Abstract
A profiling attack is a powerful variant among the noninvasive side channel attacks. In this work, we target RSA key generation relying on the binary version of the extended Euclidean algorithm for modular inverse and GCD computations. To date, this algorithm has only been exploited by simple power analysis; therefore, the countermeasures described in the literature are focused on mitigating only this kind of attack. We demonstrate that one of those countermeasures is not effective in preventing profiling attacks. The feasibility of our approach relies on the extraction of several leakage vectors from a single power trace. Moreover, because there are known relationships between the secrets and the public modulo in RSA, the uncertainty in some of the guessed secrets can be reduced by simple tests. This increases the effectiveness of the proposed attack.
Highlights
Modular inversions are widely used in cryptography
Power consumption have been exploited in [11], where the authors retrieve by simple power analysis (SPA) all of the secret bits of an ECDSA nonce during the modular inverse operation using a low number of power traces
We describe the multilayer perceptron (MLP) model used to perform the attack and describe the method of cross-validation
Summary
Modular inversions are widely used in cryptography. For example, modular inversions are used in signature schemes such as the ECDSA (elliptic curve digital signature algorithm) and the key generation stage of the RSA (Rivest, Shamir and Adleman cryptosystem). Similar vulnerabilities related to BEEA power consumption have been exploited in [11], where the authors retrieve by simple power analysis (SPA) all of the secret bits of an ECDSA nonce during the modular inverse operation using a low number of power traces. The authors claim their attack is still effective in the presence of the countermeasures introduced in [12]. In [13], an SPA is conducted against an RSA key generation implementation based on a binary Euclidean algorithm.
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
