A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
A DPA Attack against the Modular Reduction within a CRT Implementation of RSA
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
SPA-Based Adaptive Chosen-Ciphertext Attack on RSA Implementation
PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
Data Dependent Power Use in Multipliers
ARITH '05 Proceedings of the 17th IEEE Symposium on Computer Arithmetic
Power analysis for secret recovering and reverse engineering of public key algorithms
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Improved collision-correlation power analysis on first order protected AES
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Localized electromagnetic analysis of cryptographic implementations
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Defeating with fault injection a combined attack resistant exponentiation
COSADE'13 Proceedings of the 4th international conference on Constructive Side-Channel Analysis and Secure Design
First-order collision attack on protected NTRU cryptosystem
Microprocessors & Microsystems
Hi-index | 0.00 |
We introduce a new correlation power attack on RSA's modular exponentiation implementations, defeating both message blinding and multiply-always countermeasures. We analyze the correlation between power measurements of two consecutive modular operations, and use this to efficiently recover individual key bits. Based upon simulation and practical application on a state-of-the-art smart card we show the validity of the attack. Further we demonstrate that cross correlation analysis is efficient on hardware RSA implementations, even in the presence of message blinding and strong hiding countermeasures.