LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

True or false: "RSA is immune to side-channel attacks."

False — RSA is highly vulnerable to side-channel attacks, particularly power analysis (SPA/DPA) during the square-and-multiply computation of $m^d \mod N$.

A power trace of square-and-multiply reveals each bit of d: a 1-bit adds a taller multiply burst

* Every 1-bit of the private exponent triggers an extra multiply, so its larger power/timing signature lets an attacker read d straight off the trace. *

Why RSA is vulnerable:

  • Decryption/signing computes $m^d \mod N$ using SAM (Square-and-Multiply)
  • For each bit of $d$: a "1" bit causes a MULTIPLY + SQUARE, a "0" bit causes only a SQUARE
  • These operations have different power consumption and different timing
  • An attacker monitoring power traces can literally read the private key $d$ bit by bit

Known side-channel attacks on RSA:

  • Simple Power Analysis (SPA): Directly read the key from one power trace
  • Differential Power Analysis (DPA): Statistical analysis over many traces
  • Timing attacks: Different keys cause different computation times
  • Electromagnetic emissions: EM radiation leaks key information

Countermeasures:

  • Blinding: Randomize the computation using RSA's multiplicative property — multiply $m$ by a random $r^e$ before decryption, then divide by $r$ afterward
  • Constant-time implementations: Ensure every bit of the key takes the same time
  • Hardware shielding: EM and power filtering

Tip: The multiplicative property of RSA is both a weakness (malleability) AND a tool for defending against side channels (blinding). Context determines whether it's friend or foe.

Go deeper:

From Quiz: KRYPTOG / RSA | Updated: Jul 14, 2026