Author:
de la Fe Sadiel,Park Han-Byeol,Sim Bo-Yeon,Han Dong-Guk,Ferrer Carles
Abstract
A profiling attack is a powerful variant among the noninvasive side channel attacks. In this work, we target RSA key generation relying on the binary version of the extended Euclidean algorithm for modular inverse and GCD computations. To date, this algorithm has only been exploited by simple power analysis; therefore, the countermeasures described in the literature are focused on mitigating only this kind of attack. We demonstrate that one of those countermeasures is not effective in preventing profiling attacks. The feasibility of our approach relies on the extraction of several leakage vectors from a single power trace. Moreover, because there are known relationships between the secrets and the public modulo in RSA, the uncertainty in some of the guessed secrets can be reduced by simple tests. This increases the effectiveness of the proposed attack.
Reference31 articles.
1. Fermat’s Little Theorem;Liskov,2005
2. The Montgomery inverse and its applications
3. A cryptographic library for the Motorola DSP56000;Dussé,1990
4. On Calculating Multiplicative Inverses Modulo $2^{m}$
5. A New Algorithm for Inversion mod pk;Koç;IACR Cryptol. ePrint Arch.,2017
Cited by
2 articles.
订阅此论文施引文献
订阅此论文施引文献,注册后可以免费订阅5篇论文的施引文献,订阅后可以查看论文全部施引文献