Sciweavers

CHES
2003
Springer

Attacking Unbalanced RSA-CRT Using SPA

14 years 5 months ago
Attacking Unbalanced RSA-CRT Using SPA
Abstract. Efficient implementations of RSA on computationally limited devices, such as smartcards, often use the CRT technique in combination with Garner’s algorithm in order to make the computation of modular exponentiation as fast as possible. At PKC 2001, Novak has proposed to use some information that may be obtained by simple power analysis on the execution of Garner’s algorithm to recover the factorization of the RSA modulus. The drawback of this approach is that it requires chosen messages; in the context of RSA decryption it can be realistic but if we consider RSA signature, standardized padding schemes make impossible adaptive choice of message representative. In this paper, we use the same basic idea than Novak but we focus on the use of known messages. Consequently, our attack applies to RSA signature scheme, whatever the padding may be. However, our new technique based on SPA and lattice reduction, requires a small difference, say 10 bits, between the bit lengths of mo...
Pierre-Alain Fouque, Gwenaëlle Martinet, Guil
Added 06 Jul 2010
Updated 06 Jul 2010
Type Conference
Year 2003
Where CHES
Authors Pierre-Alain Fouque, Gwenaëlle Martinet, Guillaume Poupard
Comments (0)