Name
Abstract | ||
|---|---|---|
This work presents several classes of messages that lead to data leakage during modular exponentiation. Such messages allow for the recovery of the entire secret exponent with a single power measurement. We show that padding schemes as defined by industry standards such as PKCS#1 and ANSI x9.31 are vulnerable to side-channel attacks since they meet the characteristics defined by our classes. Though PKCS#1 states that there are no known attacks against RSASSA-PKCS1-v1_5, the EMSA-PKCS1-v1_5 encoding in fact makes the scheme vulnerable to side-channel analysis. These attacks were validated against a real-world smartcard system, the Infineon SLE78, which ran our proof of concept implementation. Additionally, we introduce methods for the elegant recovery of the full RSA private key from blinded RSA CRT exponents. |
Year | DOI | Venue |
|---|---|---|
2011 | 10.1007/978-3-642-31912-9_11 | ICISC |
Keywords | Field | DocType |
elegant recovery,infineon sle78,current rsa signature scheme,data leakage,entire secret exponent,industry standard,concept implementation,ansi x9,though pkcs,full rsa private key,blinded rsa crt exponent,pkcs 1,crt,side channel attacks | PKCS #1,Computer security,Computer science,Smart card,Side channel attack,PKCS,Padding,Public-key cryptography,Modular exponentiation,Encoding (memory) | Conference |
Citations | PageRank | References |
1 | 0.36 | 15 |
Authors | ||
3 | ||
Name | Order | Citations | PageRank |
|---|---|---|---|
| Juliane Krämer | 1 | 74 | 7.52 |
| Dmitry Nedospasov | 2 | 209 | 11.52 |
| Jean-Pierre Seifert | 3 | 1946 | 160.31 |