Skip to Main content Skip to Navigation
Conference papers

Attacking Unbalanced RSA-CRT Using SPA

Abstract : Efficient implementations of RSA on computationally limited devices, such as smartcards, often use the CRT technique in combination with Garner's algorithm in order to make the computation of modular exponentiation as fast as possible. At PKC 2001, Novak has proposed to use some information that may be obtained by simple power analysis on the execution of Garner's algorithm to recover the factorization of the RSA modulus. The drawback of this approach is that it requires chosen messages; in the context of RSA decryption it can be realistic but if we consider RSA signature, standardized padding schemes make impossible adaptive choice of message representative. In this paper, we use the same basic idea than Novak but we focus on the use of known messages. Consequently, our attack applies to RSA signature scheme, whatever the padding may be. However, our new technique based on SPA and lattice reduction, requires a small difference, say 10 bits, between the bit lengths of modulus prime factors.
Document type :
Conference papers
Complete list of metadata

https://hal.inria.fr/inria-00563969
Contributor : Pierre-Alain Fouque Connect in order to contact the contributor
Submitted on : Monday, February 7, 2011 - 4:29:02 PM
Last modification on : Thursday, March 17, 2022 - 10:08:36 AM

Links full text

Identifiers

Collections

Citation

Pierre-Alain Fouque, Gwenaëlle Martinet, Guillaume Poupard. Attacking Unbalanced RSA-CRT Using SPA. Cryptographic Hardware and Embedded Systems - CHES 2003, 5th International Workshop, 2003, Cologne, Germany. pp.254-268, ⟨10.1007/978-3-540-45238-6_21⟩. ⟨inria-00563969⟩

Share

Metrics

Record views

65