CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
A Combined Timing and Power Attack
PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Address-Bit Differential Power Analysis of Cryptographic Schemes OK-ECDH and OK-ECDSA
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
Correcting errors in RSA private keys
CRYPTO'10 Proceedings of the 30th annual conference on Advances in cryptology
Mycrypt'05 Proceedings of the 1st international conference on Progress in Cryptology in Malaysia
Power attack on small RSA public exponent
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
Simple power analysis on exponentiation revisited
CARDIS'10 Proceedings of the 9th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Application
Attacking exponent blinding in RSA without CRT
COSADE'12 Proceedings of the Third international conference on Constructive Side-Channel Analysis and Secure Design
The schindler-itoh-attack in case of partial information leakage
COSADE'12 Proceedings of the Third international conference on Constructive Side-Channel Analysis and Secure Design
Defeating with fault injection a combined attack resistant exponentiation
COSADE'13 Proceedings of the 4th international conference on Constructive Side-Channel Analysis and Secure Design
Proceedings of the First Workshop on Cryptography and Security in Computing Systems
Hi-index | 0.00 |
Exponent blinding is known as a secure countermeasure against side-channel attacks. If single power traces reveal some exponent bits, an attack by Fouque et al. applies that recovers the exponent. However, this attack becomes infeasible if some of the guessed bits are incorrect. Thus, the attack was not assumed to be a realistic threat. In this paper we present two variants of a novel generic attack, which works for considerable error rates at each bit position, disproving the hypothesis that mere exponent blinding is always sufficient. We confirmed experimentally that our attack permits up to 28% (RSA case) or 23% (ECC case) error bits.