Resum
Modular inversions are widely employed in public key crypto-systems, and it is known that they imply a bottleneck due to the expensive computation. Recently, a new algorithm for inversions modulo pk was proposed, which may speed up the calculation of a modulus dependent quantity used in the Montgomery multiplication. The original algorithm lacks security countermeasures; thus, a straightforward implementation may expose the input. This is an issue if that input is a secret. In the RSA-CRT signature using Montgomery multiplication, the moduli are secrets (primes p and q). Therefore, the moduli dependent quantities related to p and q must be securely computed. This paper presents a security analysis of the novel method considering that it might be used to compute secrets. We demonstrate that a Side Channel Analysis leads to disclose the data being manipulated. In consequence, a secure variant for inversions modulo 2k is proposed, through the application of two known countermeasures. In terms of performance, the secure variant is still comparable with the original one.
Idioma original | English |
---|---|
Pàgines (de-a) | 1 |
Nombre de pàgines | 8 |
Revista | Cryptography |
Volum | 2 |
Número | 3 |
DOIs | |
Estat de la publicació | Publicada - de set. 2018 |