## CryptoDB

### Paper: (Long paper) One Truth Prevails: A Deep-learning Based Single-Trace Power Analysis on RSA–CRT with Windowed Exponentiation

Authors: Kotaro Saito , Tohoku University Akira Ito , Tohoku University Rei Ueno , Tohoku University Naofumi Homma , Tohoku University Search ePrint Search Google Slides In this paper, a deep-learning based power/EM analysis attack on the state-of-the-art RSA–CRT software implementation is proposed. Our method is applied to a side-channel-aware implementation with the Gnu Multi-Precision (MP) Library, which is a typical open-source software library. Gnu MP employs a fixed window exponentiation, which is the fastest in a constant time, and loads the entire precomputation table once to avoid side-channel leaks from multiplicands. To conduct an accurate estimation of secret exponents, our method focuses on the process of loading the entire precomputation table, which we call a dummy load scheme. It is particularly noteworthy that the dummy load scheme is implemented as a countermeasure against a simple power/EM analysis (SPA/SEMA). This type of vulnerability from a dummy load scheme also exists in other cryptographic libraries. We also propose a partial key exposure attack suitable for the distribution of errors in the secret exponents recovered from the windowed exponentiation. We experimentally show that the proposed method consisting of the above power/EM analysis attack, as well as a partial key exposure attack, can be used to fully recover the secret key of the RSA–CRT from the side-channel information of a single decryption or a signature process.
##### BibTeX
@article{tches-2022-32282,
title={(Long paper) One Truth Prevails: A Deep-learning Based Single-Trace Power Analysis on RSA–CRT with Windowed Exponentiation},
journal={IACR Transactions on Cryptographic Hardware and Embedded Systems},
publisher={RUB},
volume={2022, Issue 4},
author={Kotaro Saito and Akira Ito and Rei Ueno and Naofumi Homma},
year=2022
}