NEMR: A Nonequidistant DPA Attack-Proof of Modular Reduction in a CRT Implementation of RSA

S. Kaedi | Mohammadali Doostari | M.B. Ghaznavi-Ghoushchi

---

URL :   http://research.shahed.ac.ir/WSR/WebPages/Report/PaperView.aspx?PaperID=84880
Date :  2018/02/23
Publish in :    Journal of Circuits, Systems and Computers
DOI :  https://doi.org/10.1142/s0218126618501918
Link :  http://dx.doi.org/10.1142/S0218126618501918
Keywords :DPA, Modular, RSA

Abstract :

---

One of the most common algorithms in a digital signature is the RSA-CRT. Several side channel attacks have been presented on the RSA-CRT’s embedded design. Such attacks are divided into two categories: attack in the modular reduction step and attack in the recombination step. The former are plaintext attacks and based on the modular reduction on equidistant data attack, which is introduced in B. den Boer, et al., “A DPA attack against the modular reduction within a CRT implementation of RSA,” in CHES 2002. In these attacks, instead of using random plaintext, an equidistant series of input data is used. In a chosen and equidistant plaintext attack, the attacker needs a higher level of accessibility, and it is more difficult than a nonchosen plaintext attack. In this paper, we present a nonequidistant plaintext (but chosen plaintext) differential power analysis attack on the modular reduction in RSA-CRT, named NEMR (nonequidistant plaintext on modular reduction). We also present a new countermeasure on NEMR attack, which is resistant against equidistant and nonequidistant data attack on reduction step in RSA-CRT. In order to prove the idea, the NEMR attack is applied on the RSA-CRT 2048-bit implementation on SAKURA-G board, and the result is evaluated. Then, the presented countermeasure on NEMR attack is tested, and practical results demonstrate the validity of the proposed approach.