Profiling Attack against RSA Key Generation Based on a Euclidean Algorithm

Fe, Sadiel de la; Park, Han-Byeol; Sim, Bo-Yeon; Han, Dong‐Guk; Ferrer, Carles

doi:10.3390/info12110462

Cited by 3 publications

(2 citation statements)

References 25 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…p − 1 and q − 1; 2) 4|(p − 1)(q − 1), 2|(p − 1) and 2|(q − 1), the partial operational flow at the beginning of BEA (or BEEA) can be predicted in advance. Using all these characteristics, SPA, cache-timing attack (CTA), and machine learningbased profiling attack (MLPA) threaten the security of RSA key generation [4]- [6].…”

Section: Algorithm 4: Flt-ctmimentioning

confidence: 99%

Compact and Efficient Constant-Time GCD and Modular Inversion with Short-Iteration

JIN,

MIYAJI

2023

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

Theoretically secure cryptosystems, digital signatures may not be secure after being implemented on Internet of Things (IoT) devices and PCs because of side-channel attacks (SCA). Because RSA key generation and ECDSA require GCD computations or modular inversions, which are often computed using the binary Euclidean algorithm (BEA) or binary extended Euclidean algorithm (BEEA), the SCA weaknesses of BEA and BEEA become a serious concern. Constant-time GCD (CT-GCD) and constant-time modular inversion (CTMI) algorithms are effective countermeasures in such situations. Modular inversion based on Fermat's little theorem (FLT) can work in constant time, but it is not efficient for general inputs. Two CTMI algorithms, named BOS and BY in this paper, were proposed by Bos, Bernstein and Yang, respectively. Their algorithms are all based on the concept of BEA. However, one iteration of BOS has complicated computations, and BY requires more iterations. A small number of iterations and simple computations during one iteration are good characteristics of a constant-time algorithm. Based on this view, this study proposes new short-iteration CT-GCD and CTMI algorithms over F p borrowing a simple concept from BEA. Our algorithms are evaluated from a theoretical perspective. Compared with BOS, BY, and the improved version of BY, our short-iteration algorithms are experimentally demonstrated to be faster. key words: constant-time modular inversion (CTMI), constant-time greatest common divisor (CT-GCD), and side channel attacks (SCA).

show abstract

Section: Algorithm 4: Flt-ctmimentioning

confidence: 99%

Compact and Efficient Constant-Time GCD and Modular Inversion with Short-Iteration

JIN,

MIYAJI

2023

IEICE Trans. Inf. & Syst.

View full text Add to dashboard Cite

show abstract

“…Since the publishment of the RSA cryptosystem, the system has been analyzed by numerous researchers to find its vulnerability [2]. Past studies have shown that if the private keys or public keys of the RSA system are not chosen carefully, the cryptosystem is feasible to be broken by a third party in a reasonable amount of time [2][3][4]. However, once the flaw of the cryptosystem is known, improvement can be made and thus the system is more robust.…”

Section: Introductionmentioning

confidence: 99%

Parallel implementation of Wiener's attack on RSA: Algorithm design and performance evaluation

2024

ACE

View full text Add to dashboard Cite

The robustness of the RSA cryptosystem is intrinsically tied to the choice of public and private keys. As pinpointed by M. Wiener, should the private decryption exponent, d, be improperly chosen-either disproportionately large or unduly small in relation to the public key n-an adversary could feasibly deduce the private keys within a practical time span. In this paper, the algorithm invented by Wiener is revisited and find a way to parallelize the attacking algorithm by using OpenMP. The algorithm is based on the proof made in Wieners article, that if d<1/3 n^(1/4), then the private key d is the denominator of one of the convergent of CF(e/n). Using a constant set of private keys (e,n), an extensive series of simulated attacks employing Wieners method was conducted on a laptop to determine the optimal thread count for executing the parallel algorithm. The results indicate that the algorithms execution speed can be enhanced by a factor of 1.5607 (rounded to five significant figures). Specifically, while the sequential version of the algorithm averaged a runtime of 3518939.04 nanoseconds, its parallel counterpart averaged 2240493.28 nanoseconds.

show abstract

Short-Iteration Constant-Time GCD and Modular Inversion

Jin

Miyaji

2023

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Profiling Attack against RSA Key Generation Based on a Euclidean Algorithm

Cited by 3 publications

References 25 publications

Compact and Efficient Constant-Time GCD and Modular Inversion with Short-Iteration

Compact and Efficient Constant-Time GCD and Modular Inversion with Short-Iteration

Parallel implementation of Wiener's attack on RSA: Algorithm design and performance evaluation

Short-Iteration Constant-Time GCD and Modular Inversion

Contact Info

Product

Resources

About