Abstract
We discuss side-channel attacks on CRT-RSA encryption or signature schemeĀ (the RSA scheme with the Chinese remainder theorem) implemented via the sliding window method. The sliding window method calculates exponentiations through repeated squaring and multiplication. These square-and-multiply sequences can be obtained by side-channel attacks, and there is the risk of recovering CRT-RSA secret keys from these sequences. Especially, in CHESĀ 2017, it is proved that we can recover secret keys from the correct square-and-multiply sequences in polynomial time when the window size w is less than 4. However, there are errors in the obtained sequences. Oonishi and Kunihiro proposed a method for recovering secret keys from noisy sequences when \(w=1\). Although this work only addresses the case with \(w=1\), it should be possible to recover secret keys for larger values of w. In this paper, we propose a new method for recovering secret keys from noisy sequences in the sliding window method. Moreover, we clarify the amount of errors for which our method works.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bernstein, D.J., et al.: Sliding right into disaster: left-to-right sliding windows leak. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 555ā576. Springer, Cham (2017). https://doi.org/10.1007/978-3-319-66787-4_27
Breitner, J., Skorski, M.: Analytic formulas for renyi entropy of hidden Markov models. eprint arXiv: 1709.09699 (2017)
Breitner, J.: More on sliding right. IACR eprint: 2018.1163 (2018)
Genkin, D., Pachmanov, L., Pipman, I., Tromer, E.: Stealing keys from PCs using a radio: cheap electromagnetic attacks on windowed exponentiation. In: GĆ¼neysu, T., Handschuh, H. (eds.) CHES 2015. LNCS, vol. 9293, pp. 207ā228. Springer, Heidelberg (2015). https://doi.org/10.1007/978-3-662-48324-4_11
Heninger, N., Shacham, H.: Reconstructing RSA private keys from random key bits. In: Halevi, S. (ed.) CRYPTO 2009. LNCS, vol. 5677, pp. 1ā17. Springer, Heidelberg (2009). https://doi.org/10.1007/978-3-642-03356-8_1
Hoeffding, W.: Probability inequalities for sums of bounded random variables. J. Am. Stat. Assoc. 58, 13ā30 (1963). https://doi.org/10.1080/01621459.1963.10500830
Ä°nci, M.S., Gulmezoglu, B., Irazoqui, G., Eisenbarth, T., Sunar, B.: Cache attacks enable bulk key recovery on the cloud. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 368ā388. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_18
Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104ā113. Springer, Heidelberg (1996). https://doi.org/10.1007/3-540-68697-5_9
Kunihiro, N., Honda, J.: RSA meets DPA: recovering RSA secret keys from noisy analog data. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 261ā278. Springer, Heidelberg (2014). https://doi.org/10.1007/978-3-662-44709-3_15
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Power analysis attacks of modular exponentiation in smartcards. In: KoƧ, Ć.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 144ā157. Springer, Heidelberg (1999). https://doi.org/10.1007/3-540-48059-5_14
Moriarty, K., Kaliski, B., Jonsson, J., Rusch, A.: PKCS #1: RSA cryptography specifications version 2.2 (2016). https://tools.ietf.org/html/rfc8017
Oonishi, K., Huang, X., Kunihiro, N.: Improved CRT-RSA secret key recovery method from sliding window leakage. In: Seo, J.H. (ed.) ICISC 2019. LNCS, vol. 11975, pp. 278ā296. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-40921-0_17
Oonishi, K., Kunihiro, N.: Attacking noisy secret CRT-RSA exponents in binary method. In: Lee, K. (ed.) ICISC 2018. LNCS, vol. 11396, pp. 37ā54. Springer, Cham (2019). https://doi.org/10.1007/978-3-030-12146-4_3
Percival, C.: Cache missing for fun and profit (2005). http://www.daemonology.net/papers/htt.pdf
Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21, 120ā126 (1978). https://doi.org/10.1145/359340.359342
Walter, C.D.: Sliding windows succumbs to big mac attack. In: KoƧ, Ć.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 286ā299. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44709-1_24
Yarom, Y., Genkin, D., Heninger, N.: CacheBleed: a timing attack on OpenSSL constant time RSA. In: Gierlichs, B., Poschmann, A.Y. (eds.) CHES 2016. LNCS, vol. 9813, pp. 346ā367. Springer, Heidelberg (2016). https://doi.org/10.1007/978-3-662-53140-2_17
Acknowledgements
The first author is supported by a JSPS Fellowship for Young Scientists. This research was partially supported by JSPS Grant-in-Aid for JSPS Fellows 20J11754 and JST CREST Grant Number JPMJCR14D6, Japan.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
Ā© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Oonishi, K., Kunihiro, N. (2020). Recovering CRT-RSA Secret Keys from Noisy Square-and-Multiply Sequences in the Sliding Window Method. In: Liu, J., Cui, H. (eds) Information Security and Privacy. ACISP 2020. Lecture Notes in Computer Science(), vol 12248. Springer, Cham. https://doi.org/10.1007/978-3-030-55304-3_34
Download citation
DOI: https://doi.org/10.1007/978-3-030-55304-3_34
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-55303-6
Online ISBN: 978-3-030-55304-3
eBook Packages: Computer ScienceComputer Science (R0)