Cryptology ePrint Archive: Report 2014/869
Exclusive Exponent Blinding May Not Suffice to Prevent Timing Attacks on RSA
Abstract: The references [9,3,1] treat timing attacks on RSA with CRT and Montgomery's multiplication algorithm in unprotected implementations.
It has been widely believed that exponent blinding would prevent any timing attack on RSA.
At cost of significantly more timing measurements this paper extends the before-mentioned attacks to RSA with CRT when Montgomery's multiplication algorithm and exponent blinding are applied.
Simulation experiments are conducted, which confirm the theoretical results. Effective countermeasures exist. In particular, the attack efficiency is higher than in the previous version  while large parts of both papers coincide.
Category / Keywords: implementation / Timing attack, RSA, CRT, exponent blinding, Montgomery's multiplication algorithm
Original Publication (in the same form): IACR-CHES-2015
Date: received 22 Oct 2014, last revised 1 Aug 2015
Contact author: Werner Schindler at bsi bund de
Available format(s): PDF | BibTeX Citation
Version: 20150801:182314 (All versions of this report)
Short URL: ia.cr/2014/869
Discussion forum: Show discussion | Start new discussion
[ Cryptology ePrint archive ]