In most efficient exponentiation implementations, recovering the secret exponent is equivalent to disclosing the sequence of squaring and multiplication operations. Some known attacks on the RSA exponentiation apply this strategy, but cannot be used against classical blinding countermeasures. In this paper, we propose new attacks distinguishing squaring from multiplications using a single side-channel trace. It makes our attacks more robust against blinding countermeasures than previous methods even if both exponent and message are randomized, whatever the quality and length of random masks. We demonstrate the efficiency of our new techniques using simulations in different noise configurations. © Springer-Verlag 2012.
CITATION STYLE
Clavier, C., Feix, B., Gagnerot, G., Giraud, C., Roussellet, M., & Verneuil, V. (2012). ROSETTA for single trace analysis recovery of secret exponent by triangular trace analysis. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 7668 LNCS, pp. 140–155). https://doi.org/10.1007/978-3-642-34931-7_9
Mendeley helps you to discover research relevant for your work.