摘要
In this paper,we propose two new attack algorithms on RSA implementations with CRT(Chinese remainder theorem).To improve the attack efficiency considerably,a clustering collision power attack on RSA with CRT is introduced via chosen-message pairs.This attack method is that the key parameters dp and dq are segmented by byte,and the modular multiplication collisions are identified by k-means clustering.The exponents dp and dq were recovered by 12 power traces of six groups of the specific message pairs,and the exponent d was obtained.We also propose a second order clustering collision power analysis attack against RSA implementation with CRT,which applies double blinding exponentiation.To reduce noise and artificial participation,we analyze the power points of interest by preprocessing and k-means clustering with horizontal correlation collisions.Thus,we recovered approximately 91%of the secret exponents manipulated with a single power curve on RSA-CRT with countermeasures of double blinding methods.
基金
supported by the National Key R&D Program of China(No.2017YFB0802300)
the Key Research and Development Project of Sichuan Province(No.2020YFG0307,No.2018TJPT0012)
the Key Research and Development Project of Chengdu(No.2019-YF05-02028-GX).
