摘要
Nowadays the modular multiplications in many kinds of smartcards are utilized Montgomery's algorithm modular multiplier, so traditional SPA to RSA becomes invalid. An improved attack method is proposed based on SPA which just depends on the fact that there exist some subtle differences in each loop during the operation of cd mod n. At same time, compared with the traditional SPA, it doesn't need to select the clear text or some known message. Using this method, attacks can easy to discover the mode of RSA implementation and extract the bits of decryption key just based on a few collected traces. From the real attack test on several main kinds of smartcard, the private keys of RSA stored inside can be analyzed successfully.
Nowadays the modular multiplications in many kinds of smartcards are utilized Montgomery's algorithm modular multiplier, so traditional SPA to RSA becomes invalid. An improved attack method is proposed based on SPA which just depends on the fact that there exist some subtle differences in each loop during the operation of cd mod n. At same time, compared with the traditional SPA, it doesn't need to select the clear text or some known message. Using this method, attacks can easy to discover the mode of RSA implementation and extract the bits of decryption key just based on a few collected traces. From the real attack test on several main kinds of smartcard, the private keys of RSA stored inside can be analyzed successfully.
基金
supported by the fundamental Research Funds for the Central University under Grant 2013JBM006
