“…This paper highlights that the right-to-left version of square-always algorithm is vulnerable to some side-channel attacks, so-called collision distance-based doubling attack, chosen-message CPA (collision power analysis) attack, and horizontal CPA-based combined attack. Among these, collision distance-based doubling and chosen-message CPA attacks can be considered extensions of the doubling attack (Fouque & Valette, 2003;Yen, Lien, Moon, & Ha, 2005), and the horizontal CPA-based combined attack is a variant of the SPA-based combined attack (Amiel, Villegas, Feix, & Mercel, 2007). To improve and extend previous findings (Ha, Choi, Choi, & Lee, 2014), this paper proposes a new right-to-left square-always exponentiation algorithm that can resist existing and proposed side-channel attacks and be easily adopted to implement the CRT-RSA exponentiation resistant to the Bellcore attack.…”