Collision-Based Power Attack for RSA with Small Public Exponent

This paper proposes a new side channel attack to RSA cryptography. Our target is an implementation with a combination of countermeasures. These are an SPA countermeasure by m-ary method and a DPA countermeasure by randomizing exponent techniques. Here, randomizing exponent techniques shows two DPA countermeasures to randomize the secret exponent d. One is an exponent randomizing technique using d'i = d + riφ(N) to calculate cd'i (mod N), and another is a technique using di,1 = ⌊ d/ri ⌋ and di,2 = (d mod ri)) to calculate (cdi,1)ri × cdi,2 (mod N). Using the combination of countermeasures, it was supposed that the implementation is secure against power attack. However, we firstly show the result to successfully attack the implementation of the combination of these countermeasures. We performed the experiment of this search on a PC, and complete d has been successfully revealed less than 10 hours for both attacks.

[1]  Frédéric Valette,et al.  Simple Power Analysis and Differential Power Analysis attacks are among the , 2022 .

[2]  Adi Shamir,et al.  Collision-Based Power Analysis of Modular Exponentiation Using Chosen-Message Pairs , 2008, CHES.

[3]  JaeCheol Ha,et al.  Power Analysis by Exploiting Chosen Message and Internal Collisions - Vulnerability of Checking Mechanism for RSA-Decryption , 2005, Mycrypt.

[4]  Atsuko Miyaji,et al.  Efficient Countermeasures against RPA, DPA, and SPA , 2004, CHES.

[5]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[6]  Pierre-Alain Fouque,et al.  Attacking Unbalanced RSA-CRT Using SPA , 2003, CHES.

[7]  C. D. Walter,et al.  MIST: An Efficient, Randomized Exponentiation Algorithm for Resisting Power Analysis , 2002, CT-RSA.

[8]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[9]  Kouichi Itoh,et al.  DPA Countermeasures by Improving the Window Method , 2002, CHES.

[10]  JaeCheol Ha,et al.  A Secure and Practical CRT-Based RSA to Resist Side Channel Attacks , 2004, ICCSA.

[11]  Frédéric Valette,et al.  The Doubling Attack - Why Upwards Is Better than Downwards , 2003, CHES.

[12]  Marc Joye,et al.  Highly Regular Right-to-Left Algorithms for Scalar Multiplication , 2007, CHES.

[13]  Marc Joye,et al.  (Virtually) Free Randomization Techniques for Elliptic Curve Cryptography , 2003, ICICS.

[14]  Kouichi Itoh,et al.  Efficient Countermeasures against Power Analysis for Elliptic Curve Cryptosystems , 2004, CARDIS.

[15]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[16]  Kouichi Itoh,et al.  Improving the Randomized Initial Point Countermeasure Against DPA , 2006, ACNS.