| 摘要 |
<p>A modular exponentiation comprising iterative modular multiplications steps and taking as input a first modulus N, a secret exponent d and a base x. During at least one modular multiplication step aiming at computing a result c from two values a, b and the first modulus N so that c = a.cndot.b mod N, a processor (120) takes as input the two values a, b and the first modulus N from which are obtained two operands a', b' and a second modulus N' using operations with at most linear complexity -at least one of the two operands a', b' is different from the two values a, b, and the two operands a', b' are different when a is equal to b - so that the modular multiplication c = a.cndot.b mod N from a side-channel viewpoint behaves like a modular squaring except for when a' equals b'. An intermediate result c' = a'.cndot.b' mod N' is computed, and the result c is derived from the intermediate result c' using an operation with at most linear complexity; and the result c is used in the modular exponentiation.</p> |
