking CRT-RSA with Low Weight Decryption Exponents

Towards the cold boot attack (a kind of side channel attack), the problems of reconstructing RSA parameters when (i) certain bits are unknown (Heninger and Shacham, Crypto 2009) and (ii) the bits are available but with some error probability (Henecka, May and Meurer, Crypto 2010) have been considered very recently. In this paper we exploit the error correction heuristic proposed by Henecka et a...

متن کامل

An Improved Trace Driven Instruction Cache Timing Attack on RSA

The previous I-cache timing attacks on RSA which exploit the instruction path of a cipher were mostly proof-of-concept, and it is harder to put them into practice than D-cache timing attacks. We propose a new trace driven timing attack model based on spying on the whole I-cache. An improved analysis algorithm of the exponent using the characteristic of the size of the window is advanced, which ...

متن کامل

Exclusive Exponent Blinding May Not Suffice to Prevent Timing Attacks on RSA

The references [9, 3, 1] treat timing attacks on RSA with CRT and Montgomery’s multiplication algorithm in unprotected implementations. It has been widely believed that exponent blinding would prevent any timing attack on RSA. At cost of significantly more timing measurements this paper extends the before-mentioned attacks to RSA with CRT when Montgomery’s multiplication algorithm and exponent ...

متن کامل

Exponent Blinding May Not Prevent Timing Attacks on RSA

The references [9, 3, 1] treat timing attacks on RSA with CRT and Montgomery’s multiplication algorithm in unprotected implementations. It has been widely believed that exponent blinding would prevent any timing attack on RSA. At cost of significantly more timing measurements this paper extends the before-mentioned attacks to RSA with CRT, Montgomery’s multiplication algorithm and exponent blin...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

برای دانلود متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

عنوان ژورنال:
  • IACR Cryptology ePrint Archive

دوره 2010  شماره 

صفحات  -

تاریخ انتشار 2010