Partial Key Exposure Attacks on RSA
Dr Benne de Weger
Technische Universiteit Eindhoven
RSA implementations may leak bits of the private exponent
by side channel attacks, such as DPA on smart card implementations.
When a sufficiently large part of the private key is known to an
attacker, he can use number-theoretic methods to compute the
full private key and factor the RSA modulus. This is based on
Coppersmith's methods for finding small zeroes of polynomials,
diophantine approximation techniques and lattice basis reduction
algortihms. The talk will present the latest developments in this
area.
This is joint work with Matthias Ernst and Alexander May
(Univ. Paderborn) and Ellen Jochemsz (TU Eindhoven).