{"metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00201405","sets":["6164:6165:6462:10022"]},"path":["10022"],"owner":"44499","recid":"201405","title":["Sliding Window法の誤りつき演算情報を用いたCRT-RSA秘密鍵復元手法"],"pubdate":{"attribute_name":"公開日","attribute_value":"2019-10-14"},"_buckets":{"deposit":"46cdc1f9-caf3-49bb-9aea-4484bcca20b8"},"_deposit":{"id":"201405","pid":{"type":"depid","value":"201405","revision_id":0},"owners":[44499],"status":"published","created_by":44499},"item_title":"Sliding Window法の誤りつき演算情報を用いたCRT-RSA秘密鍵復元手法","author_link":["492394","492395","492393","492396"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"Sliding Window法の誤りつき演算情報を用いたCRT-RSA秘密鍵復元手法"},{"subitem_title":"Recovering CRT-RSA Secret Keys from Square-and-Multiply Sequences with Errors in Sliding Window Method","subitem_title_language":"en"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"CRT-RSA暗号方式，べき乗算，Sliding Window法，秘密鍵復元，誤り訂正","subitem_subject_scheme":"Other"}]},"item_type_id":"18","publish_date":"2019-10-14","item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_18_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"東京大大学院情報理工学系研究科"},{"subitem_text_value":"筑波大学大学院システム系"}]},"item_18_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"Graduate School of Information Science and Technology, The University of Tokyo","subitem_text_language":"en"},{"subitem_text_value":"University of Tsukuba","subitem_text_language":"en"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/201405/files/IPSJCSS2019112.pdf","label":"IPSJCSS2019112.pdf"},"date":[{"dateType":"Available","dateValue":"2021-10-14"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJCSS2019112.pdf","filesize":[{"value":"474.1 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"30"},{"tax":["include_tax"],"price":"0","billingrole":"46"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"16e8850f-f784-46f9-a1c2-913fc4625eec","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2019 by the Information Processing Society of Japan"}]},"item_18_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"大西, 健斗"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"國廣, 昇"}],"nameIdentifiers":[{}]}]},"item_18_creator_6":{"attribute_name":"著者名(英)","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"Kento, Oonishi","creatorNameLang":"en"}],"nameIdentifiers":[{}]},{"creatorNames":[{"creatorName":"Noboru, Kunihiro","creatorNameLang":"en"}],"nameIdentifiers":[{}]}]},"item_18_relation_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_relation_type_id":{"subitem_relation_type_select":"NCID","subitem_relation_type_id_text":"ISSN　1882-0840"}}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_5794","resourcetype":"conference paper"}]},"item_18_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"本発表では，Sliding Window法で実装されたCRT-RSA暗号方式に対し，サイドチャネル情報を用いた秘密鍵復元手法を提案する．Sliding Window法は，二乗算と倍算を用いた，べき乗算の計算手法である．Bernsteinらは，CHES 2017 において，Sliding Window法の二乗算と倍算の実行履歴の取得手法を提案した．さらに，彼らは，実行履歴が正確に取得された状況下で，CRT-RSA秘密鍵復元手法を提案し，window 幅 ωが 4 以下ならば，秘密鍵復元が多項式時間であることを証明した．しかし，実際の実行履歴の取得には誤りが伴い，その場合，彼らの手法は，秘密鍵復元に失敗する．OonishiとKunihiroは，誤りつき実行履歴からの秘密鍵復元手法を提案したが，ω= 1,2の場合でしか，多項式時間で復元可能な誤りの解析を行っていない．本発表では，まず，新たな秘密鍵復元手法を提案する．次に，ω =1,2 では，より多くの誤りの下で，多項式時間で復元可能であることを証明し，ω= 3,4 においても，復元可能な誤りの解析を行う．さらに，数値実験による検証を行う．","subitem_description_type":"Other"}]},"item_18_description_8":{"attribute_name":"論文抄録(英)","attribute_value_mlt":[{"subitem_description":"We discuss side-channel attacks on the CRT-RSA encryption scheme implemented by Sliding Window method. Sliding Window method calculates exponentiations by repeating squaring and multiplication. In CHES~2017, Bernstein et al. proposed side-channel attacks of obtaining square-and-multiply sequences in Sliding Window method. Moreover, they proposed the method of recovering CRT-RSA secret keys from the correct square-and-multiply sequences, and they proved that their method recover secret keys in polynomial time when window size ω is less than 4. However, there are errors in obtained square-and-multiply sequences, and their method fail to recover secret keys because of errors. Oonishi and Kunihiro proposed the method of recovering secret keys from square-and-multiply sequences with errors, but they analyze tolerable errors only when ω=1,2. In this presentation, we propose new method of recovering secret keys. We prove that we recover secret keys in polynomial time with more errors when ω=1,2 than previous result, and we analyze tolerable errors when ω=3,4. After that, we verify our analysis by numerical experiment.","subitem_description_type":"Other"}]},"item_18_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"799","bibliographic_titles":[{"bibliographic_title":"コンピュータセキュリティシンポジウム2019論文集"}],"bibliographicPageStart":"792","bibliographicIssueDates":{"bibliographicIssueDate":"2019-10-14","bibliographicIssueDateType":"Issued"},"bibliographicVolumeNumber":"2019"}]},"relation_version_is_last":true,"weko_creator_id":"44499"},"id":201405,"updated":"2025-01-19T21:03:07.382083+00:00","links":{},"created":"2025-01-19T01:04:40.501591+00:00"}