Attacking Unbalanced RSA-CRT Using SPA

Abstract : Efficient implementations of RSA on computationally limited devices, such as smartcards, often use the CRT technique in combination with Garner's algorithm in order to make the computation of modular exponentiation as fast as possible. At PKC 2001, Novak has proposed to use some information that may be obtained by simple power analysis on the execution of Garner's algorithm to recover the factorization of the RSA modulus. The drawback of this approach is that it requires chosen messages; in the context of RSA decryption it can be realistic but if we consider RSA signature, standardized padding schemes make impossible adaptive choice of message representative. In this paper, we use the same basic idea than Novak but we focus on the use of known messages. Consequently, our attack applies to RSA signature scheme, whatever the padding may be. However, our new technique based on SPA and lattice reduction, requires a small difference, say 10 bits, between the bit lengths of modulus prime factors.
Type de document :
Communication dans un congrès
Colin D. Walter and Cetin Kaya Koc and Christof Paar. Cryptographic Hardware and Embedded Systems - CHES 2003, 5th International Workshop, 2003, Cologne, Germany. Springer, 2779, pp.254-268, 2003, Lecture Notes in Computer Science. 〈10.1007/978-3-540-45238-6_21〉
Liste complète des métadonnées

https://hal.inria.fr/inria-00563969
Contributeur : Pierre-Alain Fouque <>
Soumis le : lundi 7 février 2011 - 16:29:02
Dernière modification le : jeudi 11 janvier 2018 - 06:19:17

Identifiants

Collections

PSL

Citation

Pierre-Alain Fouque, Gwenaëlle Martinet, Guillaume Poupard. Attacking Unbalanced RSA-CRT Using SPA. Colin D. Walter and Cetin Kaya Koc and Christof Paar. Cryptographic Hardware and Embedded Systems - CHES 2003, 5th International Workshop, 2003, Cologne, Germany. Springer, 2779, pp.254-268, 2003, Lecture Notes in Computer Science. 〈10.1007/978-3-540-45238-6_21〉. 〈inria-00563969〉

Partager

Métriques

Consultations de la notice

34