In this paper, we want to promote the influence of randomized arithmetic on the leaks during a code execution. When somebody wants to extract some specific information from these leaks, one can observe different emanations of the device like power consumption. These leaks mostly come from the variations of the Hamming distances of the successive states of the system. This phenomenon is particularly critical for cryptographic devices. Our work evaluates the resilience of randomized moduli in Residue Number System (RNS) against Correlation Power Analysis (CPA), Differential Power Analysis (DPA). Our analysis is illustrated through the evaluation of scalar multiplication on an elliptic curve using the Montgomery Powering Ladder (MPL) algorithm which protects from Simple Power Analysis (SPA). We also propose an evaluation based on the Maximum Likelihood Estimator (MLE), which crosses the information of the whole state vector, instead of analysing only the current state like with CPA or DPA. Furthermore, MLE gives better performance and smooths the results allowing a better evaluation of the behaviour of the leakage. Our experimental evaluation suggests that the number of observations, needed to perform exploitable information leakage, is proportional to the number of possible RNS bases.

中文翻译：

---

随机 RNS 算法相对于加密计算的旁道泄漏的弹性

在本文中，我们希望提升随机算法对代码执行过程中泄漏的影响。当有人想从这些泄漏中提取一些特定信息时，可以观察到设备的不同辐射，如功耗。这些泄漏主要来自系统连续状态的汉明距离的变化。这种现象对于加密设备尤其重要。我们的工作评估了残数系统 (RNS) 中随机模量对相关功率分析 (CPA)、差分功率分析 (DPA) 的弹性。我们的分析通过使用蒙哥马利动力阶梯 (MPL) 算法对椭圆曲线上的标量乘法进行评估来说明，该算法可防止简单功率分析 (SPA)。我们还提出了基于最大似然估计器 (MLE) 的评估，它跨越整个状态向量的信息，而不是像 CPA 或 DPA 那样只分析当前状态。此外，MLE 提供了更好的性能并平滑了结果，从而可以更好地评估泄漏行为。我们的实验评估表明，执行可利用信息泄漏所需的观察次数与可能的 RNS 基数成正比。