| 摘要 |
A modular exponentiation comprising iterative modular multiplications steps and taking as input a first modulus N, a secret exponent d and a base x. During at least one modular multiplication step aiming at computing a result c from two values a, b and the first modulus N so that c=a·b mod N, a processor takes as input the two values a, b and the first modulus N from which are obtained two operands a′, b′ and a second modulus N′ using operations with at most linear complexity—at least one of the two operands a′, b′ is different from the two values a, b, and the two operands a′, b′ are different when a is equal to b—so that the modular multiplication c=a·b mod N from a side-channel viewpoint behaves like a modular squaring except for when a′ equals b′. |
