@article{oai:uec.repo.nii.ac.jp:00008895,
 author = {SUGAWARA, Takeshi and SUZUKI, Daisuke and SAEKI, Minoru},
 issue = {7},
 journal = {IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences},
 month = {Jul},
 note = {The single-shot collision attack on RSA proposed by Hanley et al. is studied focusing on the difference between two operands of multiplier. It is shown that how leakage from integer multiplier and long-integer multiplication algorithm can be asymmetric between two operands. The asymmetric leakage is verified with experiments on FPGA and micro-controller platforms. Moreover, we show an experimental result in which success and failure of the attack is determined by the order of operands. Therefore, designing operand order can be a cost-effective countermeasure. Meanwhile we also show a case in which a particular countermeasure becomes ineffective when the asymmetric leakage is considered. In addition to the above main contribution, an extension of the attack by Hanley et al. using the signal-processing technique of Big Mac Attack is presented.},
 pages = {1323--1333},
 title = {Asymmetric Leakage from Multiplier and Collision-Based Single-Shot Side-Channel Attack},
 volume = {E99.A},
 year = {2016}
}