Abstract

The naive implementation of an exponentiation used in public key cryptography may reveal a secret key to the attacker by several side-channel attacks. Recently, a novel square-always exponentiation algorithm based on trading multiplications for squarings is proposed. This algorithm for RSA implementation is faster than existing regular countermeasures against side-channel attacks. This paper suggests that the right-to-left square-always exponentiation algorithm is vulnerable to some sidechannel attacks: collision distance-based doubling, chosen-message SPA, and CPA-based combined attacks. The chosen-message SPA attack can be intactly applied to this algorithm. The other two attacks are variants of the doubling attack and SPA-based combined attack, respectively. In addition, the paper presents an improved right-to-left square-always algorithm resistant to existing and proposed power analysis attacks by using the additive message blinding method and the message update technique before the main iterative operation.