Vol.36, No.2, 2021, pp.417-434, doi:10.32604/csse.2021.014460
Clustering Collision Power Attack on RSA-CRT
  • Wunan Wan1,*, Jun Chen1, Jinyue Xia2, Jinquan Zhang1, Shibin Zhang1, Hao Chen1
1 School of Cybersecurity, Chengdu University of Information Technology, Chengdu, 610225, China
2 International Business Machines Corporation (IBM), New York, 10041 NY 212, USA
* Corresponding Author: Wunan Wan. Email:
Received 22 September 2020; Accepted 23 October 2020; Issue published 05 January 2021
In this paper, we propose two new attack algorithms on RSA implementations with CRT (Chinese remainder theorem). To improve the attack efficiency considerably, a clustering collision power attack on RSA with CRT is introduced via chosen-message pairs. This attack method is that the key parameters dp and dq are segmented by byte, and the modular multiplication collisions are identified by k-means clustering. The exponents dp and dq were recovered by 12 power traces of six groups of the specific message pairs, and the exponent d was obtained. We also propose a second order clustering collision power analysis attack against RSA implementation with CRT, which applies double blinding exponentiation. To reduce noise and artificial participation, we analyze the power points of interest by preprocessing and k-means clustering with horizontal correlation collisions. Thus, we recovered approximately 91% of the secret exponents manipulated with a single power curve on RSA-CRT with countermeasures of double blinding methods.
Collision attack; power analysis attack; chosen-message attack; module exponentiation; RSA-CRT
Cite This Article
W. Wan, J. Chen, J. Xia, J. Zhang, S. Zhang et al., "Clustering collision power attack on rsa-crt," Computer Systems Science and Engineering, vol. 36, no.2, pp. 417–434, 2021.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.