Correlated Extra-Reductions Defeat Blinded Regular Exponentiation - Archive ouverte HAL Accéder directement au contenu
Communication Dans Un Congrès Année : 2016

Correlated Extra-Reductions Defeat Blinded Regular Exponentiation

Sylvain Guilley
Jean-Luc Danger
Zakaria Najm
  • Fonction : Auteur
  • PersonId : 967127
Olivier Rioul

Résumé

Walter & Thomson (CT-RSA '01) and Schindler (PKC '02) have shown that extra-reductions allow to break RSA-CRT even with message blinding. Indeed, the extra-reduction probability depends on the type of operation (square, multiply, or multiply with a constant). Regular exponentiation schemes can be regarded as protections since the operation sequence does not depend on the secret. In this article, we show that there exists a strong negative correlation between extra-reductions of two consecutive operations, provided that the first feeds the second. This allows to mount successful attacks even against blinded asymmetrical computations with a regular exponentiation algorithm, such as Square-and-Multiply Always or Montgomery Ladder. We investigate various attack strategies depending on the context - known or unknown modulus, known or unknown extra-reduction detection probability, etc.-and implement them on two devices: a single core ARM Cortex-M4 and a dual core ARM Cortex M0-M4.
Fichier non déposé

Dates et versions

hal-01362463 , version 1 (08-09-2016)

Identifiants

  • HAL Id : hal-01362463 , version 1

Citer

Margaux Dugardin, Sylvain Guilley, Jean-Luc Danger, Zakaria Najm, Olivier Rioul. Correlated Extra-Reductions Defeat Blinded Regular Exponentiation. Cryptographic Hardware and Embedded Systems – CHES 2016, Aug 2016, Santa Barbara, United States. pp.Pages 3-22. ⟨hal-01362463⟩
105 Consultations
0 Téléchargements

Partager

Gmail Facebook X LinkedIn More