Top

Journal of Cryptographic Engineering

Published in:

01-11-2014 | Regular Paper

Power attacks in the presence of exponent blinding

Authors: Werner Schindler, Andreas Wiemers

Published in: Journal of Cryptographic Engineering | Issue 4/2014

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Exponent blinding has been known as an effective countermeasure against side-channel attacks on RSA. However, if single power traces reveal some exponent bits with certainty, an attack by Fouque et al. (Power attack on small RSA public exponent. Springer, Berlin, pp 339–353, 2006) applies that recovers the exponent. Since this attack becomes infeasible if some of these assumed exponent bits are incorrect it has not been assumed to be a realistic threat in the context of side-channel attacks. In this paper we present three generic attack variants (basic attack, enhanced attack, alternate attack), which work in the presence of considerable error rates at each bit position, disproving the hypothesis that mere exponent blinding is always sufficient to protect SPA-resistant implementations against any type of power attacks. Simulation experiments confirm that for small blinding factors the basic attack permits error rates of more than \(25~\%\). The enhanced attack allows smaller error rates but requires much less power traces and computations. Unlike the basic attack and the enhanced attack the alternate attack (against ECC and RSA without CRT) cannot effectively be prevented by simply enlarging the blinding factor. This paper extends (Schindler and Itoh, Exponent blinding does not always lift (Partial) SPA resistance to higher-level security. Springer, Berlin, pp 73–90, 2011) by many new results.

next article New algorithms for batch verification of standard ECDSA signatures

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Available only for authorised users

Acıiçmez, O., Schindler, W.: A vulnerability in RSA implementations due to instruction cache analysis and its demonstration on openSSL. In: Malkin, T. (ed.) Topics in Cryptology—CT-RSA 2008, Lecture Notes in Computer Science, pp. 256–273. Springer, Berlin (2008)CrossRef

Bronstein, I.N., Semendjaev, K.A.: Taschenbuch der Mathematik, 21st edn. Harri Deutsch-Verlag, Leipzig (1982)

Ciet, M.: Aspects of Fast and Secure Arithmetics for Elliptic Curve Cryptography. PhD thesis, Catholic University of Louvain, Belgium (2003)

Cohen, H.: A Course in Computational Algebraic Number Theory. Springer, Berlin (2000). (Forth Printing)

Coron, J.S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems—CHES 1999, Lecture Notes in Computer Science, pp. 292–302. Springer, Berlin (1999)

Courrège, J.C., Feix, B., Roussellet, M.: Simple power analysis on exponentiation revisited. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) Smart Card Research and Advanced Application—CARDIS 2010, Lecture Notes in Computer Science, pp. 65–79. Springer, Berlin (2010)

Diaconis, P.: Group Representations in Probability and Statistics. Lecture Notes—Monograph Series, vol. 11. Institute of Mathematical, Statistics, Hayward (1988)

Fouque, P., Kunz-Jacques, S., Martinet, G., Muller, F., Valette, F.: Power attack on small RSA public exponent. In: Goubin, L., Matsui, M. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2006, Lecture Notes in Computer Science, pp. 339–353. Springer, Berlin (2006)CrossRef

Hankerson, D., Menezes, A., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer, Berlin (2004)MATH

10.

Henecka, W., May, A., Meurer, A.: Correcting errors in RSA private keys. In: Rabin, T. (ed.) Advances in Cryptology—CRYPTO 2010, Lecture Notes in Computer Science, pp. 351–369. Springer, Berlin (2010)CrossRef

11.

Itoh, K., Yamamoto, D., Yajima, J., Ogata, W.: Collision-based power attack for RSA with small public exponent. In: IEICE Transactions on Information and Systems, vol. E92-D, no. 5, pp. 897–908 (2009)

12.

Itoh, K., Izu, T., Takenaka, M.: Address-bit differential power analysis of cryptographic schemes OK-ECDH and OK-ECDSA. In: Kaliski, B., Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems—CHES 2002, Lecture Notes in Computer Science, pp. 129–143. Springer, Berlin (2002)

13.

Jones, G.J.: On the Markov Chain central limit theorem. Probab. Surv. 1, 299–320 (2004)

14.

Knuth, D.E.: The Art of Computer Programming. vol. 1, 3rd edn., Addison-Wesley, Reading (Cal.) (2000)

15.

Kocher, P.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS and other systems. In: Koblitz, N. (ed.) Advances in Cryptology—CRYPTO ‘96, Lecture Notes in Computer Science, pp. 104–113. Springer, Berlin (1996)

16.

Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Krawczyk, H. (ed.) Advances in Cryptology—CRYPTO 99, Lecture Notes in Computer Science, pp. 388–397. Springer, Berlin (1998)

17.

Krüger, A.: The Schindler-Itoh-attack in case of partial information leakage. In: Schindler, W., Huss, S. (eds.) Constructive Side-Channel Analysis and Secure Design—COSADE 2012, Lecture Notes in Computer Science, pp. 199–214. Springer, Berlin (2012)

18.

Lang, S.: Algebra, 3rd edn. Addison-Wesley, Reading (Cal.) (1993)

19.

van Lint, J.H.: Introduction to Coding Theory. Graduate Texts in Mathematics, 2nd edn. Springer, Berlin (1991)

20.

Schindler, W.: A combined timing and power attack. In: Paillier, P., Naccache, D. (eds.) Public Key Cryptography—PKC 2002, Lecture Notes in Computer Science, pp. 263–279. Springer, Berlin (2002)

21.

Schindler, W., Itoh, K.: Exponent blinding does not always lift (Partial) SPA resistance to higher-level security. In: Lopez, J., Tsudik, G. (eds.) Applied Cryptography and Network Security—ACNS 2011, Lecture Notes in Computer Science, pp. 73–90. Springer, Berlin (2011)

22.

Yen, S., Lien, W., Moon, S., Ha, J.: Power analysis by exploiting chosen message and internal collisions—vulnerability of checking mechanism for RSA-decryption. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005, Lecture Notes in Computer Science, pp. 73–90. Springer, Berlin (2005)

Title: Power attacks in the presence of exponent blinding
Authors: Werner Schindler
Andreas Wiemers
Publication date: 01-11-2014
Publisher: Springer Berlin Heidelberg
Published in: Journal of Cryptographic Engineering / Issue 4/2014
Print ISSN: 2190-8508
Electronic ISSN: 2190-8516
DOI: https://doi.org/10.1007/s13389-014-0081-y

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Premium Partner