The Miller–Rabin test with randomized exponents
We analyze a variant of the well-known Miller–Rabin test, that may be useful in preventing side-channel attacks to the random prime generation on smart cards: In the Miller–Rabin primality test for a positive integer n, one computes repeatedly the expression aω (mod n) for random bases a ∈ ℕ and exp...
| Main Author: | |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
De Gruyter
2009-12-01
|
| Series: | Journal of Mathematical Cryptology |
| Subjects: | |
| Online Access: | https://doi.org/10.1515/JMC.2009.019 |
| Summary: | We analyze a variant of the well-known Miller–Rabin test, that may be useful in preventing side-channel attacks to the random prime generation on smart cards: In the Miller–Rabin primality test for a positive integer n, one computes repeatedly the expression aω (mod n) for random bases a ∈ ℕ and exponents ω such that ω divides n – 1 and (n – 1)/ω is a power of 2. In each round one chooses, at random, a different base a, and uses binary exponentiation to compute aω (mod n). ‘Listening’ to many rounds, it seems at least plausible that an outside spy could retrieve the integer n – 1. |
|---|---|
| ISSN: | 1862-2976 1862-2984 |