SPA/SEMA (Simple Power/Electro-magnetic Analysis) attacks performed on public-key cryptographicmodules implemented on FPGA platforms are well known from the theoretical point of view. However, the practical aspect is not often developed in the literature. But researchers know that these attacks do not always work, like in the case of an RSA accelerator. Indeed, SEMA on RSA needs to make a difference between square and multiply which use the same logic; this contrast with SEMA on ECC, which is easier since doubling and add that are two different operations from the hardware point of view. In this paper, we wonder what to do if a SEMA fails to succeed on a device.Does it mean that no attack is possible? We show that hardware demodulation techniques allow the recording of a signal with more information on the leakage than a raw recording. Then, we propose a generic and fast method enabling to find out demodulation frequencies. The effectiveness of our methods is demonstrated through actual experiments using an RSA processor on the SASEBO FPGA board. We show cases where only demodulated signals permit to defeat RSA.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.