Download pdf
Probing RSA's weak spots: Dissecting timing attacks and Euclidean method exploitations
- 1 University of California
- 2 Macao Polytechnic University
* Author to whom correspondence should be addressed.
Abstract
The RSA encryption system, a cornerstone of numerous cryptographic frameworks, has long enjoyed a reputation for robustness. However, its strength is inherently tethered to the meticulous selection and management of its foundational prime numbers, p and q. This study delves into a nuanced vulnerability that surfaces when p and q assume particularly large values. Within this context, we illuminate how the Euclidean method can be weaponized to swiftly decipher RSA-encrypted messages, unveiling the original plaintext with surprising efficiency. Intriguingly, our analysis also uncovers that harnessing parallel computation for the Euclidean method expedites decryption exponentially, accentuating this vulnerability. Such revelations cast a spotlight on a delicate balancing act between computational prowess and cryptographic fortitude. The insights gleaned from our research emphasize the paramount importance of judicious prime selection in the RSA framework. They also caution about the unforeseen pitfalls that might lurk behind algorithmic enhancements in cryptographic contexts. Through this investigation, we aspire to catalyse a critical re-evaluation of RSA's real-world deployments and champion a more circumspect, continually adaptive approach to designing cryptographic systems.
Keywords
Parallel Computing, RSA, Euclidean Algorithm, Timing Attacks, Cryptographic Security
[1]. Aldaya, A. C., García, C. P., Tapia, L. M. A., & Brumley, B. B. (2018). Cache-timing attacks on RSA key generation. Cryptology ePrint Archive.
[2]. Chen, C., Wang, T., Kou, Y., Chen, X., & Li, X. (2013). Improvement of trace-driven I-Cache timing attack on the RSA algorithm. Journal of Systems and Software, 86(1), 100-107.
[3]. Acıiçmez, O., Gueron, S., & Seifert, J. P. (2007). New branch prediction vulnerabilities in OpenSSL and necessary software countermeasures. In Cryptography and Coding: 11th IMA International Conference, Cirencester, UK, December 18-20, 2007. Proceedings 11 (pp. 185-203). Springer Berlin Heidelberg.
[4]. Zhu, X., Xu, H., Zhao, Z., & others. (2021). An Environmental Intrusion Detection Technology Based on WiFi. Wireless Personal Communications, 119(2), 1425-1436.
[5]. Weiser, S., Spreitzer, R., & Bodner, L. (2018, May). Single trace attack against RSA key generation in Intel SGX SSL. In Proceedings of the 2018 on Asia Conference on Computer and Communications Security (pp. 575-586).
[6]. Aldaya, A. C., & Brumley, B. B. (2020). When one vulnerable primitive turns viral: Novel single-trace attacks on ECDSA and RSA. Cryptology ePrint Archive.
[7]. Thirumalai, C., Mohan, S., & Srivastava, G. (2020). An efficient public key secure scheme for cloud and IoT security. Computer Communications, 150, 634-643.
[8]. Aslam, M., & Bilal, A. (2014). Implementation of rsa algorithm secure against timing attacks using fpga. International Journal of Engineering Research & Technology (IJERT), 1.
[9]. Cabrera Aldaya, A., Cuiman Marquez, R., Cabrera Sarmiento, A. J., & Sánchez‐Solano, S. (2017). Side‐channel analysis of the modular inversion step in the RSA key generation algorithm. International Journal of Circuit Theory and Applications, 45(2), 199-213.
[10]. Strenzke, F. (2010). A timing attack against the secret permutation in the McEliece PKC. In Post-Quantum Cryptography: Third International Workshop, PQCrypto 2010, Darmstadt, Germany, May 25-28, 2010. Proceedings 3 (pp. 95-107). Springer Berlin Heidelberg.
Cite this article
Tan,S.;Tong,S. (2024). Probing RSA's weak spots: Dissecting timing attacks and Euclidean method exploitations. Applied and Computational Engineering,36,192-197.
Data availability
The datasets used and/or analyzed during the current study will be available from the authors upon reasonable request.
Disclaimer/Publisher's Note
The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of EWA Publishing and/or the editor(s). EWA Publishing and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content.
About volume
Volume title: Proceedings of the 2023 International Conference on Machine Learning and Automation
© 2024 by the author(s). Licensee EWA Publishing, Oxford, UK. This article is an open access article distributed under the terms and
conditions of the Creative Commons Attribution (CC BY) license. Authors who
publish this series agree to the following terms:
1. Authors retain copyright and grant the series right of first publication with the work simultaneously licensed under a Creative Commons
Attribution License that allows others to share the work with an acknowledgment of the work's authorship and initial publication in this
series.
2. Authors are able to enter into separate, additional contractual arrangements for the non-exclusive distribution of the series's published
version of the work (e.g., post it to an institutional repository or publish it in a book), with an acknowledgment of its initial
publication in this series.
3. Authors are permitted and encouraged to post their work online (e.g., in institutional repositories or on their website) prior to and
during the submission process, as it can lead to productive exchanges, as well as earlier and greater citation of published work (See
Open access policy for details).