---------
# Modular Exponentiation Analysis
---------

Chip manufacturers usually embed arithmetic coprocessors to compute modular multiplications x × y mod n for long integers x, y and n.

Montgomery introduced in [Mon85] an efficient algorithm named Montgomery Modular Multiplication. 

Other techniques exist: interleaved multiplication- reduction with Knuth, Barrett, Sedlack or Quisquater methods [Dhe98].

<img src='images/MontMul.png' style='width: 700px; float:center'>


Modular exponentiation is the most time-consuming operation of RSA primitives. It is then essential to use an efficient method for exponentiation. Alg. 2.3. below, based on MontMul, gives the Montgomery exponentiation algorithm and is particularly suited for embedded RSA implementations.

<img src='images/MontModExp.png' style='width: 700px; float:center'>


**References**


[Dhe98] Dhem, J.-F.: Design of an efficient public-key cryptographic library for RISC-based smart cards. PhD thesis, Université catholique de Louvain, Louvain (1998)

[KAK96] Koc, C ̧ K., Acar, T., Kaliski, B.-S.: Analysing and comparing Montgomery multiplication algorithms. IEEE Micro 16(3), 26–33 (1996)

[Mon85] Montgomery, P.L.: Modular multiplication without trial division. Mathematics of Computation 44(170), 519–521 (1985)

---------


The traces given here are using Montgomery modular multiplication for the RSA exponentiation.

In [1]:
import estraces
import scared
import numpy as np

In [2]:
modulus_bit_length = 1024
n_mod = 0xB828D7D0131A42A9FF63041DB16306639646E436367526638355881B831E7FAF33AE61EF6FC6E8961F4D6988A7F7A95FE9AC065E9A0C39595867DFE2ABFF9FA2C7876422AD5A40DEE4443EA7E019C32C9F6E172870CD7CA675AE705CA9148221506DA849DDA38A1B5701DDC554297F457A25A9FE5FAC2008B5D2FCA1C5BC281F
e_pub = 3

In [4]:
ths = estraces.read_ths_from_ets_file('../SideSCA-Traces-Public/RSA_SaM_traces.ets')

---------
---------

<img src='images/DoIt.png' style='width: 100px'>

## The traces below contain the beginning of the exponentiation for the first three secret bytes of exponent. 

## ---> Recover these secret three bytes.

---------
---------