Handbook of Applied Cryptography
Handbook of Applied Cryptography
Side Channel Cryptanalysis of Product Ciphers
ESORICS '98 Proceedings of the 5th European Symposium on Research in Computer Security
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Differential Fault Analysis of Secret Key Cryptosystems
CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
FC '00 Proceedings of the 4th International Conference on Financial Cryptography
Power Analysis Attacks of Modular Exponentiation in Smartcards
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
IPA: A New Class of Power Attacks
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Using Second-Order Power Analysis to Attack DPA Resistant Software
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
Smartly Analyzing the Simplicity and the Power of Simple Power Analysis on Smartcards
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
Investigations of power analysis attacks on smartcards
WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology
On the importance of checking cryptographic protocols for faults
EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Collision-Based Power Analysis of Modular Exponentiation Using Chosen-Message Pairs
CHES '08 Proceeding sof the 10th international workshop on Cryptographic Hardware and Embedded Systems
Power analysis for secret recovering and reverse engineering of public key algorithms
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
A new CRT-RSA algorithm resistant to powerful fault attacks
WESS '10 Proceedings of the 5th Workshop on Embedded Systems Security
Defeating RSA multiply-always and message blinding countermeasures
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
An efficient CRT-RSA algorithm secure against power and fault attacks
Journal of Systems and Software
A CRT-based RSA countermeasure against physical cryptanalysis
HPCC'05 Proceedings of the First international conference on High Performance Computing and Communications
Side channel cryptanalysis on SEED
WISA'04 Proceedings of the 5th international conference on Information Security Applications
Practical power analysis attacks on software implementations of mceliece
PQCrypto'10 Proceedings of the Third international conference on Post-Quantum Cryptography
Message blinding method requiring no multiplicative inversion for RSA
ACM Transactions on Embedded Computing Systems (TECS)
An improved side channel attack using event information of subtraction
Journal of Network and Computer Applications
| Hi-index | 0.00 |
Published DPA attack scenarios against the RSA implementation exploit the possibility of predicting intermediate data during a straight-forward square-multiply exponentiation algorithm. An implementation of RSA using CRT (Chinese Remainder Theorem) prevents the pre-calculation of intermediate results during the exponentiation algorithm by an attacker. In this paper, we present a DPA attack that uses byte-wise hypotheses on the remainder after the modular reduction with one of the primes. Instead of using random input data this attack uses k series of input data with an equidistant step distance of 1, 256, (256)2,.., (256)k. The basic assumption of this DPA attack named MRED ("Modular Reduction on Equidistant Data") is that the distance of the input data equals the distance of the intermediate data after the modular reduction at least for a subgroup of single measurements. A function Fk that is composed of the k DPA results is used for the approximation of a multiple of the prime. Finally the gcd gives the prime. The number of DPA calculations increases linear to the number of bytes of the prime to be attacked. MRED is demonstrated using simulated measurement data. The practical efficiency is assessed. If the applicability of this attack is limited due to padding formats in RSA signature applications, the least significant bytes of the remainder after the modular reduction step can still be revealed. Multiplicative message blinding can protect the reduction modulo a secret prime against MRED.