Welcome to the resource topic for 2016/597
Title:
Correlated Extra-Reductions Defeat Blinded Regular Exponentiation - Extended Version
Authors: Margaux Dugardin, Sylvain Guilley, Jean-Luc Danger, Zakaria Najm, Olivier Rioul
Abstract:Walter & Thomson (CT-RSA '01) and Schindler (PKC '02) have shown that extra-reductions allow to break RSA-CRT even with message blinding. Indeed, the extra-reduction probability depends on the type of operation: square, multiply, or multiply with a constant. Regular exponentiation schemes can be regarded as protections, as the operation sequence does not depend on the secret. In this article, we show that there exists a strong negative correlation between extra-reductions of two consecutive operations, provided that the first one feeds the second one. This allows to mount successful attacks even against blinded asymmetrical computations with a regular exponentiation algorithm (such as Square-and-Multiply Always or Montgomery Ladder). We put forward various attack strategies depending on the context (e.g., known modulus or not, known extra-reduction detection probability, etc.), and implement them on two devices (single core ARM Cortex-M4 and dual core ARM Cortex M0-M4)
ePrint: https://eprint.iacr.org/2016/597
Talk: https://www.youtube.com/watch?v=T2dzGjJscHw
See all topics related to this paper.
Feel free to post resources that are related to this paper below.
Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.
For more information, see the rules for Resource Topics .