5 research outputs found
Side-channel analysis of the modular inversion step in the RSA key generation algorithm
This paper studies the security of the RSA key generation algorithm with regard to side-channel analysis
and presents a novel approach that targets the simple power analysis (SPA) vulnerabilities that may
exist in an implementation of the binary extended Euclidean algorithm (BEEA). The SPA vulnerabilities
described, together with the properties of the values processed by the BEEA in the context of RSA key
generation, represent a serious threat for an implementation of this algorithm. It is shown that an adversary
can disclose the private key employing only one power trace with a success rate of 100 % – an
improvement on the 25% success rate achieved by the best side-channel analysis carried out on this algorithm.
Two very different BEEA implementations are analyzed, showing how the algorithm’s SPA
leakages could be exploited. Also, two countermeasures are discussed that could be used to reduce
those SPA leakages and prevent the recovery of the RSA private keyPeer reviewe
Side-channel analysis of the modular inversion step in the RSA key generation algorithm
This paper studies the security of the RSA key generation algorithm with regard to side-channel analysis and presents a novel approach that targets the simple power analysis (SPA) vulnerabilities that may exist in an implementation of the binary extended Euclidean algorithm (BEEA). The SPA vulnerabilities described, together with the properties of the values processed by the BEEA in the context of RSA key generation, represent a serious threat for an implementation of this algorithm. It is shown that an adversary can disclose the private key employing only one power trace with a success rate of 100 % – an improvement on the 25% success rate achieved by the best side-channel analysis carried out on this algorithm. Two very different BEEA implementations are analyzed, showing how the algorithm’s SPA leakages could be exploited. Also, two countermeasures are discussed that could be used to reduce those SPA leakages and prevent the recovery of the RSA private keyGobierno de España TEC2014-57971-R, RTC-2014-2932-