An Attack Method Against the Modular Reduction Within a RSA-CRT Implementation Based on Template Attack
At present,there are few researches on profile attacks against RSA-CRT implementation.This paper takes modular reduction operation as the research object,and a template attack method against RSA-CRT implementation is pro-posed.The core of this method is to solve the difficulty to recover the RSA-CRT private key from the Hamming weight of the intermediate value of ciphertext modular reduction.The characteristic of this method is to build a model based on the Hamming weight of the intermediate value derived from modular reduction.The Hamming weight can be obtained by col-lecting the power traces of chosen ciphertext modular reduction for template matching,and the intermediate value is recov-ered from the Hamming weight variation,the private key of the RSA-CRT algorithm can be further inferred based on the in-termediate value.In addition,the advantage of this method is that ideally,templates based on the intermediate Hamming weight model can be shared,and there is no limit on the number of bits of the intermediate value for modelling,which can be in byte size,64 bit size,or even the bit size of p.In the actual environment,it can be selected according to the leaked in-formation.Finally,in this paper,the lowest byte of the intermediate value is selected to model to verify the feasibility of this method,and the defense suggestions are also provided.
国家科技期刊平台
NSTL
万方数据
