Attacking Unbalanced RSA-CRT Using SPA - Inria - Institut national de recherche en sciences et technologies du numérique Accéder directement au contenu
Communication Dans Un Congrès Année : 2003

Attacking Unbalanced RSA-CRT Using SPA

Résumé

Efficient implementations of RSA on computationally limited devices, such as smartcards, often use the CRT technique in combination with Garner's algorithm in order to make the computation of modular exponentiation as fast as possible. At PKC 2001, Novak has proposed to use some information that may be obtained by simple power analysis on the execution of Garner's algorithm to recover the factorization of the RSA modulus. The drawback of this approach is that it requires chosen messages; in the context of RSA decryption it can be realistic but if we consider RSA signature, standardized padding schemes make impossible adaptive choice of message representative. In this paper, we use the same basic idea than Novak but we focus on the use of known messages. Consequently, our attack applies to RSA signature scheme, whatever the padding may be. However, our new technique based on SPA and lattice reduction, requires a small difference, say 10 bits, between the bit lengths of modulus prime factors.

Dates et versions

inria-00563969 , version 1 (07-02-2011)

Identifiants

Citer

Pierre-Alain Fouque, Gwenaëlle Martinet, Guillaume Poupard. Attacking Unbalanced RSA-CRT Using SPA. Cryptographic Hardware and Embedded Systems - CHES 2003, 5th International Workshop, 2003, Cologne, Germany. pp.254-268, ⟨10.1007/978-3-540-45238-6_21⟩. ⟨inria-00563969⟩
78 Consultations
0 Téléchargements

Altmetric

Partager

Gmail Facebook X LinkedIn More