Reduce-by-Feedback: Timing Resistant and DPA-Aware Modular Multiplication Plus: How to Break RSA by DPA

Vielhaber, Michael

doi:10.1007/978-3-642-33027-8_27

Cited by 2 publications

(2 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…If implementing in software, skip directly to Theorem 24. An alternative implementation of division in Q and thus FQSRs, by Reduce-By-Feedback (see [21]), is shown in Table 13, right hand side.…”

Section: Remark 22mentioning

confidence: 99%

See 1 more Smart Citation

Rational complexity of binary sequences, F$\mathbb {Q}$SRs, and pseudo-ultrametric continued fractions in $\mathbb {R}$

2021

Self Cite

View full text Add to dashboard Cite

We introduce rational complexity, a new complexity measure for binary sequences. The sequence s ∈ Bω is considered as binary expansion of a real fraction $s \equiv {\sum }_{k\in \mathbb {N}}s_{k}2^{-k}\in [0,1] \subset \mathbb {R}$ s ≡ ∑ k ∈ ℕ s k 2 − k ∈ [ 0 , 1 ] ⊂ ℝ . We compute its continued fraction expansion (CFE) by the Binary CFE Algorithm, a bitwise approximation of s by binary search in the encoding space of partial denominators, obtaining rational approximations r of s with r → s. We introduce Feedback in$\mathbb {Q}$ ℚ Shift Registers (F$\mathbb {Q}$ ℚ SRs) as the analogue of Linear Feedback Shift Registers (LFSRs) for the linear complexity L, and Feedback with Carry Shift Registers (FCSRs) for the 2-adic complexity A. We show that there is a substantial subset of prefixes with “typical” linear and 2-adic complexities, around n/2, but low rational complexity. Thus the three complexities sort out different sequences as non-random.

show abstract

Section: Remark 22mentioning

confidence: 99%

“…More on the implementation of FQSRs in hardware can be found in [21], including the use of Brickell's delayed-carry-adder technique: Paper-and-pencil long division is a subset of RSA via modular exponentiation ⊇ multiplication mod Q ⊇ shift-and-add mod Q ⊇ shift (no add) mod Q = long division.…”

Section: Theorem 24 Fast Reinitialisation Of Fqsrsmentioning

confidence: 99%