Paper 2014/869

Exclusive Exponent Blinding May Not Suffice to Prevent Timing Attacks on RSA

Werner Schindler

Abstract

The references [9,3,1] treat timing attacks on RSA with CRT and Montgomery's multiplication algorithm in unprotected implementations. It has been widely believed that exponent blinding would prevent any timing attack on RSA. At cost of significantly more timing measurements this paper extends the before-mentioned attacks to RSA with CRT when Montgomery's multiplication algorithm and exponent blinding are applied. Simulation experiments are conducted, which confirm the theoretical results. Effective countermeasures exist. In particular, the attack efficiency is higher than in the previous version [12] while large parts of both papers coincide.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published by the IACR in CHES 2015
DOI
10.1007/978-3-662-48324-4_12
Keywords
Timing attackRSACRTexponent blindingMontgomery's multiplication algorithm
Contact author(s)
Werner Schindler @ bsi bund de
History
2015-08-01: revised
2014-10-22: received
See all versions
Short URL
https://ia.cr/2014/869
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2014/869,
      author = {Werner Schindler},
      title = {Exclusive Exponent Blinding May Not Suffice to Prevent Timing Attacks on RSA},
      howpublished = {Cryptology ePrint Archive, Paper 2014/869},
      year = {2014},
      doi = {10.1007/978-3-662-48324-4_12},
      note = {\url{https://eprint.iacr.org/2014/869}},
      url = {https://eprint.iacr.org/2014/869}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.