## Abstract

We describe a parallel algorithm for modular exponentiation y ≡ x^{k} mod n. Then we discuss timing attacks against an implementation of the proposed parallel algorithm for modular exponentiation. When we have two processors, which perform modular exponentiation, an exponent k is scattered into two partial exponents k^{(0)} and k^{(1)}, where k^{(0)} and k^{(1)} are derived by bitwise AND operation from k such that k^{(0)} = k ∧ (0101⋯01)_{2} and k^{(1)} = k ∧(1010 ⋯10)_{2}. Two partial modular exponentiations y_{0} ≡ x^{k(0)} mod n and y_{1} ≡ x^{k(1)} mod n are performed in parallel using two processors. Then we can obtain y by computing y ≡ y_{0}y_{1} mod n. In general, the hamming weight of k^{(0)} and k^{(1)} are smaller than that of k. Thus fast computation of modular exponentiation y ≡ x^{k} mod n can be achieved. Moreover we show a timing attack against an implementation of this algorithm. We perform a software simulation of the attack and analyze security of the parallel implementation.

Original language | English |
---|---|

Pages (from-to) | 319-330 |

Number of pages | 12 |

Journal | Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) |

Volume | 2846 |

DOIs | |

Publication status | Published - 2003 |

## All Science Journal Classification (ASJC) codes

- Theoretical Computer Science
- Computer Science(all)