| 摘要 |
A cryptographic method carries out a modular exponentiation of the type C=A<B1> mod N, where A is an operand, B1 is a first exponent, N is a modulus and C is a result. The method includes the steps of masking the operand A by a number s, carrying out a modular exponentiation of the masked operand by the exponent B1, and de masking the result of the exponentiation, by removing a contribution from the random number s from the result of the exponentiation. During the step of masking the operand A, the operand A is multiplied by a parameter of the form K<s.B2>, where K is a constant and B2 is a second exponent such that B1.B2=1 mod N. The method is implemented preferably by using a Montgomery multiplier. The preferred choice for the constant K is K=2P, p being an integer lying between 0 and n, n being an upper bound of the size of the modulus N and conventionally depending on the choice of implementation of the Montgomery multiplication.
|
