Unlock instant, AI-driven research and patent intelligence for your innovation.

Private key recovery method and system for realizing modular reduction attack based on RSA-CRT of template

A technology of RSA-CRT and RSA algorithm, which is applied in the direction of transmission system, digital transmission system, public key of secure communication, etc., and can solve the problem that the private key cannot be recovered

Active Publication Date: 2022-01-21
国家信息技术安全研究中心
View PDF12 Cites 0 Cited by
  • Summary
  • Abstract
  • Description
  • Claims
  • Application Information

AI Technical Summary

Problems solved by technology

[0005] To this end, the embodiment of the present application provides a template-based RSA-CRT to realize a private key recovery method and system for modulus reduction attacks, based on the Hamming weight model modeling of the intermediate value after modulus reduction, and selecting ciphertext modulus reduction by collecting Perform template matching on the energy traces to obtain the Hamming weight of the intermediate value after modular reduction, and recover the key according to the private key recovery algorithm, which solves the problem that the private key cannot be recovered from the Hamming weight of the intermediate value after modular reduction

Method used

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more

Image

Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
  • Private key recovery method and system for realizing modular reduction attack based on RSA-CRT of template
  • Private key recovery method and system for realizing modular reduction attack based on RSA-CRT of template
  • Private key recovery method and system for realizing modular reduction attack based on RSA-CRT of template

Examples

Experimental program
Comparison scheme
Effect test

Embodiment Construction

[0058] The implementation mode of the present invention is illustrated by specific specific examples below, and those who are familiar with this technology can easily understand other advantages and effects of the present invention from the contents disclosed in this description. Obviously, the described embodiments are a part of the present invention. , but not all examples. Based on the embodiments of the present invention, all other embodiments obtained by persons of ordinary skill in the art without making creative efforts belong to the protection scope of the present invention.

[0059] Some well-known terms in the art are defined as follows:

[0060] Hamming Weight: Calculate the number of non-zero data bits in the binary expansion of the data.

[0061] Energy trace: collect the energy consumption curve of a certain operation of the cryptographic module through the oscilloscope.

[0062] Multivariate normal distribution modeling: Multivariate normal distribution consis...

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

PUM

No PUM Login to View More

Abstract

The embodiment of the invention discloses a private key recovery method and system for realizing a modular reduction attack based on RSA-CRT of a template, and the method comprises the steps: carrying out the multivariate normal distribution modeling of an energy trace of a modular reduction operation of training equipment based on a Hamming weight model, and obtaining a template corresponding to an intermediate value byte by byte after modular reduction; based on a template matching method for selecting the ciphertext, obtaining an intermediate value r of the RSA algorithm modular reduction operation, and recovering a private key p used by the RSA algorithm through the intermediate value r; decomposing the public key n to obtain a private key q, thereby obtaining private keys p and q of the RSA. Modeling is carried out based on a Hamming weight model of the intermediate value after modular reduction, template matching is carried out by collecting and selecting an energy trace of ciphertext modular reduction to obtain the Hamming weight of the intermediate value after modular reduction, key recovery is carried out according to a private key recovery algorithm, and the problem that a private key cannot be recovered through the Hamming weight of the intermediate value after modular reduction is solved.

Description

technical field [0001] The embodiment of the present application relates to the technical field of cryptography application, and specifically relates to a method and system for recovering a private key based on a template-based RSA-CRT to implement a modulus reduction attack. Background technique [0002] The differential energy analysis proposed by Kocher et al. created the research field of side-channel attack. Side-channel attack mainly studies the recovery of sensitive information by using side-channel information such as energy consumption and electromagnetic radiation leaked in the process of encrypting and decrypting messages by cryptographic equipment. Side channel attacks are mainly divided into two categories, one is modeling attacks, such as template attacks, and the other is non-modeling attacks, such as correlation energy analysis. Based on modeling attacks, the attacker needs to obtain two identical devices, one of which has sufficient control rights, trains th...

Claims

the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More

Application Information

Patent Timeline
no application Login to View More
IPC IPC(8): H04L9/08H04L9/30G06F7/72
CPCH04L9/0894H04L9/302G06F7/72G06F7/723
Inventor 李霞王宏马向亮杨丹
Owner 国家信息技术安全研究中心
Features
  • R&D
  • Intellectual Property
  • Life Sciences
  • Materials
  • Tech Scout
Why Patsnap Eureka
  • Unparalleled Data Quality
  • Higher Quality Content
  • 60% Fewer Hallucinations
Social media
Patsnap Eureka Blog
Learn More

Browse by: Latest US Patents, China's latest patents, Technical Efficacy Thesaurus, Application Domain, Technology Topic, Popular Technical Reports.

© 2025 PatSnap. All rights reserved.Legal|Privacy policy|Modern Slavery Act Transparency Statement|Sitemap|About US| Contact US: help@patsnap.com