Abstract
Nowadays, RSA cryptosystem is used for practical security applications, e.g., SSL, IPSEC, PKI, etc. Elliptic curve cryptosystem has focused on the implementation on memory constraint environments due to its small key size. In this chapter we describe an overview of efficient algorithms applied to RSA cryptosystem and EC cryptosystem. On the other hand, novel attacks on the efficient implementation have been proposed, namely timing attack, side channel attacks, fault attack, etc. These attacks can break the secret key of the underlying cryptosystem, if the implementation method is not carefully considered. We also explain several attacks related to efficient implementation, and present countermeasures against them.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
C. Aumüller, P. Bier, W. Fischer, P. Hofreiter, and J.-P. Seifert, “Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures,” CHES 2002, LNCS 2523, pp.260–275, 2003.
L. Adleman and K. McCurley, “Open problems in number theoretic complexity, II” proceedings of ANTS-I, LNCS 877, pp.291–322, 1994.
G. Agnew, R. Mullin and S. Vanstone, “An implementation of elliptic curve cryptosystems over F2155,” IEEE Journal on Selected Areas in Communications, vol.11, pp.804–813, 1993.
T. Akishita and T. Takagi, “Zero-Value Point Attacks on Elliptic Curve Cryptosystem”, ISC 2003, LNCS2851, pp. 218–233, 2003.
D. Boneh and H. Shacham, “Fast Variants of RSA,” CRYPTOBYTES, Vol.5, No.1, pp.1–9, 2002.
D. Boneh and G. Durfee, “Cryptanalysis of RSA with private key d less than N0.292,” IEEE Transactions on Information Theory, Vol.46, No.4, pp.1339–1349, 2000.
D. Boneh, R. DeMillo, R. Lipton, “On the Importance of Eliminating Errors in Cryptographic Computations.” Journal of Cryptology 14(2), pp.101–119, 2001.
M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, “Relations among notions of security for public-key encryption schemes,” CRYPTO’98, LNCS 1462, pp.26–45, 1998.
F. Bahr, J. Franke, T. Kleinjung, M. Lochter and M. Böhm, RSA-160, http://www.loria.fr/~zimmerma/records/rsa160.
É. Brier and M. Joye, “Weierstrass Elliptic Curve and Side-Channel Attacks”, PKC 2002, LNCS 2274, pp. 335–345, Springer-Verlag, 2002.
B. den Boer, K. Lemke, and G. Wicke, “A DPA Attack against the Modular Reduction within a CRT Implementation of RSA,” CHES 2002, LNCS 2523, pp.228–243, 2003.
D. Boneh, “Simplified OAEP for the RSA and Rabin Functions,” CRYPTO 2001, LNCS 2139, pp.275–291, 2001.
M. Bellare and P. Rogaway, “Random oracles are practical: a paradigm for designing efficient protocols,” First ACM Conference on Computer and Communications Security, (1993), pp.62–73.
R. Brent, “Recent Progress and Prospects for Integer Factorisation Algorithms,” COCOON 2000, LNCS 1858, pp.3–22, 2000.
I. Blake, G. Seroussi, and N. Smart, Elliptic Curve in Cryptography, Cambridge University Press, 1999.
D. Boneh and D. Brumley, “Remote Timing Attacks are Practical,” http://crypto.stanford.edu/~dabo/
J. Buchmann, K. Sakurai, and T. Takagi, “An IND-CCA2 Public-Key Cryptosystem with Fast Decryption,” Information Security and Cryptology-ICISC 2001, LNCS 2288, pp.51–71, 2001.
C. Clavier and M. Joye, “Universal exponentiation algorithm”, CHES 2001, LNCS 2162, pp.300–308, Springer-Verlag, 2001.
H. Cohen, Course in Computational Algebraic Number Theory, Graduate Texts in Mathematics, Vol. 138, Springer-Verlag, 1994.
H. Cohen, A. Miyaji, and T. Ono, “Efficient Elliptic Curve Exponentiation Using Mixed Coordinates”, LNCS 1514, pp. 51–65, 1998.
MultiPrime™, Compaq AXL300 Accelerator. http://www.compaq.com/products/servers/security/axl300/
D. Coppersmith “Finding a Small Root of a Bivariate Integer Equation; Factoring with High Bits Known,” EUROCRYPT’ 96, LNCS 1070, pp.178–189, 1996.
D. Coppersmith, M. Franklin, J. Patarin and M. Reiter, “Low-exponent RSA with related messages,” EUROCRYPT’ 96, LNCS 1070, pp.1–9, 1996.
J. Coron, “Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems,” CHES’99, LNCS1717, pp.292–302, 1999.
J.-S. Coron, H. Handschuh, M. Joye, P. Paillier, D. Pointcheval, and C. Tymen, “Optimal Chosen-Ciphertext Secure Encryption of Arbitrary-Length Messages,” Public Key Cryptography 2002, LNCS 2274, pp.17–33, 2002
J.-S. Coron, H. Handschuh, M. Joye, P. Paillier, D. Pointcheval, and C. Tymen, “GEM: A Generic Chosen-Ciphertext Secure Encryption Method,” Topics in Cryptology-CT-RSA 2002, LNCS2271, pp.263–276, 2002.
CRYPTREC, Evaluation of Cryptographic Techniques, IPA. http://www.ipa.go.jp/security/enc/CRYPTREC/
G. Davida, “Chosen Signature Cryptanalysis of the RSA (MIT) Public Key Cryptosystem,” TR-CS-82-2, University of Wisconsin, 1982.
A. Dent, “An implementation attack against the EPOC-2 public-key cryptosystem,” Electronics Letters, 38(9), pp.412, 2002.
ECMNET Project; http://www.loria.fr/~zimmerma/records/ecmnet.html
P. Ebinger and E. Teske “Factoring N = pq2 with the elliptic curve method,” Technical Report, CORR 2002-02, CACR, the University of Waterloo, 2002.
EPOC, Efficient Probabilistic Public-Key Encryption. http://info.isl.ntt.co.jp/epoc/
W. Fischer, C. Giraud, E. Knundsen, and J. Seifert, “Parallel Scalar Multiplication on General Elliptic Curves over Fp Hedged against Non-Differential Side-Channel Attacks”, IACR Cryptology ePrint Archive 2002/007.
P. Fouque, G. Martinet, G. Poupard, “Attacking Unbalanced RSA-CRT using SPA,” CHES 2003, LNCS 2779, 2003, to appear.
E. Fujisaki and T. Okamoto, “How to Enhance the Security of Public-Key Encryption at Minimum Cost,” 1999 International Workshop on Practice and Theory in Public Key Cryptography, LNCS 1560, (1999), pp.53–68.
E. Fujisaki and T. Okamoto, “Secure Integration of Asymmetric and Symmetric Encryption Schemes,” Advances in Cryptology — CRYPTO’99, LNCS 1666, (1999), pp.537–554.
E. Fujisaki and T. Okamoto, “A Chosen-Cipher Secure Encryption Scheme Tightly as Secure as Factoring,” IEICE Trans. Fundamentals, Vol. E84-A, No.1, (2001), pp.179–187.
H. Garner, “The residue number system,” IRE Transactions on Electronic Computers, EC-8(6), pp.140–147, 1959.
D. Gordon, “A survey of fast exponentiation methods”, J. Algorithms, vol.27, pp.129–146, 1998.
L. Goubin, “A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems”, PKC 2003, LNCS 2567, pp. 199–211, 2003.
J. Håstad, “Solving simultaneous modular equations of low degree,” SIAM Journal of Computing, 17, pp.336–341, 1988.
IEEE P1363, Standard Specifications for Public-Key Cryptography, 2000. Available from http://grouper.ieee.org/groups/1363/
K. Itoh, T. Izu, and M. Takenaka, “Address-bit Differential Power Analysis on Cryptographic Schemes OK-ECDH and OK-ECDSA”, CHES 2002, LNCS 2523, pp.129–143, 2002.
K. Itoh, J. Yajima, M. Takenaka, and N. Torii, “DPA Countermeasures by Improving the Window Method”, CHES 2002, LNCS 2523, pp.303–317, 2002.
T. Izu, B, Möller, and T. Takagi, “Improved Elliptic Curve Multiplication Methods Resistant against Side Channel Attacks”, INDOCRYPT 2002, LNCS 2551, pp. 296–313, 2002.
T. Izu and T. Takagi, “A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks”, PKC 2002, LNCS 2274, pp.280–296, 2002.
T. Izu and T. Takagi, “Exceptional Procedure Attack on Elliptic Curve Cryptosystems”, PKC 2003, LNCS 2567, pp. 224–239, 2003.
Java Cryptography Architecture, http://java.sun.com/products/jdk/1.2/docs/guide/security/CryptoSpec.html
M. Joye, J.-J. Quisquater, and M. Yung, “The Policeman in the Middle Attack,” presented at rump session of Eurocrypt’98, 1998.
M. Joye, J.-J. Quisquater, and M. Yung, “On the Power of Misbehaving Adversaries and Security Analysis of the Original EPOC,” Topics in Cryptology-CT-RSA 2001, LNCS 2020, pp.208–222, 2001.
M. Joye and J. Quisquater, “Hessian elliptic curves and side-channel attacks,” CHES2001, LNCS 2162, pp.402–410, Springer-Verlag, 2001.
M. Joye, A.K. Lenstra, and J.-J. Quisquater, “Chinese Remaindering Based Cryptosystems in the Presence of Faults,” Journal of Cryptology 12(4), pp.241–245, 1999.
M. Joye and C. Tymen, “Protection against Differential Analysis for Elliptic Curve Cryptography”, CHES 2001, LNCS 2162, pp. 377–390, 2001.
B. Kaliski and M. Robshaw, “Secure use of RSA,” CRYPTOBYTES, Vol.1, No.3, pp.7–13, 1995.
B. Kaliski, “Timing Attacks on Cryptosystems,” RSA Laboratories Bulletin, No.2, 1996.
S. Kim, J. Cheon, M. Joye, S. Lim, M. Mambo, D. Won, and Y. Zheng, “Strong Adaptive Chosen-Ciphertext Attacks with Memory Dump (or: The Importance of the Order of Decryption and Validation),” Cryptography and Coding, 8th IMA Int. Conf., LNCS 2260, pp.114–127, 2001.
V. Klíma and T. Rosa, “Further Results and Considerations on Side Channel Attacks on RSA,” CHES 2002, LNCS 2523, pp.244–259, 2003.
C. Kocher, “Timing attacks on Implementations of Diffie-Hellman, RSA, DSS, and other Systems,” CRYPTO’ 96, LNCS 1109, pp.104–113, 1996.
C. Kocher, J. Jaffe, and B. Jun, “Differential Power Analysis,” CRYPTO’ 99, LNCS 1666, pp.388–397, 1999.
K. Koyama and Y. Tsuruoka, “Speeding Up Elliptic Curve Cryptosystems using a Signed Binary Windows Method,” CRYPTO’ 92, LNCS740, pp. 345–357, 1992.
H. Lenstra, Jr., “Factoring integers with elliptic curves”, Annals of Mathematics, 126, pp.649–673, 1987.
A. K. Lenstra and H. W. Lenstra, Jr. (Eds.), “The development of the number field sieve,” Lecture Notes in Mathematics, 1554, Springer, 1991.
P. Liardet and N. Smart, “Preventing SPA/DPA in ECC Systems Using the Jacobi Form,” CHES 2001, LNCS2162, pp.391–401, 2001.
LiDIA, A C++ Library For Computational Number Theory, Technische Universtät Darmstadt, http://www.informatik.tu-darmstadt.de/TI/LiDIA/
J. Manger, “A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0,” CRYPTO 2001, LNCS 2139, pp.230–238, 2001.
T. Messerges, E. Dabbish, R. Sloan, “Power Analysis Attacks of Modular Exponentiation in Smartcards,” CHES’99, LNCS 1717, pp.144–157, 1999.
F. Morain and J. Olivos, “Speeding Up the Computation on an Elliptic Curve Using Addition-Subtraction Chains,” Inform. Theory Appl. 24, pp.531–543, 2000.
A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography, CRC Press, 1997.
A. Miyaji, T. Ono, and H. Cohen, “Efficient Elliptic Curve Exponentiation,” ICICS 1997, LNCS 1334, pp.282–291, 1997.
P. L. Montgomery, “Speeding the Pollard and Elliptic Curve Methods of Factorization”, Mathematics of Computation, vol. 48, pp. 243–264, 1987.
B. Möller, “Securing Elliptic Curve Point Multiplication against Side-Channel Attacks”, ISC 2001, LNCS 2200, pp.324–334, 2001.
B. Möller, “Improved Techniques for Fast Exponentiation,” ICISC 2002, LNCS 2587, pp.298–312, 2003.
M. Nishioka, H. Satoh, and K. Sakurai, “Design and Analysis of Fast Provably Secure Public-Key Cryptosystems Based on a Modular Squaring,” ICISC 2001, LNCS 2288, pp.81–102, 2001.
NESSIE, New European Schemes for Signatures, Integrity, nd Encryption, IST-1999-12324. https://www.cosic.esat.kuleuven.ac.be/nessie/
R. Novak, “SPA-Based Adaptive Chosen-Ciphertext Attack on RSA Implementation,” PKC 2002, LNCS 2274, pp.252–262, 2002.
T. Okamoto and D. Pointcheval, “REACT: Rapid Enhanced-security Asymmetric Cryptosystem Transform,” In Proceedings of the Cryptographers’ Track at RSA Conference’ 2001, LNCS 2020, (2001), pp.159–175.
T. Okamoto and S. Uchiyama; “A New Public-Key Cryptosystem as Secure as Factoring,” Eurocrypt’98, LNCS 1403, pp.308–318, 1998.
K. Okeya and K. Sakurai, “Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack”, INDOCRYPT 2000, LNCS 1977, pp.178–190, Springer-Verlag, 2000.
K. Okeya and K. Sakurai, “On Insecurity of the Side Channel Attack Countermeasure using Addition-Subtraction Chains under Distinguishability between Addition and Doubling,” ACISP 2002, LNCS2384, pp.420–435, 2002.
K. Okeya and K. Sakurai, “A Second-Order DPA Attack Breaks a Window-method based Countermeasure against Side Channel Attacks,” ISC 2002, LNCS 2433, pp.389–401, 2002.
K. Okeya, and T. Takagi, “The Width-w NAF Method Provides Small Memory and Fast Elliptic Scalar Multiplications Secure against Side Channel Attacks”, CT-RSA 2003, LNCS 2612, pp.328–342, 2003.
K. Okeya, and T. Takagi, “A More Flexible Countermeasure against Side Channel Attacks Using Window Method,” CHES 2003, LNCS 2779, pp.397–410, 2003.
E. Oswald, “Enhancing Simple Power-Analysis Attacks on Elliptic Curve Cryptosystems,” CHES 2002, LNCS 2523, pp.82–97. 2002.
E. Oswald and M. Aigner, “Randomized Addition-Subtraction Chains as a Countermeasure against Power Attacks,” CHES 2001, LNCS2162, pp.39–50, 2001.
P. Paillier, “Public-Key Cryptosystems based on Composite Degree Residuosity Classes,” Eurocrypt’99, LNCS 1592, pp.223–238, 1999.
Public-Key Cryptography Standards, PKCS # 1, Amendment 1: Multi-Prime RSA, RSA Laboratories. http://www.rsasecurity.com/rsalabs/pkcs/
R. Peralta and E. Okamoto, “Faster factoring of integers of a special form,” IEICE Trans. Fundamentals, Vol.E79-A, No.4, pp.489–493, 1996.
D. Pointcheval, “Chosen-ciphertext security for any one-way cryptosystem,” Public Key Cryptography 2000, LNCS 1751, pp.129–146, 2000.
J.-J. Quisquater and C. Couvreur, “Fast decipherment algorithm for RSA public-key cryptosystem,” Electronic Letters, 18, pp.905–907, 1982.
R. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Communications of the ACM, 21(2), pp.120–126, 1978.
R. Rivest and R. D. Silverman, “Are’ strong’ primes needed for RSA,” The 1997 RSA Laboratories Seminar Series, Seminars Proceedings, 1997.
S. Cavallar, B. Dodson, A. Lenstra, W. Lioen, P. Montgomery, B. Murphy, H. te Riele, K. Aardal, J. Gilchrist, G. Guillerm, P. Leyland, J. Marchand, F. Morian, A. Muffett, C. Putnam, C. Putnam, and P. Zimmermann, “Factorization of a 512-Bit RSA Modulus,” EUROCRYPT 2000, LNCS1807, pp.1–18, 2000.
V. Shoup, “A Proposal for an ISO Standard for Public-Key Encryption (version 2.1),” http://www.shoup.net.
J. Silverman, The Arithmetic of Elliptic Curves, GMT 106, Springer-Verlag, 1986.
R. Silverman, “A cost-based security analysis of symmetric and asymmetric key lengths,” RSA Laboratories Bulletin, No.13, 2000. http://www.rsasecurity.com/rsalabs/bulletins/bulletin13.html
N. Smart, “The Hessian form of an elliptic curve,” CHES2001, LNCS 2162, pp.118–125, 2001.
N. Smart, “An Analysis of Goubin’s Refined Power Analysis Attack,” CHES 2003, LNCS 2779, pp. 281–290, Springer-Verlag, 2003.
J. Solinas, “Efficient Arithmetic on Koblitz Curves,” Design, Codes and Cryptography, 19, pp.195–249, 2000.
Standard for Efficient Cryptography (SECG), SEC2: Recommended Elliptic Curve Domain Parameters, Version 1.0, 2000. http://www.secg.org/
T. Takagi, “Fast RSA-type cryptosystem modulo pkq,” CRYPTO’ 98, LNCS 1462, pp.318–326, 1998.
E. Verheul and H. van Tilborg, “Cryptanalysis of ‘less short’ RSA secret exponents,” Applicable Algebra in Engineering, Communication and Computing, 8, pp.425–435, 1997.
C. Walter, “MIST: An Efficient, Randomized Exponentiation Algorithm for Resisting Power Analysis”, CT-RSA 2002, LNCS 2271, pp.53–66, 2002.
C. Walter, “Some Security Aspects of the Mist Randomized Exponentiation Algorithm,” CHES 2002, LNCS 2523, pp.564–578, 2002.
M. J. Wiener, “Cryptanalysis of short RSA secret exponents,” IEEE Transactions on Information Theory, IT-36, pp.553–558, 1990.
Rights and permissions
Copyright information
© 2005 Birkhäuser Verlag
About this chapter
Cite this chapter
Takagi, T. (2005). Efficient and Secure Public-Key Cryptosystems. In: Contemporary Cryptology. Advanced Courses in Mathematics - CRM Barcelona. Birkhäuser Basel. https://doi.org/10.1007/3-7643-7394-6_5
Download citation
DOI: https://doi.org/10.1007/3-7643-7394-6_5
Publisher Name: Birkhäuser Basel
Print ISBN: 978-3-7643-7294-1
Online ISBN: 978-3-7643-7394-8
eBook Packages: Computer ScienceComputer Science (R0)