Timing Attack against Protected RSA-CRT Implementation Used in PolarSSL

Abstract : In this paper, we present a timing attack against the RSA-CRT algorithm used in the current version 1.1.4 of PolarSSL, an open-source cryptographic library for embedded systems. This implementation uses a classical countermeasure to avoid two previous attacks of Schindler and another one due to Boneh and Brumley. However, a careful analysis reveals a bias in the implementation of Montgomery multiplication. We theoretically analyse the distribution of output values for Montgomery multiplication when the output is greater than the Montgomery constant, R. In this case, we show that an extra bit is set in the top most significant word of the output and a time variance can be observed. Then we present some proofs with reasonable assumptions to explain this bias due to an extra bit. Moreover, we show it can be used to mount an attack that reveals the factorisation. We also study another countermeasure and show its resistance against attacked library.
Type de document :
Communication dans un congrès
Topics in Cryptology - 2013, Mar 2013, San Francisco, United States. Springer, LNCS 7779, pp.16, 2013, CT RSA 2013. 〈10.1007/978-3-642-36095-4_2〉
Liste complète des métadonnées

Littérature citée [11 références]  Voir  Masquer  Télécharger

https://hal.inria.fr/hal-01094300
Contributeur : Pierre-Alain Fouque <>
Soumis le : vendredi 12 décembre 2014 - 09:27:07
Dernière modification le : mercredi 29 novembre 2017 - 15:26:58
Document(s) archivé(s) le : vendredi 13 mars 2015 - 10:21:10

Fichier

AF13.pdf
Fichiers produits par l'(les) auteur(s)

Identifiants

Collections

Citation

Cyril Arnaud, Pierre-Alain Fouque. Timing Attack against Protected RSA-CRT Implementation Used in PolarSSL. Topics in Cryptology - 2013, Mar 2013, San Francisco, United States. Springer, LNCS 7779, pp.16, 2013, CT RSA 2013. 〈10.1007/978-3-642-36095-4_2〉. 〈hal-01094300〉

Partager

Métriques

Consultations de la notice

26

Téléchargements de fichiers

95