Cryptology ePrint Archive: Report 2014/869

Exclusive Exponent Blinding May Not Suffice to Prevent Timing Attacks on RSA

Werner Schindler

Abstract: The references [9,3,1] treat timing attacks on RSA with CRT and Montgomery's multiplication algorithm in unprotected implementations. It has been widely believed that exponent blinding would prevent any timing attack on RSA. At cost of significantly more timing measurements this paper extends the before-mentioned attacks to RSA with CRT when Montgomery's multiplication algorithm and exponent blinding are applied. Simulation experiments are conducted, which confirm the theoretical results. Effective countermeasures exist. In particular, the attack efficiency is higher than in the previous version [12] while large parts of both papers coincide.

Category / Keywords: implementation / Timing attack, RSA, CRT, exponent blinding, Montgomery's multiplication algorithm

Original Publication (in the same form): IACR-CHES-2015

Date: received 22 Oct 2014, last revised 1 Aug 2015

Contact author: Werner Schindler at bsi bund de

Available format(s): PDF | BibTeX Citation

Version: 20150801:182314 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]