An Equidistant Message Power Attack Using Restricted Number of Traces on Reduction Algorithm

The RSA-CRT algorithm has been widely used because of the efficiency of its exponent operation. The physical susceptibility of RSA-CRT to various side channel attacks has been investigated in several studies. Boer et al. proposed MRED (Modular Reduction on Equidistant Data), a brilliant differential power analysis (DPA) of CRT reduction with equidistant chosen messages. This attack targets intermediate data that depend on the \(r=x\mathrm{{mod}}p\) value. We introduce a new approach the MRED attack, related to a subtraction algorithm that is not solely based on the \(r\) value. Our approach is superficially similar to previous DPA attacks; however, is based on a totally different assumption from that of data dependent analysis. According to our results, only 256 traces are needed to reduce 1 block key to 2 key candidates, so it is a more efficient analysis method on restricted trace environments. Moreover, it can be used to attack a data-dependent trace system. One example of this kind of attack is non-Hamming weight. We describe our technique with its advantages and disadvantages, and we show simulation results using an MSP430 and based software board.