An improved side channel attack using event information of subtraction

•We suggest event occurrence based power signal model.•In this assumption, we suggest new attack method on reduction step of RSA-CRT.•We prove that proposed attack is possible to extract key theoretically.•Also, we show experimental results using our technique of software boards.•There are unpredicted patterns, so we analyze the reason of the results, namely ghost key patterns.

RSA-CRT is a widely used algorithm that provides high performance implementation of the RSA-signature algorithm. Many previous studies on each operation step have been published to verify the physical leakages of RSA-CRT when used in smart devices. This paper proposes SAED (subtraction algorithm analysis on equidistant data), which extracts sensitive information using the event information of the subtraction operation in a reduction algorithm. SAED is an attack method that uses algorithm-dependent power signal changes. An adversary can extract a key using differential power analysis (DPA) of the subtraction operation. This paper indicates the theoretical rationality of SAED, and shows that its results are better than those of other methods. According to our experiments, only 256 power traces are sufficient to acquire one block of data. We verify that this method is more efficient than those proposed in previously published studies.