Recovering RSA private keys on implementations with tampered LSBs

The theoretical security that modern encryption algorithms are providing, leads researchers to new attack scenarios which are more implementation centric. By discovering hardware or software flaws that can recover some information about the decryption key, cryptanalysts try to exploit this knowledge. Therefore, many side channel attacks have appeared, illustrating that the concept of having secure code or even embedding all cryptographic functions in hardware modules, in many cases in not adequate. The aim of this work is to illustrate how partial information can be used to exploit the extracted information, leading to full reconstruction of the private key of RSA, for some implementations of the algorithm where the LSB has been selected to fit several constraints. More precisely, we study the case where the LSB half of the primes is identical or when there is a linear equation that mixes the LSB halves of the two primes.