@inproceedings{oai:ipsj.ixsq.nii.ac.jp:00201405,
 author = {大西, 健斗 and 國廣, 昇 and Kento, Oonishi and Noboru, Kunihiro},
 book = {コンピュータセキュリティシンポジウム2019論文集},
 month = {Oct},
 note = {本発表では，Sliding Window法で実装されたCRT-RSA暗号方式に対し，サイドチャネル情報を用いた秘密鍵復元手法を提案する．Sliding Window法は，二乗算と倍算を用いた，べき乗算の計算手法である．Bernsteinらは，CHES 2017 において，Sliding Window法の二乗算と倍算の実行履歴の取得手法を提案した．さらに，彼らは，実行履歴が正確に取得された状況下で，CRT-RSA秘密鍵復元手法を提案し，window 幅 ωが 4 以下ならば，秘密鍵復元が多項式時間であることを証明した．しかし，実際の実行履歴の取得には誤りが伴い，その場合，彼らの手法は，秘密鍵復元に失敗する．OonishiとKunihiroは，誤りつき実行履歴からの秘密鍵復元手法を提案したが，ω= 1,2の場合でしか，多項式時間で復元可能な誤りの解析を行っていない．本発表では，まず，新たな秘密鍵復元手法を提案する．次に，ω =1,2 では，より多くの誤りの下で，多項式時間で復元可能であることを証明し，ω= 3,4 においても，復元可能な誤りの解析を行う．さらに，数値実験による検証を行う．, We discuss side-channel attacks on the CRT-RSA encryption scheme implemented by Sliding Window method. Sliding Window method calculates exponentiations by repeating squaring and multiplication. In CHES~2017, Bernstein et al. proposed side-channel attacks of obtaining square-and-multiply sequences in Sliding Window method. Moreover, they proposed the method of recovering CRT-RSA secret keys from the correct square-and-multiply sequences, and they proved that their method recover secret keys in polynomial time when window size ω is less than 4. However, there are errors in obtained square-and-multiply sequences, and their method fail to recover secret keys because of errors. Oonishi and Kunihiro proposed the method of recovering secret keys from square-and-multiply sequences with errors, but they analyze tolerable errors only when ω=1,2. In this presentation, we propose new method of recovering secret keys. We prove that we recover secret keys in polynomial time with more errors when ω=1,2 than previous result, and we analyze tolerable errors when ω=3,4. After that, we verify our analysis by numerical experiment.},
 pages = {792--799},
 publisher = {情報処理学会},
 title = {Sliding Window法の誤りつき演算情報を用いたCRT-RSA秘密鍵復元手法},
 volume = {2019},
 year = {2019}
}