Power attack on small RSA public exponent

Authors:
Pierre-Alain Fouque;Sébastien Kunz-Jacques;Gwenaëlle Martinet;Frédéric Muller;Frédéric Valette
Affiliations:
École normale supérieure, Paris, France;École normale supérieure, Paris, France;DCSSI Crypto Lab, Paris 07 SP, France;HSBC, France;CELAR, 35 Bruz, France
Venue:
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
Year:
2006

Citing 7
Cited 10

Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
An Attack on RSA Given a Small Fraction of the Private Key Bits

ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Power Analysis Attacks of Modular Exponentiation in Smartcards

CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Sliding Windows Succumbs to Big Mac Attack

CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Addition Chain Heuristics

CRYPTO '89 Proceedings of the 9th Annual International Cryptology Conference on Advances in Cryptology
Some baby-step giant-step algorithms for the low hamming weight discrete logarithm problem

Mathematics of Computation
Seeing through mist given a small fraction of an RSA private key

CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track

On the Implementation of a Fast Prime Generation Algorithm

CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
The Carry Leakage on the Randomized Exponent Countermeasure

CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
Longer randomly blinded RSA keys may be weaker than shorter ones

WISA'07 Proceedings of the 8th international conference on Information security applications
Public key perturbation of randomized RSA implementations

CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Exponent blinding does not always lift (partial) spa resistance to higher-level security

ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Batch decryption of encrypted short messages and its application on concurrent SSL handshakes

Inscrypt'06 Proceedings of the Second SKLOIS conference on Information Security and Cryptology
Attacking exponent blinding in RSA without CRT

COSADE'12 Proceedings of the Third international conference on Constructive Side-Channel Analysis and Secure Design
The schindler-itoh-attack in case of partial information leakage

COSADE'12 Proceedings of the Third international conference on Constructive Side-Channel Analysis and Secure Design
Correcting errors in private keys obtained from cold boot attacks

ICISC'11 Proceedings of the 14th international conference on Information Security and Cryptology
Experimenting with fast private set intersection

TRUST'12 Proceedings of the 5th international conference on Trust and Trustworthy Computing

Quantified Score

Hi-index	0.00

Visualization

Abstract

In this paper, we present a new attack on RSA when the public exponent is short, for instance 3 or 216+1, and when the classical exponent randomization is used. This attack works even if blinding is used on the messages. From a Simple Power Analysis (SPA) we study the problem of recovering the RSA private key when non consecutive bits of it leak from the implementation. We also show that such information can be gained from sliding window implementations not protected against SPA.