| 摘要 |
A modular exponentiation comprising iterative modular multiplications steps and taking as input a first modulus N , a secret exponent d and a base x . During at least one modular multiplication step aiming at computing a result c from two values a , b and the first modulus N so that c = a · b mod N , a processor (120) takes as input the two values a , b and the first modulus N from which are obtained two operands a ', b ' and a second modulus N ' using operations with at most linear complexity - at least one of the two operands a', b' is different from the two values a , b, and the two operands a ', b ' are different when a is equal to b - so that the modular multiplication c = a · b mod N from a side-channel viewpoint behaves like a modular squaring except for when a ' equals b '. An intermediate result c ' = a'·b' mod N' is computed, and the result c is derived from the intermediate result c ' using an operation with at most linear complexity; and the result c is used in the modular exponentiation. |
