Stochastic methods defeat regular RSA exponentiation algorithms with combined blinding methods

Blog Article

Extra-reductions occurring in Montgomery multiplications disclose side-channel information which can be exploited even in stringent contexts.In this article, we derive stochastic attacks to defeat Rivest-Shamir-Adleman (RSA) with Montgomery ladder regular exponentiation coupled with base blinding.Namely, we sten jacket m leverage on precharacterized multivariate probability mass functions of extra-reductions between pairs of (multiplication, square) in one iteration of the RSA algorithm and that of the next one(s) to build a maximum likelihood distinguisher.

The efficiency of our attack (in terms of required traces) is more than double compared to the state-of-the-art.In addition to this result, we also apply footjoy weste herren our method to the case of regular exponentiation, base blinding, and modulus blinding.Quite surprisingly, modulus blinding does not make our attack impossible, and so even for large sizes of the modulus randomizing element.

At the cost of larger sample sizes our attacks tolerate noisy measurements.Fortunately, effective countermeasures exist.

Report this page

STOCHASTIC METHODS DEFEAT REGULAR RSA EXPONENTIATION ALGORITHMS WITH COMBINED BLINDING METHODS

Stochastic methods defeat regular RSA exponentiation algorithms with combined blinding methods

Stochastic methods defeat regular RSA exponentiation algorithms with combined blinding methods

Blog Article

Comments

Unique visitors

Report page

Contact Us