2024-03-28T23:31:40Zhttps://ipsj.ixsq.nii.ac.jp/ej/?action=repository_oaipmhoai:ipsj.ixsq.nii.ac.jp:002014042023-11-14T00:51:14Z06164:06165:06462:10022
Information Leakage through Passive Timing Attacks on RSA Decryption SystemInformation Leakage through Passive Timing Attacks on RSA Decryption SystemengRSA,timing attack,Information Theory,quantitative information flow analysishttp://id.nii.ac.jp/1001/00201311/Conference Paperhttps://ipsj.ixsq.nii.ac.jp/ej/?action=repository_action_common_download&item_id=201404&item_no=1&attribute_id=1&file_no=1Copyright (c) 2019 by the Information Processing Society of Japan名古屋大学名古屋大学平田, 智紀楫, 勇一The running time of an RSA decryption program exposes certain information of the concealed decryption key due to their correlation. However, it is not easy to estimate the amount of information that leaks through the running time because practical decryption programs are complicated and difficult to analyze. This study focuses on two decryption algorithms, and derives well-defined formulas of the mutual information between the running time and the decryption key. The formula can be used to compare the actual amount of information that a passive timing attacker can learn, and contributes to the quantitative discussion of the possible risk of passive timing attacks. Based on the formulas, the amount of information leakage is computed numerically for those two algorithms with practical parameters.The running time of an RSA decryption program exposes certain information of the concealed decryption key due to their correlation. However, it is not easy to estimate the amount of information that leaks through the running time because practical decryption programs are complicated and difficult to analyze. This study focuses on two decryption algorithms, and derives well-defined formulas of the mutual information between the running time and the decryption key. The formula can be used to compare the actual amount of information that a passive timing attacker can learn, and contributes to the quantitative discussion of the possible risk of passive timing attacks. Based on the formulas, the amount of information leakage is computed numerically for those two algorithms with practical parameters.ISSN 1882-0840コンピュータセキュリティシンポジウム2019論文集20197847912019-10-142019-12-10