Paper 2017/108

Photonic Side Channel Attacks Against RSA

Elad Carmon, Jean-Pierre Seifert, and Avishai Wool


This paper describes the first attack utilizing the photonic side channel against a public-key crypto-system. We evaluated three common implementations of RSA modular exponentiation, all using the Karatsuba multiplication method. We discovered that the key length had marginal impact on resilience to the attack: attacking a 2048-bit key required only 9\% more decryption attempts than a 1024-bit key. We found that the most dominant parameter impacting the attacker's effort is the minimal block size at which the Karatsuba method reverts to naive multiplication: even for parameter values as low as 32 or 64 bits our attacks achieve 100\% success rate with under 10,000 decryption operations. Somewhat surprisingly, we discovered that Montgomery's Ladder---commonly perceived as the most resilient of the three implementations to side-channel attacks---was actually the most susceptible: for 2048-bit keys, our attack reveals 100\% of the secret key bits with as few as 4000 decryptions.

Available format(s)
Public-key cryptography
Publication info
Published elsewhere. MAJOR revision.IEEE International Symposium on Hardware Oriented Security and Trust (HOST), 2017
side-channel cryptanalysis
Contact author(s)
yash @ eng tau ac il
2017-02-14: received
Short URL
Creative Commons Attribution


      author = {Elad Carmon and Jean-Pierre Seifert and Avishai Wool},
      title = {Photonic Side Channel Attacks Against RSA},
      howpublished = {Cryptology ePrint Archive, Paper 2017/108},
      year = {2017},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.