Defeating RSA Multiply-Always and Message Blinding Countermeasures [chapter]

Marc F. Witteman, Jasper G. J. van Woudenberg, Federico Menarini
2011 Lecture Notes in Computer Science  
We introduce a new correlation power attack on RSA's modular exponentiation implementations, defeating both message blinding and multiply-always countermeasures. We analyze the correlation between power measurements of two consecutive modular operations, and use this to eciently recover individual key bits. Based upon simulation and practical application on a state-of-the-art smart card we show the validity of the attack. Further we demonstrate that cross correlation analysis is ecient on
more » ... re RSA implementations, even in the presence of message blinding and strong hiding countermeasures.
doi:10.1007/978-3-642-19074-2_6 fatcat:c4wihi7fivhsrbig52bnzisqpy