Defeating RSA Multiply-Always and Message Blinding Counter measures

摘要

We introduce a new correlation power attack on RSA's modular exponentiation implementations, defeating both message blinding and multiply-always counter measures. We analyze the correlation between power measurements of two consecutive modular operations, and use this to efficiently recover individual key bits. Based upon simulation and practical application on a state-of-the-art smart card we show the validity of the attack. Further we demonstrate that cross correlation analysis is efficient on hardware RSA implementations, even in the presence of message blinding and strong hiding countermeasures.