Handbook of Applied Cryptography
Handbook of Applied Cryptography
Distinguishing Exponent Digits by Observing Modular Subtractions
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
A Practical Implementation of the Timing Attack
CARDIS '98 Proceedings of the The International Conference on Smart Card Research and Applications
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
A Timing Attack against RSA with the Chinese Remainder Theorem
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
Electromagnetic Analysis: Concrete Results
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Improved Elliptic Curve Multiplication Methods Resistant against Side Channel Attacks
INDOCRYPT '02 Proceedings of the Third International Conference on Cryptology: Progress in Cryptology
ISC '02 Proceedings of the 5th International Conference on Information Security
Remote timing attacks are practical
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Remote timing attacks are practical
SSYM'03 Proceedings of the 12th conference on USENIX Security Symposium - Volume 12
A Timing Attack on Blakley's Modular Multiplication Algorithm, and Applications to DSA
ACNS '07 Proceedings of the 5th international conference on Applied Cryptography and Network Security
A New Side-Channel Attack on RSA Prime Generation
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
Remote timing attacks are practical
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Design of a differential power analysis resistant masked AES S-box
INDOCRYPT'07 Proceedings of the cryptology 8th international conference on Progress in cryptology
Longer randomly blinded RSA keys may be weaker than shorter ones
WISA'07 Proceedings of the 8th international conference on Information security applications
CT-RSA'08 Proceedings of the 2008 The Cryptopgraphers' Track at the RSA conference on Topics in cryptology
Exponent blinding does not always lift (partial) spa resistance to higher-level security
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Amplifying side-channel attacks with techniques from block cipher cryptanalysis
CARDIS'06 Proceedings of the 7th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Applications
On the optimization of side-channel attacks by advanced stochastic methods
PKC'05 Proceedings of the 8th international conference on Theory and Practice in Public Key Cryptography
Novel efficient implementations of hyperelliptic curve cryptosystems using degenerate divisors
WISA'04 Proceedings of the 5th international conference on Information Security Applications
Towards different flavors of combined side channel attacks
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Message blinding method requiring no multiplicative inversion for RSA
ACM Transactions on Embedded Computing Systems (TECS)
| Hi-index | 0.00 |
In [9] Walter and Thompson introduced a new side-channel attack on the secret exponents of modular exponentiations which uses techniques from timing attacks to exploit specific information gained by a power attack. Walter and Thompson assumed that the attacked device uses a particular table method combined with Montgomery's algorithm. In the present paper their attack is optimized and generalized. For 2- bit tables this leads to a reduction of the necessary sample size to 20 per cent. The original attack cannot be applied if 4-bit tables are used,a case of particular practical interest, whereas the optimized attack gets by with 500 measurements. The optimized version can straightforwardly be adapted to other table methods,other multiplication algorithms and inexact timings. Moreover,it is shown that the countermeasures proposed in [9] do not prevent the optimized attack if unsuitable parameters are chosen.