Efficient Leak Resistant Modular Exponentiation in RNS

The leak resistant arithmetic in RNS was introduced in 2004 to randomize RSA modular exponentiation. This randomization is meant to protect implementations on embedded device from side channel analysis. We propose in this paper a faster version of the approach of Bajard et al. in the case of right-to-left square-and-multiply exponentiation. We show that this saves roughly 30% of the computation when the randomization is done at each loop iteration. We also show that the level of randomization of the proposed approach is better than the one of Bajard et al. after a few number of loop iterations.