A standard SPA protection for RSA implementations is exponent blinding (see ). Fouque et al.,  and more recently Schindler and Itoh,  have described side-channel attacks against such implementations. The attack in  requires that the attacker knows some bits of the blinded exponent with certainty. The attack methods of  can be defeated by choosing a sufficiently large blinding factor (about 64 bit).
In this paper we start from a more realistic model for the information an attacker can obtain by simple power analysis (SPA) than the one that forms the base of the attack in . We show how the methods of  can be extended to work in this setting. This new attack works, under certain restrictions, even for long blinding factors (i.e. 64 bit or more).