隨著網路科技的快速進步,過去繁瑣的溝通程序都可以藉由網路的便利性來快速完成,也刺激了人們對資訊安全的重視。然而,從今日的角度來觀察,傳統密碼學的架構並不能完全符合網路環境的需求。無疑地,在網路的環境下,公開金鑰系統是傳統密碼學的最佳替代方案,它不只提供保護資料隱密的加密機制,也提供驗證身份的簽章機制。因此,保障公開金鑰系統的安全性是目前學者努力的課題之ㄧ。 近年來,實體密碼分析也吸引了越來越多國內外學者的重視,特別是應用於密碼系統實作在諸如智慧卡(smartcard)等的防篡改之電子設備中。其中主要的原因是,實體密碼分析已經跨越了密碼系統數學假設的安全性,當密碼系統實作在考慮不周嚴的情形下,往往會遭受實體密碼分析的攻擊。在本論文中將針對目前最為普遍的公開金鑰系統RSA與實體密碼分析進行更深入的討論。 在許多提出的實體攻擊法中,能量攻擊法為目前最可行的實體攻擊法。本論文的重點之ㄧ就是討論RSA指數運算針對能量攻擊法的安全性分析。首先,合併改良的指數分割防禦法以及變數隨機交換機制來防禦能量攻擊法的防禦機制會被提出。藉由最後的安全性及效能分析,本論文所提出的防禦機制相較於過去的防禦法來得更有效率,所需要的記憶體空間也更少。 本論文的另一重點主要是分析由Coron所提出之簡單能量防禦法(square-and-multiply always method)的安全性。由於Coron的簡單能量防禦法會遭受安全錯誤攻擊法(safe error attack)的攻擊,因此,本論文將提出兩個防禦安全錯誤攻擊法的防禦機制,這兩個防禦機制只需要額外一個模乘法的運算複雜度。最後將提出地防禦機制延伸到能量攻擊法的防禦法中,並且討論其效能及安全性。 The rapid development of network technology stimulates a strong demand for information security. However, the conventional cryptography is not able to meet some requirements for network environment. Undoubtedly, public-key systems are the most adaptive replacement for conventional cryptosystems. They provide not only traditional cryptographic applications, but also authentication. Thus, to guarantee the security of public-key systems has became an essential issue in modern cryptography. pq Besides, in the past half-decade, physical cryptanalyses have also attracted more and more attentions, especially if the cryptographic operations run on temper resistant devices, such as smart cards. Various types of physical cryptanalysis were introduced and a large number of researches was devoted to power analysis attacks. In this thesis, we help the robustness of the RSA algorithm, which is the most widespread public-key system nowadays, against physical cryptanalysis. pq One consideration of this thesis is to prevent the RSA exponentiation from power analysis attacks. An efficient countermeasure against power analysis attacks is proposed. It is shown that this countermeasure is more efficient and requires less memory spaces than the previous works. pq Another is to analyze the weakness of the square-and-multiply always method, which is one sort of SPA countermeasure, under safe error attacks. Two simple methods against safe error attacks are suggested. Finally, an extension of the proposed countermeasure is given along with the completed security and efficiency comparisons.