抄録
The implementation security of the RSA cryptosystem, under the threat of side-channel analysis, has attracted the attentions of many researchers. Boer et al. had proposed the MRED-DPA attack on RSA-CRT by choosing ciphertexts of equi-distant data. Their attack can be applied to RSA-OAEP decryption but not RSA-PSS signing because of the PSS random padding. We propose a new DPA attack on an implementation of RSA-CRT, with the Montgomery reduction. The proposed attack assumes only known ciphertexts, and can be applied to both RSA-OAEP decryption and RSA-PSS signing even if a random padding technique is used in practice. This study also presents experimental results to verify the proposed attack. Finally, this study proposes a CRT-based message blinding technique as a low-cost DPA countermeasure.
