# Defeating modexp side-channel attacks with data-independent execution traces

@inproceedings{Granlund2013DefeatingMS, title={Defeating modexp side-channel attacks with data-independent execution traces}, author={Torbj{\"o}rn Granlund}, year={2013} }

We present an efficient algorithm for computing m mod N , which is resilient to common side-channel attacks. For any two sets of n-bit operands, the algorithm performs the same sequence of operations and yields the exact same memory access traces. It is side-channel silent under reasonable assumptions of the underlying hardware’s side-channel silence for basic word operations. We have implemented the algorithm as part of the GMP library, and show that it is almost as efficient as corresponding…

## Tables from this paper

## References

SHOWING 1-10 OF 10 REFERENCES

Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

- Computer Science, MathematicsCRYPTO
- 1996

By carefully measuring the amount of time required tm perform private key operalions, attackers may be able to find fixed Diffie-Hellman exponents, factor RSA keys, and break other cryptosystems.…

Remote timing attacks are practical

- Computer Science, MathematicsComput. Networks
- 2005

Division by invariant integers using multiplication

- Computer Science, MathematicsPLDI '94
- 1994

This paper presents code sequences for division by arbitrary nonzero integer constants and run-time invariants using integer multiplication using a two's complement architecture, and treats unsigned division, signed division, and division where the result is known a priori.

Modular multiplication without trial division

- Mathematics, Computer Science
- 1985

A method for multiplying two integers modulo N while avoiding division by N, a representation of residue classes so as to speed modular multiplication without affecting the modular addition and subtraction algorithms.

Improved Division by Invariant Integers

- Computer ScienceIEEE Transactions on Computers
- 2011

An algorithm is described that produces a quotient and remainder using one umul and one umullo, which is an improvement over earlier methods, since the new method uses cheaper multiplication operations.

Handbook of Applied Cryptography

- Computer Science, Mathematics
- 1996

From the Publisher:
A valuable reference for the novice as well as for the expert who needs a wider scope of coverage within the area of cryptography, this book provides easy and rapid access of…

GNU multiple precision arithmetic library, version 5.0, September 2013. https:// gmplib.org

- 2013

Kocher . Timing attacks on implementations of Diffie - Hellman , RSA , DSS , and other systems

- Seminumerical Algorithms , volume 2 of The Art of Computer Programming
- 1998

Seminumerical Algorithms, volume 2 of The Art of Computer Programming

- 1998

Karatsuba . Doklady Akad

- Nauk SSSR
- 1962