Top

Journal of Cryptographic Engineering

Published in:

01-09-2015 | Regular Paper

Vertical and horizontal correlation attacks on RNS-based exponentiations

Authors: Guilherme Perin, Laurent Imbert, Philippe Maurine, Lionel Torres

Published in: Journal of Cryptographic Engineering | Issue 3/2015

Activate our intelligent search to find suitable subject content or patents.

search-config

AI-assisted search

Off

Abstract

Side-channel attacks are a serious threat for physical implementations of public key cryptosystems and notably for the RSA. Side-channel leakages can be explored from unprotected cryptodevices and several power or electromagnetic traces are collected in order to construct (vertical) differential side-channel attacks. On exponentiations, the so-called horizontal correlation attacks originally proposed by Walter in “Sliding windows succumbs to big mac attack” (Cryptographic hardware and embedded systems, 2001) and improved by Clavier et al. in “Horizontal correlation analysis on exponentiation” (ICICS, 2010) demonstrated to be efficient even in the presence of strong countermeasures like the exponent and message blinding. In particular, a single trace is sufficient to recover the secret if the modular exponentiation features long integer multiplications. In this paper, we consider the application of vertical and horizontal correlation attacks on residue number systems (RNS)-based approaches. The montgomery multiplication, which is widely adopted in the finite ring of an exponentiation, has different construction details in the RNS domain. Experiments are conducted on hardware (parallel) and software (sequential) and leakage models for known and masked inputs are constructed for the regular and SPA-protected Montgomery ladder algorithm.

previous article Security analysis of concurrent error detection against differential fault analysis

next article A new method for enhancing variety and maintaining reliability of PUF responses and its evaluation on ASICs

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

über 102.000 Bücher
über 537 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Finance + Banking
Management + Führung
Marketing + Vertrieb
Maschinenbau + Werkstoffe
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 390 Zeitschriften

aus folgenden Fachgebieten:

Automobil + Motoren
Bauwesen + Immobilien
Business IT + Informatik
Elektrotechnik + Elektronik
Energie + Nachhaltigkeit
Maschinenbau + Werkstoffe

Jetzt Wissensvorsprung sichern!

inform now

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

über 67.000 Bücher
über 340 Zeitschriften

aus folgenden Fachgebieten:

Bauwesen + Immobilien
Business IT + Informatik
Finance + Banking
Management + Führung
Marketing + Vertrieb
Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

inform now

Bajard, J.-C., Didier, L-Stéphane, Kornerup, P.: An RNS Montgomery modular multiplication algorithm. IEEE Trans. Comput. 47(7), p. 766–776, 62–75 (1998)

Bajard, J.-C., Imbert, L., Liardet, P.-Y., Teglia, Y.: Leak resistant arithmetic. In: Cryptographic Hardware and Embedded Systems, CHES’04, ser. Lecture Notes in Computer Science, vol. 3156. pp. 62–75, Springer, Berlin (2004)

Bajard, J.-C., Imbert, L.: A full RNS implementation of RSA. IEEE Trans. Comput. 53(6), 769–774 (2004)CrossRef

Batina, L., Gierlichs, B., Lemke-Rust, K.: Differential cluster analysis, cryptographic hardware and embedded systems, CHES’09, ser. Lecture Notes in Computer Science, vol. 5747. pp. 112–127, Springer, Berlin (2009)

Bauer, A., Jaulmes, E., Prouff, E., Wild, J.: Horizontal and vertical side-channel attacks against secure rsa implementations. In: Proceedings of CT-RSA, pp. 1–17 (2013)

Bauer, A., Jaulmes, E., Prouff, E., Wild, J.: Horizontal collision correlation attack on elliptic curves, research gate (2014)

Bauer, A., Jaulmes, E.: Correlation analysis against protected SFM implementations of RSA. In: Proceedings of INDOCRYPT, pp. 98–115 (2013)

Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Cryptographic Hardware and Embedded Systems, CHES’04, ser. Lecture Notes in Computer Science, vol. 3156. pp. 16–29, Springer, Berlin (2004)

Chari, S., Rao, J.R., Rohatgi, P.: Template attacks, cryptographic hardware and embedded systems, CHES’02, ser. Lecture Notes in Computer Science, vol. 2523. pp. 13–28, Springer, Berlin (2002)

10.

Chevallier-Mames, B., Ciet, M., Joye, M.: Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity, IACR Cryptology ePrint Archive (2003)

11.

Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Horizontal correlation analysis on exponentiation. In: Proceedings of ICICS, pp. 46–61 (2010)

12.

Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: ROSETTA for single trace analysis. In: Proceedings of INDOCRYPT, pp. 140–155 (2012)

13.

Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptography. In: Cryptographic Hardware and Embedded Systems, CHES’99, ser. Lecture Notes in Computer Science, vol. 1717. pp. 292–302, Springer, Berlin (1999)

14.

Dupaquis, V., Venelli, A.: Redundant modular reduction algorithms. In: Proceedings of CARDIS. Lecture Notes in Computer Science, vol. 7079, pp. 102–114 (2011)

15.

Gandino, F., Lamberti, F., Montuschi, P., Bajard, J.-C.: A general approach for improving RNS montgomery exponentiation using pre-processing. In: Proceedings of the 20th IEEE Symposium on Computer Arithmetic, ARITH20. IEEE Computer Society, 2011, pp. 195–204 (2011)

16.

Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis—a generic side-channel distinguisher, cryptographic hardware and embedded systems, CHES’08. Lect. Notes Comput. Sci. 5154, 426–442 (2008)CrossRef

17.

Hanley, N., Kim, H., Tunstall, M.: Exploiting collisions in addition chain-based exponentiation algorithms using a single trace, Cryptology ePrint Archive, Report 2012/485, (2012)

18.

Heyszl, J., Ibing, A., Mangard, S., Santis, F., Sigl, G.: Clustering algorithms for non-profiled single-execution attacks on exponentiations, IACR Cryptology ePrint Archive, Report 2013/438 (2013)

19.

Joye, M., Yen, S.-M.: The Montgomery powering ladder. In: Cryptographic Hardware and Embedded Systems, CHES’02, ser. Lecture Notes in Computer Science, vol. 2523. pp. 291–302, Springer, Berlin (2002)

20.

Kawamura, S., Koike, M., Sano, F., Shimbo, A.: Cox-rower architecture for fast parallel montgomery multiplication. In: Advances in Cryptology, EUROCRYPT’00, ser. Lecture Notes in Computer Science, vol. 1807. pp. 523–538, Springer, Berlin ( 2000)

21.

Kim, H., Kim, T.H., Yoon, J.C., Hong, S.: Practical second-order correlation power analysis on the message blinding method and its novel countermeasure for RSA. ETRI J 32(1), 102–111 (2010)CrossRef

22.

Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48, 203–209 (1987)MathSciNetCrossRefMATH

23.

Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis, CRYPTO, pp. 388–397 (1999)

24.

Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems, CRYPTO, pp. 1104–1113 (1996)

25.

Mangard, S.: Hardware countermeasures against DPA—a statistical analysis of their effectiveness. In: Proceedings of CT-RSA, pp. 222–235 (2004)

26.

Miller, V.: Use of elliptic curves in cryptography. Adva. Cryptol. CRYPTO’85, (LCNS 218)[483], pp. 417–426 (1986)

27.

Montgomery, P.L.: Modular multiplication without trial division. Math. Comput. 44(170), 519–521 (1985)CrossRefMATH

28.

Montgomery, P.L.: Speeding the pollard and elliptic curve methods of factorization. Math. Comput. 48(177), 243–264 (1987)CrossRefMATH

29.

Moradi, A., Mischke, O., Eisenbarth, T.: Correlation-enhanced power analysis collision attack, cryptographic hardware and embedded systems, CHES’10, ser. LNCS, vol. 6225, pp. 125–139, Springer, Berlin (2010)

30.

Perin, G., Imbert, L., Torres, L., Maurine, P.: Electromagnetic analysis on RSA algorithm based on RNS. In: Proceedings of 16th Euromicro Conference on Digital System Design (DSD), pp. 345–352. IEEE, September (2013)

31.

Posch, K., Posch, R.: Modulo reduction in residue number systems. IEEE Trans. Parallel Distrib. Syst. 6(5), 449–454 (1995)MathSciNetCrossRef

32.

Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetCrossRefMATH

33.

Walter, C.: Sliding Windows Succumbs to Big Mac Attack, Cryptographic Hardware and Embedded Systems, CHES’01, ser. LNCS, vol. 2165, pp. 286–299. Springer, Berlin (2011)

34.

Witteman, M.F., Woudenberg, J.G.J., Menarini, F.: Defeating RSA multiply-always and message blinding countermeasures. In: Proceedings of CT-RSA, ser. LNCS, vol. 6558, pp. 77–88 (2011)

Title: Vertical and horizontal correlation attacks on RNS-based exponentiations
Authors: Guilherme Perin
Laurent Imbert
Philippe Maurine
Lionel Torres
Publication date: 01-09-2015
Publisher: Springer Berlin Heidelberg
Published in: Journal of Cryptographic Engineering / Issue 3/2015
Print ISSN: 2190-8508
Electronic ISSN: 2190-8516
DOI: https://doi.org/10.1007/s13389-015-0095-0

Springer Professional

Abstract

Please log in to get access to your license.

Dont have a licence yet? Then find out more about our products and how to get one now:

Springer Professional "Wirtschaft+Technik"

Springer Professional "Technik"

Springer Professional "Wirtschaft"

Other articles of this Issue 3/2015

Security analysis of concurrent error detection against differential fault analysis

Multiprecision multiplication on AVR revisited

A new method for enhancing variety and maintaining reliability of PUF responses and its evaluation on ASICs

Fast software implementation of binary elliptic curve cryptography

Premium Partner