Abstract
Published DPA attack scenarios against the RSA implementation exploit the possibility of predicting intermediate data during a straight-forward square-multiply exponentiation algorithm. An implementation of RSA using CRT (Chinese Remainder Theorem) prevents the pre-calculation of intermediate results during the exponentiation algorithm by an attacker. In this paper, we present a DPA attack that uses byte-wise hypotheses on the remainder after the modular reduction with one of the primes. Instead of using random input data this attack uses k series of input data with an equidistant step distance of 1, 256, (256)2, ..., (256)k. The basic assumption of this DPA attack named MRED (“Modular Reduction on Equidistant Data”) is that the distance of the input data equals the distance of the intermediate data after the modular reduction at least for a subgroup of single measurements. A function F k that is composed of the k DPA results is used for the approximation of a multiple of the prime. Finally the gcd gives the prime. The number of DPA calculations increases linear to the number of bytes of the prime to be attacked. MRED is demonstrated using simulated measurement data. The practical efficiency is assessed. If the applicability of this attack is limited due to padding formats in RSA signature applications, the least significant bytes of the remainder after the modular reduction step can still be revealed. Multiplicative message blinding can protect the reduction modulo a secret prime against MRED.
now at: TNO TPD, PO Box 155, NL-2600 AD Delft, The Netherlands
Chapter PDF
References
P. Kocher, J. Jaffe and B. Jun, “Differential Power Analysis”, in: Proceedings of Advances in Cryptology-CRYPTO’ 99, Lecture Notes in Computer Science, Vol. 1666, Springer, Berlin 1999, pp. 388–397
T. S. Messerges, E. A. Dabbish and R. H. Sloan, “Power Analysis Attacks of Modular Exponentiation in Smartcards”, in: Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Springer, Lecture Notes in Computer Science, Vol. 1717, Springer, Berlin 1999, pp. 144–157
J. Kelsey, B. Schneier, D. Wagner, C. Hall, “Side Channel Cryptanalysis of Product Ciphers”, in: Computer Security-ESORICS 98, Lecture Notes in Computer Science, Vol. 1485, Springer, Berlin 1998, pp. 487–496
T. S. Messerges, E. A. Dabbish, R. H. Sloan, “Investigations of Power Analysis Attacks on Smartcards”, USENIX Workshop on Smartcard Technology, USENIX Association, 1999, pp. 151–161
J.-S. Coron, P. Kocher, D. Naccache, “Statistics and Secret Leakage”, in: Financial Cryptography 2000, Lecture Notes in Computer Science, Vol. 1962, Springer, Berlin 2001, pp. 157–173
T. S. Messerges, “Using Second-Order Power Analysis to Attack DPA Resistant Software”, in: Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Lecture Notes in Computer Science, Vol. 1965, Springer, Berlin 2000, pp. 238–251
R. Mayer-Sommer, “Smartly Analyzing the Simplicity nd the Power of Simple Power Analysis on Smartcards”, in: Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Lecture Notes in Computer Science, Vol. 1965, Springer, Berlin 2000, pp. 78–92
P. N. Fahn and P. K. Pearson, “IPA: A New Class of Power Attacks”, in Proceedings of Workshop on Cryptographic Hardware and Embedded Systems, Lecture Notes in Computer Science, Vol. 1717, Springer, Berlin 1999, pp. 158–172
D. Boneh, R. A. DeMillo, R. J. Lipton, “On the Importance of Checking Cryptographic Protocols for Faults”, in Advances in Cryptology-Eurocrypt 97, Lecture Notes in Computer Science, Vol. 1233, Springer, Berlin 1997, pp. 37–51
E. Biham and A. Shamir, “Differential Fault Analysis of Secret Key Cryptosystems”, in: Advances in Cryptology-Crypto’ 97, Lecture Notes in Computer Science, Vol. 1294, Springer, Berlin 1997, pp. 513–525
P. Kocher, “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Systems”, in: Advances in Cryptology-Crypto’ 96, Lecture Notes in Computer Science, Vol. 1109, Springer, Berlin 1996, pp. 104–113
A. J. Menezes, P. C. van Oorschot, S. C. Vanstone, Handbook of Applied Cryptography, CRC Press, Boca Raton 1997
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2003 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
den Boer, B., Lemke, K., Wicke, G. (2003). A DPA Attack against the Modular Reduction within a CRT Implementation of RSA. In: Kaliski, B.S., Koç, ç.K., Paar, C. (eds) Cryptographic Hardware and Embedded Systems - CHES 2002. CHES 2002. Lecture Notes in Computer Science, vol 2523. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-36400-5_18
Download citation
DOI: https://doi.org/10.1007/3-540-36400-5_18
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-00409-7
Online ISBN: 978-3-540-36400-9
eBook Packages: Springer Book Archive