In RSA, if we use Square and always Multiply algorithm in decryption, how does decrypting the ciphertext $c=n-1$, while our public key is $(n,e)$, cause the private key $d$ to reveal due to side-channel attack?
Asked
Active
Viewed 66 times
0
-
What is the origin of this question and what did you try? – kelalaka Jan 28 '22 at 22:17
-
Hello. Side-channel attack, and specifically Square and always Multiply algorithm in decryption. I did not get anything. – Mohammadsadeq Borjiyan Jan 28 '22 at 22:54
-
1Like this one https://crypto.stackexchange.com/a/75419/18298 and hint: $n-1 \equiv -1 \bmod n$ this just make easier, nothing more. – kelalaka Jan 28 '22 at 22:55
-
For decrypting $c=n-1$ by square and always multiply algorithm, according to bits of $d$, we have to handle $1$ or $-1$ in every step; if current bit of $d$ is 1, our output in that step is $-1$ and if current bit of $d$ is $0$ we will have $1$. But I don't understand the relation of this to side-channel attack. Does the power consumption change? – Mohammadsadeq Borjiyan Jan 29 '22 at 06:26
-
Well, you got it. start from coding on which you measure the time. Use preferable C++ and Chrono timing. Does the power consumption change? Yes. if $d=1$ then squaring and multiplication with 1 is free? You need to investigate the cases.. – kelalaka Jan 29 '22 at 08:24
-
1"Square and always multiply" is not well-known: I had to Google it to get a relevant link. In short, it's square and multiply modified to perform multiplication and discard it's result when the exponent bit is 0. – fgrieu Jan 29 '22 at 08:30
-
@fgrieu isn't it the second version on my answer. Now, I've named it, thanks. – kelalaka Jan 29 '22 at 10:05