Clustering Collision Power Attack on RSA-CRT

In this paper, we propose two new attack algorithms on RSA implementations with CRT (Chinese remainder theorem). To improve the attack efficiency considerably, a clustering collision power attack on RSA with CRT is introduced via chosen-message pairs. This attack method is that the key parameters dp and dq are segmented by byte, and the modular multiplication collisions are identified by k-means clustering. The exponents dp and dq were recovered by 12 power traces of six groups of the specific message pairs, and the exponent d was obtained. We also propose a second order clustering collision power analysis attack against RSA implementation with CRT, which applies double blinding exponentiation. To reduce noise and artificial participation, we analyze the power points of interest by preprocessing and k-means clustering with horizontal correlation collisions. Thus, we recovered approximately 91% of the secret exponents manipulated with a single power curve on RSA-CRT with countermeasures of double blinding methods.


Introduction
Currently, most smart cards use the RSA algorithm to realize digital signature and identity authentication [1]. However, the implementation of RSA requires high power consumption, high execution time and computational power, and the execution time of RSA is 100 times slower than that of DES [2]. In 1982, Quisquate et al. [3] proposed a fast variant algorithm based on the CRT, which can greatly improve the performances of RSA in both running times and memory requirements. Thus, RSA implementations using CRT (RSA-CRT) are widely used in smart cards and embedded devices to ensure system security. However, cryptographic devices have been subject to side channel attack techniques since Kocher first introduced a power analysis attack based on execution time measurements in 1996 Kocher [4]. Side channel attacks (SCAs) have attracted the attention of many researchers, and many SCA attacks against RSA-CRT cryptosystems have been proposed, such as simple power analysis (SPA) [5,6], differential power analysis (DPA) [7][8][9], and template attack [10].

Related Works
In 2000, a timing attack against RSA-CRT was first proposed if the Montgomery algorithms were used for squaring and multiplication operations [11]. In 2002, Boer first presented a DPA attack against RSA-CRT [7], namely, modular reduction on equidistant data (MRED), by choosing ciphertexts of equidistant data, in which an additional modular reduction is performed at the end of the operation according to the input data. However, a basic precondition of the MRED attack is that the attacker is required to have the possibility of choosing messages. Subsequently, several improved DPA attacks based on MRED have been proposed [8].
In 2009, Witteman [12] proposed a DPA on RSA-CRT without requiring any knowledge of the input message. This attack can retrieve both primes and private keys by splitting intermediate results during the reorganization process. DPA attacks on RSA-CRT of the Montgomery domain were developed [13,14]. In 2018, Kaedi et al. [15] presented a DPA attack on the modular reduction in RSA-CRT, named nonequidistant plaintext on modular reduction (NEMR). This attack requires choosing nonequidistant plaintext and has a lower level of accessibility than a chosen equidistant plaintext attack by Boer et al. Several SPA attacks on RSA-CRT have been presented. Novka [5] described the SPA with adaptively chosen messages when the Garner's algorithm implemented the CRT in 2002. Pouque et al. [6] improved the Novak's attack with a combination of grid technology and SPA. The collision power analysis against RSA was proposed by using the two related input messages "X" and "-X", "X" and "X 2 " or the particular input data of "N-1", where N is the modulus [16][17][18][19], and pointed out that these methods were equally effective for RSA-CRT Yen et al. [17].
To prevent these attacks, hardware protections and software countermeasures have been published, and the exponent and message blinding methods are the main countermeasures. In the exponent blinding method [20][21][22], the exponent is randomized or split, and consequently, subsequent exponentiation operations handle different exponential data. For message blinding methods [23][24][25], the message is multiplied by a random value, and this blinded message is then used in exponentiation algorithms.
However, advance attacks have recently emerged. Witteman et al. [26] presented the correlation power analysis (CPA) attack on the square and multiply always algorithm by cross-correlating measurements of consecutive operations sharing the same input values. Kim et al. [27] showed that correlation analysis can be used to retrieve the secret key for RSA derivatives of a message blinding countermeasure. Clavier noted that horizontal correlation attacks (HCAs) were effective in attacking almost all message blinding countermeasures [28][29][30]. Akalp et al. [31] proposed two correlation attacks on a Montgomery ladder implementation of the RSA algorithm. The cross correlation technique was introduced in Wan et al. [32], and the secret exponent with message blinding can be recovered by using this attack.
With the development of machine learning techniques [33][34][35][36][37][38][39], machine learning can provide efficient pattern recognition and feature extraction algorithms. Carbone et al. presented several successful profiled SCAs based on deep learning for RSA and pointed out the need for dedicated countermeasures [40]. Differential cluster analysis (DCA) as an extension to DPA was proposed in Batina et al. [41]. Cluster collision attacks presented by Chen are very efficient via two traces of execution on chosen inputs [42]. Heyszl et al. [43] introduced a clustering single execution attack for an elliptic curve scalar multiplication. In Perin et al. [44], explored and developed an attack by combining the fuzzy k-means algorithm for an RNS-based implementation of the RSA. Subsequently, improving nonprofiled attacks based on clustering by applying principal component analysis (PCA) against elliptic curve digital signature algorithm (ECDSA) was proposed [45]. In Wan et al. [46], a clustering correlation power analysis was described against double blinding exponentiation.

Our Contributions
SCA attacks on RSA-CRT with no countermeasures can be currently divided into two main types: attacks on the modular reduction step and attacks on the recombination step. Most DPA attacks against RSA-CRT are based on MRED attacks. The attacker chooses a large number of input data related to the prime numbers p and q in the modular reduction step. The proposed collision SPA attacks have been shown to be valid for RSA-CRT in theory by Yen et al. However, searching for collisions of modular multiplication is difficult due to noise in real environments. Moreover, Yen's collision attack takes place bit by bit, and if the 1-bit inference is an error, the subsequent bit will be affected. High-order correlation power analyses are effective for the blinding countermeasures of exponentiation according to the previous analysis; similarly, much noise leads to lower attack accuracy. Clustering is generally useful in SCAs. Clustering algorithms can provide a straightforward way to increase the signal-to-noise ratio (SNR) of the exploited leakage for side channel measurements. Therefore, we take advantage of the cluster classification K-mean algorithm to exploit leakage and to recover secret exponents for RSA-CRT. The cluster classifications are used at each phase to recover the entire exponent.
Our main contributions are listed as follows: 1) We put forward the innovative idea of clustering collision power attack based on exponent segment by byte on RSA-CRT with none countermeasures. The new attack method improves the utilization of valid information, and reduces the noise and artificial participation. The experimental results prove that the attack ration is more efficient on RSA-CRT in the IC (integrated circuit) card.
2) A new cluster collision power attack against double blinding exponentiation is proposed. We demonstrate how to find the points of interest using preprocessing and k-means clustering with only one execution power curve. The experimental results show that the new attack can enhance the attack efficiency compared with other CPA methods. The approximately 91% exponent was broken via a single power curve.
The rest of this paper is organized as follows. Section 2 introduces the relevant knowledge. Section 3 presents the clustering collision power attack against RSA-CRT of none countermeasures. Section 4 gives the new attack against countermeasures of double blinding exponentiation in RSA-CRT. Experimental results are reported in Section 5. Finally, the conclusions are proposed in Section 6.

RSA-CRT Algorithm
In a standard RSA algorithm, N ¼ pq denotes the n-bit public modulus, where the bits of two large prime numbers p and q are required to be equal, satisfying p; q 2 ffiffiffiffi N p . d is the secret private key and e is the public key, where de 1 mod ' N ð Þ ð Þ and ' denotes Euler's totient function, where ' N ð Þ ¼ p À 1 ð Þ q À 1 ð Þ. RSA signature and verification are modular exponentiation. Let M be a message to sign. A signature for M is As we know, the Chinese remainder theorem is a technique used to optimize RSA exponentiation. A detailed description of this algorithm can be found in [21]. In Algorithm 1, we describe the RSA signature generation using Garner's algorithm in [1].

Algorithm 1: RSA-CRT signature implementation
Input: Integers M, p, q, d p , d q , q inv , N, where d p dðmod p À 1Þ, d q dðmod q À 1Þ, q inv p À1 mod q ð Þ Output: s ¼ M d ðmod N ) 1: s p M d p ðmod p) 2: s q M d q ðmod q) 3: s s p À s q À Á Â q inv mod q ð Þ À Á Â p þ s p 4: return s In a CRT implementation, the signer first precomputes the reduced secret exponent values d p d mod p À 1 ð Þ , d q d mod q À 1 ð Þ , q inv p À1 mod q ð Þ and subsequently uses Algorithm 1 to compute the signature s. This algorithm does not require any reduction modulo N, but instead uses reductions modulo on the factors p and q. The size of p and q is approximately half the size of N, so CRT exponentiation is nearly four times faster than direct exponentiation [1].

Binary Modular Exponentiation Algorithm
Modular exponentiation is one of the most important arithmetic operations of the RSA-CRT algorithm. The Montgomery modular multiplication algorithm is the best approach on minimizing the computation cost of modular multiplication [7].
We define the modulus n as a k-bit integer, i.e., 2 kÀ1 < n < 2 k , n ¼ n kÀ1 ; Á Á Á ; n 1 ; n 0 ð Þ 2 and we let r ¼ 2 k , and gcd r; n ð Þ ¼ 1. The Montgomery product is defined as the n-residue: Algorithm 2 gives the Montgomery exponentiation algorithm, which performs multiplication and squaring operations in according with the bit pattern of the exponent. This is aleft-to-right binary method that starts at the exponent's MSB (most significant bit), and is thus called the L-R binary algorithm.

Exponent and Message Blinding Modular Exponentiation Algorithm
The exponent blinding method and the message blinding method can also be regarded as effective countermeasures for modular exponentiation algorithms. There are generally two type exponent blinding countermeasures in present [20][21][22][23][24][25]. Ha et al. [24] proposed a modular exponentiation protection method for double masking by using a random number r to blind the message and the exponent split. As is illustrated Algorithm 3, it is assumed that the length of m, r, or ' n ð Þ is k-bit. Let the exponent d to be split t and s, where And the message m is masked by random number r, the parameter c is a very small random value such that 0 < c < 2 8 . Algorithm 3 always executes square and multiplication in turn, and is therefore resistant to the SPA attacks of attempting to recover the key by identifying the different modular operations. And it is also resistant to DPA and the first order CPA, even if an attacker could distinguish the square and multiply operations, this would not lead to key computer. Therefore, the leakage model of Algorithm 3 will be given in following section in this paper.

New Cluster Collision Attack against RSA-CRT Based on Chosen-Message Pair
In this subsection, we propose a chosen-message clustering collision power attack against Algorithm 2 based on exponent segment by byte for RSA-CRT. In the scheme, the information leakage of loaded data was integrated into the information leakage of loaded data using a chosen-message pair, and the attack accuracy per byte of the secret exponent do not affect each other. The utilization of valid information is improved, and the noise and artificial participation are reduced by cluster analysis.

Choosing the Message Pairs for Secret Exponents in RSA-CRT
Two modular exponentiations s p M d p ðmod p) and s q M d q ðmod q) appear in Algorithm 1 for RSA-CRT. According to Fermat's theorem, the public key parameter modulus N ¼ pq, and thus formula (3) exists: Although p and q are unknown, the modulus N is given, and we can perform a different collision attack that uses the chosen-message pair "X" and "N-X", where the message "X" is random. The secret exponents d p and d q can be obtained by Yen's attack, and then exponent d can be calculated.

Power Leakage Model of Modular Multiplication Using a Chosen-Message Pair
The power consumption mainly depends on the operations and data of running cryptographic algorithms in cryptographic devices. In addition to these two dependent components, the existence of noise in the power traces is inevitable in a real attack environment. The total power consumption of the cryptosystem can be determined as follows: where P total is the total power, P op is the operation-dependent power consumption, P data is the datadependent power consumption, P el:noise denotes the power resulting from the electronic noise in the hardware, and P const is some constant power consumption, depending on the technical implementation.
Every power point of power traces can be modeled by formula (3). Every modular multiplication has the same operations, thus P op of each point is roughly the same, and P data depends on two operands of the multiplication. If two modular multiplications have two operands in common, referred to as "collision", P total is exactly the same in theory. Therefore, in turn, we can infer a collision relationship between modular multiplication operands according to the similarity of power consumption, as illustrated in Tab. 1.

Algorithm 3: Montgomery exponentiation based on double masking
Input: Integers m, n with m < n, r, the k-bit Þwere performed, we can distinguish a collision relation between two operands by quantifying the similarity of the power trace for the two modular operations. Therefore, Yen's attack uses the message pair "X" and "-X " for Algorithm 2 [17]. The secret exponent is inferred by detecting collisions of the squaring operations in two power traces. Fig. 1 shows Yen's attack against Algorithm 2. When the key bit d i ¼ 0, two squaring modular multiplications have the operand in common, and a "collision" between power traces can be observed. Therefore, if the differential value of two power traces is low for modular multiplication, we can infer that this and the former modular multiplication are "squaring" in theory, and the key bit of the former modular multiplication is "0".

Feature Analysis and Preprocessing of Power Traces
Each power trace of modular exponentiation is mainly composed of modular multiplication ("square(S)" and "multiplication (M)") and loads the operand ("L") between two modular multiplications. The power voltage of modular multiplication is high, as denoted P high , and the power voltage of load data is low, as denoted by P low . The power trace of modular multiplication can be extracted from the power trace, as shown in Fig. 3. Another choice, for the cipher chip is the MCU-coprocessor structure, and the number of bit processing data is 8 bits, i.e., the exponent is loaded by byte. Every byte exponent needs to increase the operation in load data, and thus there are two types of low power characteristics between modular multiplication operations, as denoted by P low wide and P low narrow in Fig. 2.  The power trace of modular exponentiation is segmented according to the power characteristic P low wide by byte of the secret private key. Every segment includes only modular multiplication while ignoring the load on the operand, as depicted in Fig. 3.
We extract the signals of modular multiplication related to Step 3 and Step 5 in Algorithm 2 from each power trace and begin with a definition.
Definition 1: A power trace with a z-byte private key with z segments of modular multiplication is denoted as follows: where every segment includes x modular multiplication operations, Seg i ¼ T i;1 ; T i;2 ; Á Á Á ; T i;x ½ ; 1 i z, and x is the dynamic change between 8 and 16. If a modular multiplication has w power points, the power trace of a modular multiplication, T i;j ¼ t i;w jÀ1 The attacker inputs u pairs of message "X" and "N-X", the same modulus N and the same secret key d into RSA-CRT cryptosystem devices, and executes Algorithm 1. We can collect u pairs of power traces. We define that Seg X v i is a segment of the power trace with input message "X", and Seg X 0 v i is a segment of the  power trace with input message "N-X", where 1 v u, 0 i z. The segment differential is performed between Seg X v i and Seg X 0 v i , and we can obtain a new difference segment, which is defined as follows: Therefore, we can obtain a new difference segment matrix: In a practical environment, due to noise, random time delay and random clock, it is difficult to distinguish collisions directly according to the difference segment D h i v i directly. We will give the collision cluster classification of modular in the next subsection.

Collision Cluster Classification of Modular Multiplication Operations
Each segment D h i v i has x difference values of modular multiplication operations for a 1-byte secret exponent. For noise, we compute the area of each modular multiplication difference and sum the difference areas with u input message pairs. We can obtain the difference area sum of modular multiplication in every segment: where 1 i z, 1 j x, s i;j ¼ P u k¼1 Trapz D k i;j Thus, s i;j can be classified into two classes (collision and noncollision) as a data set S i by applying the k-means algorithm. Here, we summarize the classification process [34,35,46]: 1. The data set S i consists of x samples s i;j , where 1 j x, 1 i z. 2. Set the two cluster centers l 1 and l 2 randomly. 3. For each sample s i;j of the data set S i , computer the Euclidean distance Dðs i;j ; m k Þ ¼ s i;j À u k 2 , where j ¼ 1; 2; Á Á Á ; x, k ¼ 1; 2. Classify samples s i;j according to the nearest l k . If Dðs i;j ; m k Þ ¼ min fDðs i;j ; m k Þ; k ¼ 1; 2g, then s i;j 2 G k , G k is a class cluster.

Recompute the two cluster centers
t is a new number in a new cluster, and N k represents the number of samples.

Computer the deviation:
6. Convergence the judgment: if J Convergence, then continue; else return to Step 3.

Recompute each cluster center
The steps are repeated z times, and all segments are classified. We can obtain two classes ("collision" and "noncollision") and denote the vector Y i ¼ y i;1 ; y i;2 ; Á Á Á ; y i;x Â Ã , where if s i;j 2 G i;1 , then let y i;j ¼ 1 ("collision"), else s i;j 2 G i;2 , then let y i;j ¼ 2 ("noncollision"). Fig. 4 shows that all segments can be classified in our practical experiments. The red band denots "noncollision", and the blue band indicates "collision".

Recovering the Secret Exponent
Moreover, Yen's collision attack is bit by bit, and the subsequent secret key bit may be affected if the 1-bit inference is an error. Therefore, in the case, the existing collision attacks could not be used to make the squaring operations distinction in Algorithm 2.
We can conclude the secret key d p by byte by segment classification cluster Y i for Algorithm 4.
end if 9: end while 10: o ¼ o À 1; 11: end for 12: return d p According to Algorithm 4, we know the secret parameter d p , and the modulus N is given. Thus, d p d mod p À 1 ð Þ , ed À 1 ¼ k p À 1 ð Þ, k 2 N and d p p À 1, we can compute where 2 1; e ½ Þ , k 2 1; e ½ Þ, the public key parameter e is a small integer(generally 65537), we can obtain a large prime number p by exhausting the k value, and then we can obtain the key d.

Cluster Collision Power Analysis against Double Blinding Exponentiation
In this subsection, a new cluster collision power attack against double blinding exponentiation is proposed by a single power trace. The proposed attack shows how to find the points of interest by using preprocessing and k-means clustering with only one execution power curve, and the attack accuracy can be improved. The new attack requires three phases: trace preprocessing, identification of points of interest and distinguishing the multiplications by using k-means clustering.

Power Leakage Model of Modular Multiplication-Based Correlation
The Pearson correlation coefficient of power curves can map the relation between operands [26]. For two multiplications a Â b mod n ð Þand c Â d mod n ð Þ, if the operands a ¼ c and b ¼ d, the correlation coefficient between power traces of two multiplications is approximately 1 in theory. If the operands a 6 ¼ c and b 6 ¼ d, the correlation coefficient is almost 0. If the operands a ¼ c and b 6 ¼ d or a ¼ c and b 6 ¼ d, the correlation coefficient is almost 0.5. Therefore, the correlation coefficients can be divided into three types of: high, medium and low, which we denote as R high , R medium , and R low respectively. We can divide the relations of the four operands into three categories according to the correlation coefficient (see Tab. 2).
According to Tab. 2, we can identify the relation of the operands by the relation of power consumption of two modular operations with two operations a Â b mod n ð Þand c Â d mod n ð Þin theory. We analyzed the power trace of Algorithm 3, mainly including "square (S)" of step 4 and "multiplication (M)" of step 5. The power traces of Step 4 and Step 5 can be extracted as shown in Fig. 5. Table 2: Relation between operands and power consumption Relation(R) Operands' relation for a,c, b,d We know that the multiplication operation of Step 5 is R ¼ R Â T t i s i ½ mod n ð Þ, where "T t i s i ½ " are only four types of T 00 ½ , T 10 ½ , T 01 ½ , T [11], and "R" is dynamic. We can infer whether "T t i s i ½ " of the two multiplication operations is the same according to the correlation coefficient. R medium . All "multiplication" of Step 5 can be classified into four cluster sets. Therefore, we can deduce t and s from the correct cluster sets of T t i s i ½ , and the secret exponent d can be recovered using t and s. The correct classification of all multiplication operations in Step 5 is the key to breaking the secret exponent d.

Preprocessing of Power Traces
The attacker inputs the k-bit message m, the k-bit modulus n and the k-bit secret key d into cryptosystem devices and executes Algorithm 3. We can collect power traces with the randomized message and the secret key d. Each power trace is sliced in l operations of Step 4 ("square (S)") and Step 5 ("multiplication (M)") and we load the operands T t i s i ½ from Step 4 to Step 5. In Algorithm 3, the power consumption P data of the operand T t i s i ½ has "multiplication (M)" and "load (L)", as depicted in Fig. 6.
First, we construct a new power trace while ignoring "Square(S)", which can be extracted, and concatenate the signals of "multiplication (M)" and "load (L)" related to step 5 from the power traces. We define that the new power curve is related to the operands T t i s i ½ while ignoring "square(S)".

Definition 2:
A new power curve with l multiplication and load operations is presented by a matrix T: where LM h i i represents the power points of the i th multiplication and loads the operand T t i s i ½ , and LM h i i has w power points and is defined as After power trace preprocessing, the attack enters the second phase, which consists of finding the points of interest.

Finding the Points of Interest Based on Cluster
For noise, we can redefine the power consumption P data of each LM h i i as follows: where P data valid represents the data directly dependent on the power consumption of the operand T t i s i ½ and P data noise is the other dependent power consumption. Thus, w power points can be divided into two groups for LM h i i . One group is related power points of the operand T t i s i ½ , and the other group is the power points of noise.  We compute the variance value of every column of the matrix T and obtain the vector of variances where v k is the variance of the k th column. The magnitude of variance can be considered as the degree of dependence of the operand T t i s i ½ . The variance set can be classified into two classes (interest and uninterest) by the k-means algorithm. Finally, the attacker can find power points of interest with the operand T t i s i ½ in each LM h i i , as shown Fig. 7. In our practical experiments, each LM h i i has 241 power points and 16 interesting power points. The index set consists of power point subscripts of interest, and is defined as

Cluster Classification of Multiplication
According to the indices set G i valid , we can find the power points of the operand T t i s i ½ in each LM h i i and reconstruct a matrix T' with only interest power points.  We compute the correlation coefficient between the fixed row LM h i l and every row of the matrix T 0 , where 1 m l, and obtain a matrix coff l where q i is the Pearson correlation coefficient value of the same position between the fixed LM h i l and the other LM h i i and is calculated as: Next, the data set coff l can be divided into two groups by k-means. One group shares one operand T t l s l Â Ã . The other group includes no shared operands. Fig. 8 shows that 511 modular multiplications can be classified in our practical experiment, and the red class represents the shared operands of the first modular multiplication.
Finally, by repeating all processes four times, l modular multiplications can be divided into four groups, and each group can be guessed as T

Experimental Results
Observers carried out experiments to test the crypto chip in the smartcard, and the hardware composition of the power analysis platform is shown in Fig. 9. In the platform, the oscilloscope can collect the voltage signal (power trace) from the two ends of the resistance connected to the FPGA board when Algorithm 1, Algorithm 2 and Algorithm 3 are run in the crypto chip.

Experimental Results for Algorithm 2
For the attack against Algorithm 2, the input parameters of the smart card are p; q; N ; d p ; d q ;q inv , and 1000 different plaintext "X" and "N-X" plaintext pairs are randomly generated and inputted. The sampling frequency of the oscilloscope is 25 MHz, and 2 power curves are collected for each plaintext using an oscilloscope. The 2000 power curves of RSA-CRT are collected, as shown in Fig. 10.
As mentioned in the previous section, we used the proposed attack against Algorithm 2 with input of the same exponent d and modulus N and compared the attack accuracy rate with Yen's attack in [17], as shown in   11. The accuracy of Yen's attack fluctuates greatly from top to bottom, and the highest accuracy is approximately 91%. However, the accuracy of the attack proposed in this paper is higher than that of Yen's attack. The fluctuation of the range of Yen's attack accuracy is mainly due to Yen's collision attack occurring bit by bit. If the 1-bit inference is an error, the subsequent bit is affected. The bit error affects only the 8-bit attack for our scheme based on the exponent segment by byte. In addition, different modes of the collision classification sets can affect the attack accuracy, as shown in Fig. 11. The attack rates of differential sum and variance are approximately 93% and 94%, respectively, which cannot reach 100%. The attack accuracy of the differential area is the highest, and six pairs of messages can recover the secret d p . Thus, we can deduce the secret exponent d by exhausting k.

Experimental Results for Algorithm 3
For the attack on Algorithm 3, the input parameters of the smart card are p; q; N ; d p ; d q ; q inv . The double blinding countermeasures on the modular exponentiation algorithm are used in Algorithm 3. Therefore, the random message is sent to the chip. The corresponding power traces are collected using an oscilloscope. Traces are gathered at 1 MHz/sec and 2.5 MHz/sec sampling rates by an active probe. As mentioned in Section 4.2, we used the proposed attack against Algorithm 3 with only one power trace by comparing with the proposed algorithm in [30,31,46], see Tab. 3.  The data from Tab. 3 illustrate that the attack results of all attack methods are related to the sampling rate, which means that a larger sampling rate can obtain a high accuracy. The attack accuracy rate converges to approximately 91% using a proposed clustering attack method proposed in this paper when only one power curve is used. The attack accuracy rate is not up to 100% correct because some valid information may be removed due to only one power curve. The attack accuracy rates are less than 70% using the first-order attack method proposed in [30,31] because all power points participate in calculation correlation and the denoising result is bad. The highest attack accuracy is approximately 75% by using the second-order attack method proposed in [46] is approximately 75%.

Conclusion
In this paper, a new cluster collision attack based on exponent segment by byte is proposed for RSA-CRT with no countermeasures. By inputting multiple groups of specific "X" and "N-X" message pairs and combining the information leakage of loaded data, the power exponents d p ; d q are successfully recovered, and the secret exponents d can be obtained. This paper demonstrated and analyzed the effectiveness of the new cluster correlation collision attack against double blinding exponentiation in a real attack environment. Through this experiment, it was observed that the utilization of valid information is improved and the noise and artificial participation are reduced by using the cluster classifications at each phase to recover the entire exponent. The new cluster correlation collision attack is effective in theory for modular exponential algorithms with randomized blinding countermeasures because only one power curve is used. Therefore, in the next study, we will analyze the new modular exponential algorithms, and report the experimental results. The attack accuracy rate converges to approximately 91% but is not 100%. We plan to develop better SCAs by combining fuzzy cluster methods in the future and unsupervised learning methods in deep learning.
With the development of quantum computing, we are currently researching the side channel attack against the McEliece algorithm. We will also study the important issue of SCAs of postquantum cryptography (PQC).