Seminar on Security of Embedded Electronic Systems

Home     Presentation     Previous years

Victor Lomné Thomas Roche

Schindler-Itoh/Wiemers revisited: recovering full RSA/ECC private key from noisy side-channel observations

Side-channel attacks on public-key cryptography (i.e. modular exponentiation for RSA or scalar multiplication for ECC) often boils down to distinguishing the 0s from the 1s in the binary representation of the secret exponent (resp. secret scalar). When state-of-the-art countermeasures are implemented, this detection must be errorless: thanks to masking techniques, erroneous masked exponents (resp. masked scalars) are useless. In 2011, Schindler and Itoh tackle this issue and propose an algorithm to recover the unmasked exponent (resp. scalar) from many erroneous masked exponents (resp. masked scalars). Schindler and Wiemers improve these results in 2014 and then in 2017. In our talk we will introduce the context of side-channel attacks over public-key cryptography, present the results of Schindler et al. and propose improvements.