A Timing Attack against RSA with the Chinese Remainder Theorem
نویسنده
چکیده
We introduce a new type of timing attack which enables the factorization of an RSA-modulus if the exponentiation with the secret exponent uses the Chinese Remainder Theorem and Montgomery’s algorithm. Its standard variant assumes that both exponentiations are carried out with a simple square and multiply algorithm. However, although its efficiency decreases, our attack can also be adapted to more advanced exponentiation algorithms. The previously known timing attacks do not work if the Chinese Remainder Theorem is used.
منابع مشابه
An SPA-Based Extension of Schindler's Timing Attack against RSA Using CRT
At CHES 2000, Schindler introduced a timing attack that enables the factorization of an RSA-modulus if RSA implementations use the Chinese Remainder Theorem and Montgomery multiplication. In this paper we introduce another approach for deriving the secret prime factor by focusing on the conditional branch Schindler used in his attack. One of the countermeasures against Schindler’s attack is the...
متن کاملDouble Counting in $2^t$-ary RSA Precomputation Reveals the Secret Exponent
A new fault attack, double counting attack (DCA), on the precomputation of 2t-ary modular exponentiation for a classical RSA digital signature (i.e., RSA without the Chinese remainder theorem) is proposed. The 2t-ary method is the most popular and widely used algorithm to speed up the RSA signature process. Developers can realize the fastest signature process by choosing optimum t. For example,...
متن کاملCryptanalysis of Multi Prime RSA with Secret Key Greater than Public Key
The efficiency of decryption process of Multi prime RSA, in which the modulus contains more than two primes, can be speeded up using Chinese remainder theorem (CRT). On the other hand, to achieve the same level of security in terms integer factorization problem the length of RSA modulus must be larger than the traditional RSA case. In [9], authors studied the RSA public key cryptosystem in a sp...
متن کاملCRT RSA Algorithm Protected Against Fault Attacks
Embedded devices performing RSA signatures are subject to Fault Attacks, particularly when the Chinese Remainder Theorem is used. In most cases, the modular exponentiation and the Garner recombination algorithms are targeted. To thwart Fault Attacks, we propose a new generic method of computing modular exponentiation and we prove its security in a realistic fault model. By construction, our pro...
متن کاملModified RSA Algorithm with CRT & OAEP
The most active subjects in the security related communities are the necessary protection against the data thieves. This gives an importance and the value of exchanged data over the Internet or other media types. In many RSA cryptosystems, we usually select a small value for the public key e. This kind of choice can only speed up the encryption operation but do not forget that by this way, the ...
متن کامل