International Association for Cryptologic Research

International Association
for Cryptologic Research

IACR News item: 18 August 2015

Jean-Luc Danger, Sylvain Guilley, Philippe Hoogvorst, Cédric Murdica, David Naccache
ePrint Report ePrint Report
At CHES 2001, Walter introduced the Big Mac attack against an implementation of RSA. It is an horizontal collision attack, based on the detection of common operands in two multiplications. The attack is very powerful since one single power trace of an exponentiation permits to recover all bits of the secret exponent. Moreover, the attack works with unknown or blinded input. The technique was later studied and

improved by Clavier et alii and presented at INDOCRYPT 2012. At SAC 2013, Bauer et alii presented the rst attack based on the Big Mac principle on implementations based on elliptic curves with simulation results.

In this work, we improve the attack presented by Bauer et alii to considerably increase the success rate. Instead of comparing only two multiplications, the targeted implementation

permits to compare many multiplications. We give experiment results with traces taken from a real target to prove the soundness of our attack. In fact, the experimental results show that the original Big Mac technique given by Walter was better

that the technique given by Clavier et alii. With our experiments on a real target, we show that the theoretical improvements are not necessarily the more suitable methods depending on the targeted implementations.

Expand

Additional news items may be found on the IACR news page.