A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Systolic Modular Multiplication
IEEE Transactions on Computers
Distinguishing Exponent Digits by Observing Modular Subtractions
CT-RSA 2001 Proceedings of the 2001 Conference on Topics in Cryptology: The Cryptographer's Track at RSA
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Power Analysis Attacks of Modular Exponentiation in Smartcards
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
A Timing Attack against RSA with the Chinese Remainder Theorem
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
Smartly Analyzing the Simplicity and the Power of Simple Power Analysis on Smartcards
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
Electromagnetic Analysis: Concrete Results
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
On the importance of checking cryptographic protocols for faults
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Precise Bounds for Montgomery Modular Multiplication and Some Potentially Insecure RSA Moduli
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
MIST: An Efficient, Randomized Exponentiation Algorithm for Resisting Power Analysis
CT-RSA '02 Proceedings of the The Cryptographer's Track at the RSA Conference on Topics in Cryptology
A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
Some Security Aspects of the M IST Randomized Exponentiation Algorithm
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Highly Regular Right-to-Left Algorithms for Scalar Multiplication
CHES '07 Proceedings of the 9th international workshop on Cryptographic Hardware and Embedded Systems
Exponent Recoding and Regular Exponentiation Algorithms
AFRICACRYPT '09 Proceedings of the 2nd International Conference on Cryptology in Africa: Progress in Cryptology
CHES '09 Proceedings of the 11th International Workshop on Cryptographic Hardware and Embedded Systems
New fault attacks using Jacobi symbol and application to regular right-to-left algorithms
Information Processing Letters
Horizontal correlation analysis on exponentiation
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Power attack on small RSA public exponent
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
A duality in space usage between left-to-right and right-to-left exponentiation
CT-RSA'12 Proceedings of the 12th conference on Topics in Cryptology
Attacking exponent blinding in RSA without CRT
COSADE'12 Proceedings of the Third international conference on Constructive Side-Channel Analysis and Secure Design
Horizontal and vertical side-channel attacks against secure RSA implementations
CT-RSA'13 Proceedings of the 13th international conference on Topics in Cryptology
| Hi-index | 0.00 |
Sliding Windows is a general technique for obtaining an efficient exponentiation scheme. Big Mac is a specific form of attack on a cryptosystem in which bits of a secret key can be deduced independently, or almost so, of the others. Here such an attack on an implementation of the RSA cryptosystem is described. It assumes digit-by-digit computations are performed sequentially on a single k-bit multiplier and uses information which leaks through differential power analysis (DPA). With sufficiently powerful monitoring equipment, only a small number of exponentiations, independent of the key length, is enough to reveal the secret exponent from unknown plaintext inputs. Since the technique may work for a single exponentiation, many blinding techniques currently under consideration may be rendered useless. This is particularly relevant to implementations with single processors where a digit multiplication cannot be masked by other simultaneous processing. Moreover, the longer the key length, the easier the attacks becomes.