An SPA-Based Extension of Schindler's Timing Attack against RSA Using CRT

Yuuki TOMOEDA  Hideyuki MIYAKE  Atsushi SHIMBO  Shinichi KAWAMURA  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E88-A   No.1   pp.147-153
Publication Date: 2005/01/01
Online ISSN: 
DOI: 10.1093/ietfec/e88-a.1.147
Print ISSN: 0916-8508
Type of Manuscript: Special Section PAPER (Special Section on Cryptography and Information Security)
Category: Tamper-Resistance
SPA,  timing attack,  Montgomery multiplication,  RSA,  Chinese remainder theorem,  

Full Text: PDF(256.4KB)>>
Buy this Article

At CHES 2000, Schindler introduced a timing attack that enables the factorization of an RSA-modulus if RSA implementations use the Chinese Remainder Theorem and Montgomery multiplication. In this paper we introduce another approach for deriving the secret prime factor by focusing on the conditional branch Schindler used in his attack. One of the countermeasures against Schindler's attack is the blinding method. If input data are blinded with a fixed value or short-period random numbers, Schindler's attack does not work but our method can still factorize the RSA-modulus.