On Insecurity of the Side Channel Attack Countermeasure Using Addition-Subtraction Chains under Distinguishability between Addition and Doubling
We show that a randomized addition-subtraction chains countermeasure against side channel attacks is vulnerable to SPA attack, a kind of side channel attack, under distinguishability between addition and doubling. A side channel attack is an attack that takes advantage of information leaked during execution of a cryptographic procedure. The randomized addition-subtraction chains countermeasure has been proposed by Oswald-Aigner, and is a random decision inserted into computations. However, its immunity to side channel attacks is still controversial. As for timing attack, a kind of side channel attack, the randomized addition-subtraction chains countermeasure is also vulnerable. Moreover, compared with other countermeasures against side channel attacks, the randomized addition-subtraction chains countermeasure, after being improved to prevent side channel attacks, is much slower.
KeywordsElliptic Curve Cryptosystems Side Channel Attacks Randomized Addition-Subtraction Chains Countermeasure SPA Attack Timing Attack
Unable to display preview. Download preview PDF.
- [FGKS02]Fischer, W., Giraud, C., Knudsen, E.W., Seifert, J.P., Parallel scalar multiplication on general elliptic curves over Fp hedged against Non-Differential Side-Channel Attacks, International Association for Cryptologic Research (IACR), Cryptology ePrint Archive 2002/007, (2002). Available at http://eprint.iacr.org/
- [Has00]Hasan, M.A., Power Analysis Attacks and Algorithmic Approaches to Their Countermeasures for Koblitz Curve Cryptosystems, Cryptographic Hardware and Embedded Systems (CHES2000), LNCS1965, (2000), 93–108.Google Scholar
- [JQ01]Joye, M., Quisquater, J.J., Hessian elliptic curves and side-channel attacks, Cryptographic Hardware and Embedded Systems (CHES’01), LNCS2162, (2001), 402–410.Google Scholar
- [JT01]Joye, M., Tymen, C., Protections against Differential Analysis for Elliptic Curve Cryptography-An Algebraic Approach-, Cryptographic Hardware and Embedded Systems (CHES’01), LNCS2162, (2001), 377–390.Google Scholar
- [Koc]Kocher, C., Cryptanalysis of Diffie-Hellman, RSA, DSS, and Other Systems Using Timing Attacks. Available at http://www.cryptography.com/
- [KJJ98]Kocher, C., Jaffe, J., Jun, B., Introduction to Differential Power Analysis and Related Attacks. Available at http://www.cryptography.com/dpa/technical /index.html
- [KJJ99]Kocher, C., Jaffe, J., Jun, B., Differential Power Analysis, Advances in Cryptology-CRYPTO’ 99, LNCS1666, (1999), 388–397.Google Scholar
- [LS01]Liardet, P.Y., Smart, N.P., Preventing SPA/DPA in ECC systems using the Jacobi form, Cryptographic Hardware and Embedded System (CHES’01), LNCS2162, (2001), 391–401.Google Scholar
- [OA01]Oswald, E., Aigner, M., Randomized Addition-Subtraction Chains as a Countermeasure against Power Attacks, Cryptographic Hardware and Embedded Systems (CHES’01), LNCS2162, (2001), 39–50.Google Scholar
- [OMS01]Okeya, K., Miyazaki, K, Sakurai, K., A Fast Scalar Multiplication Method with Randomized Projective Coordinates on a Montgomery-form Elliptic Curve Secure against Side Channel Attacks, The 4th International Conference on Information Security and Cryptology (ICISC 2001), LNCS2288, (2002), 428–439.CrossRefGoogle Scholar
- [OS00]Okeya, K., Sakurai, K., Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack, Progress in Cryptology-INDOCRYPT 2000, LNCS1977, (2000), 178–190.Google Scholar
- [Osw01]Oswald, E., On Countermeasures against Power Analysis Attacks on Elliptic Curve Cryptosystem, DPA-Workshop organized by the ECC-Brainpool, (2001). Available at http://www.iaik.tu-graz.ac.at/aboutus/people/oswald/index.php