Skip to main content
SpringerLink
Log in

Efficient and Secure Public-Key Cryptosystems

  • Chapter
Contemporary Cryptology

Part of the book series: Advanced Courses in Mathematics - CRM Barcelona ((ACMBIRK))

  • 876 Accesses

Abstract

Nowadays, RSA cryptosystem is used for practical security applications, e.g., SSL, IPSEC, PKI, etc. Elliptic curve cryptosystem has focused on the implementation on memory constraint environments due to its small key size. In this chapter we describe an overview of efficient algorithms applied to RSA cryptosystem and EC cryptosystem. On the other hand, novel attacks on the efficient implementation have been proposed, namely timing attack, side channel attacks, fault attack, etc. These attacks can break the secret key of the underlying cryptosystem, if the implementation method is not carefully considered. We also explain several attacks related to efficient implementation, and present countermeasures against them.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 44.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 59.95
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. C. Aumüller, P. Bier, W. Fischer, P. Hofreiter, and J.-P. Seifert, “Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures,” CHES 2002, LNCS 2523, pp.260–275, 2003.

    Google Scholar 

  2. L. Adleman and K. McCurley, “Open problems in number theoretic complexity, II” proceedings of ANTS-I, LNCS 877, pp.291–322, 1994.

    Google Scholar 

  3. G. Agnew, R. Mullin and S. Vanstone, “An implementation of elliptic curve cryptosystems over F2155,” IEEE Journal on Selected Areas in Communications, vol.11, pp.804–813, 1993.

    Article  Google Scholar 

  4. T. Akishita and T. Takagi, “Zero-Value Point Attacks on Elliptic Curve Cryptosystem”, ISC 2003, LNCS2851, pp. 218–233, 2003.

    Google Scholar 

  5. D. Boneh and H. Shacham, “Fast Variants of RSA,” CRYPTOBYTES, Vol.5, No.1, pp.1–9, 2002.

    Google Scholar 

  6. D. Boneh and G. Durfee, “Cryptanalysis of RSA with private key d less than N0.292,” IEEE Transactions on Information Theory, Vol.46, No.4, pp.1339–1349, 2000.

    Article  MathSciNet  Google Scholar 

  7. D. Boneh, R. DeMillo, R. Lipton, “On the Importance of Eliminating Errors in Cryptographic Computations.” Journal of Cryptology 14(2), pp.101–119, 2001.

    Article  MathSciNet  Google Scholar 

  8. M. Bellare, A. Desai, D. Pointcheval, and P. Rogaway, “Relations among notions of security for public-key encryption schemes,” CRYPTO’98, LNCS 1462, pp.26–45, 1998.

    Google Scholar 

  9. F. Bahr, J. Franke, T. Kleinjung, M. Lochter and M. Böhm, RSA-160, http://www.loria.fr/~zimmerma/records/rsa160.

    Google Scholar 

  10. É. Brier and M. Joye, “Weierstrass Elliptic Curve and Side-Channel Attacks”, PKC 2002, LNCS 2274, pp. 335–345, Springer-Verlag, 2002.

    Google Scholar 

  11. B. den Boer, K. Lemke, and G. Wicke, “A DPA Attack against the Modular Reduction within a CRT Implementation of RSA,” CHES 2002, LNCS 2523, pp.228–243, 2003.

    Google Scholar 

  12. D. Boneh, “Simplified OAEP for the RSA and Rabin Functions,” CRYPTO 2001, LNCS 2139, pp.275–291, 2001.

    Google Scholar 

  13. M. Bellare and P. Rogaway, “Random oracles are practical: a paradigm for designing efficient protocols,” First ACM Conference on Computer and Communications Security, (1993), pp.62–73.

    Google Scholar 

  14. R. Brent, “Recent Progress and Prospects for Integer Factorisation Algorithms,” COCOON 2000, LNCS 1858, pp.3–22, 2000.

    Google Scholar 

  15. I. Blake, G. Seroussi, and N. Smart, Elliptic Curve in Cryptography, Cambridge University Press, 1999.

    Google Scholar 

  16. D. Boneh and D. Brumley, “Remote Timing Attacks are Practical,” http://crypto.stanford.edu/~dabo/

    Google Scholar 

  17. J. Buchmann, K. Sakurai, and T. Takagi, “An IND-CCA2 Public-Key Cryptosystem with Fast Decryption,” Information Security and Cryptology-ICISC 2001, LNCS 2288, pp.51–71, 2001.

    Google Scholar 

  18. C. Clavier and M. Joye, “Universal exponentiation algorithm”, CHES 2001, LNCS 2162, pp.300–308, Springer-Verlag, 2001.

    Google Scholar 

  19. H. Cohen, Course in Computational Algebraic Number Theory, Graduate Texts in Mathematics, Vol. 138, Springer-Verlag, 1994.

    Google Scholar 

  20. H. Cohen, A. Miyaji, and T. Ono, “Efficient Elliptic Curve Exponentiation Using Mixed Coordinates”, LNCS 1514, pp. 51–65, 1998.

    Google Scholar 

  21. MultiPrime™, Compaq AXL300 Accelerator. http://www.compaq.com/products/servers/security/axl300/

    Google Scholar 

  22. D. Coppersmith “Finding a Small Root of a Bivariate Integer Equation; Factoring with High Bits Known,” EUROCRYPT’ 96, LNCS 1070, pp.178–189, 1996.

    Google Scholar 

  23. D. Coppersmith, M. Franklin, J. Patarin and M. Reiter, “Low-exponent RSA with related messages,” EUROCRYPT’ 96, LNCS 1070, pp.1–9, 1996.

    Google Scholar 

  24. J. Coron, “Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems,” CHES’99, LNCS1717, pp.292–302, 1999.

    Google Scholar 

  25. J.-S. Coron, H. Handschuh, M. Joye, P. Paillier, D. Pointcheval, and C. Tymen, “Optimal Chosen-Ciphertext Secure Encryption of Arbitrary-Length Messages,” Public Key Cryptography 2002, LNCS 2274, pp.17–33, 2002

    Google Scholar 

  26. J.-S. Coron, H. Handschuh, M. Joye, P. Paillier, D. Pointcheval, and C. Tymen, “GEM: A Generic Chosen-Ciphertext Secure Encryption Method,” Topics in Cryptology-CT-RSA 2002, LNCS2271, pp.263–276, 2002.

    Google Scholar 

  27. CRYPTREC, Evaluation of Cryptographic Techniques, IPA. http://www.ipa.go.jp/security/enc/CRYPTREC/

    Google Scholar 

  28. G. Davida, “Chosen Signature Cryptanalysis of the RSA (MIT) Public Key Cryptosystem,” TR-CS-82-2, University of Wisconsin, 1982.

    Google Scholar 

  29. A. Dent, “An implementation attack against the EPOC-2 public-key cryptosystem,” Electronics Letters, 38(9), pp.412, 2002.

    Article  Google Scholar 

  30. ECMNET Project; http://www.loria.fr/~zimmerma/records/ecmnet.html

    Google Scholar 

  31. P. Ebinger and E. Teske “Factoring N = pq2 with the elliptic curve method,” Technical Report, CORR 2002-02, CACR, the University of Waterloo, 2002.

    Google Scholar 

  32. EPOC, Efficient Probabilistic Public-Key Encryption. http://info.isl.ntt.co.jp/epoc/

    Google Scholar 

  33. W. Fischer, C. Giraud, E. Knundsen, and J. Seifert, “Parallel Scalar Multiplication on General Elliptic Curves over Fp Hedged against Non-Differential Side-Channel Attacks”, IACR Cryptology ePrint Archive 2002/007.

    Google Scholar 

  34. P. Fouque, G. Martinet, G. Poupard, “Attacking Unbalanced RSA-CRT using SPA,” CHES 2003, LNCS 2779, 2003, to appear.

    Google Scholar 

  35. E. Fujisaki and T. Okamoto, “How to Enhance the Security of Public-Key Encryption at Minimum Cost,” 1999 International Workshop on Practice and Theory in Public Key Cryptography, LNCS 1560, (1999), pp.53–68.

    Google Scholar 

  36. E. Fujisaki and T. Okamoto, “Secure Integration of Asymmetric and Symmetric Encryption Schemes,” Advances in Cryptology — CRYPTO’99, LNCS 1666, (1999), pp.537–554.

    Google Scholar 

  37. E. Fujisaki and T. Okamoto, “A Chosen-Cipher Secure Encryption Scheme Tightly as Secure as Factoring,” IEICE Trans. Fundamentals, Vol. E84-A, No.1, (2001), pp.179–187.

    Google Scholar 

  38. H. Garner, “The residue number system,” IRE Transactions on Electronic Computers, EC-8(6), pp.140–147, 1959.

    Google Scholar 

  39. D. Gordon, “A survey of fast exponentiation methods”, J. Algorithms, vol.27, pp.129–146, 1998.

    Article  MATH  MathSciNet  Google Scholar 

  40. L. Goubin, “A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems”, PKC 2003, LNCS 2567, pp. 199–211, 2003.

    Google Scholar 

  41. J. Håstad, “Solving simultaneous modular equations of low degree,” SIAM Journal of Computing, 17, pp.336–341, 1988.

    MATH  Google Scholar 

  42. IEEE P1363, Standard Specifications for Public-Key Cryptography, 2000. Available from http://grouper.ieee.org/groups/1363/

    Google Scholar 

  43. K. Itoh, T. Izu, and M. Takenaka, “Address-bit Differential Power Analysis on Cryptographic Schemes OK-ECDH and OK-ECDSA”, CHES 2002, LNCS 2523, pp.129–143, 2002.

    Google Scholar 

  44. K. Itoh, J. Yajima, M. Takenaka, and N. Torii, “DPA Countermeasures by Improving the Window Method”, CHES 2002, LNCS 2523, pp.303–317, 2002.

    Google Scholar 

  45. T. Izu, B, Möller, and T. Takagi, “Improved Elliptic Curve Multiplication Methods Resistant against Side Channel Attacks”, INDOCRYPT 2002, LNCS 2551, pp. 296–313, 2002.

    Google Scholar 

  46. T. Izu and T. Takagi, “A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks”, PKC 2002, LNCS 2274, pp.280–296, 2002.

    Google Scholar 

  47. T. Izu and T. Takagi, “Exceptional Procedure Attack on Elliptic Curve Cryptosystems”, PKC 2003, LNCS 2567, pp. 224–239, 2003.

    Google Scholar 

  48. Java Cryptography Architecture, http://java.sun.com/products/jdk/1.2/docs/guide/security/CryptoSpec.html

    Google Scholar 

  49. M. Joye, J.-J. Quisquater, and M. Yung, “The Policeman in the Middle Attack,” presented at rump session of Eurocrypt’98, 1998.

    Google Scholar 

  50. M. Joye, J.-J. Quisquater, and M. Yung, “On the Power of Misbehaving Adversaries and Security Analysis of the Original EPOC,” Topics in Cryptology-CT-RSA 2001, LNCS 2020, pp.208–222, 2001.

    Google Scholar 

  51. M. Joye and J. Quisquater, “Hessian elliptic curves and side-channel attacks,” CHES2001, LNCS 2162, pp.402–410, Springer-Verlag, 2001.

    Google Scholar 

  52. M. Joye, A.K. Lenstra, and J.-J. Quisquater, “Chinese Remaindering Based Cryptosystems in the Presence of Faults,” Journal of Cryptology 12(4), pp.241–245, 1999.

    Article  Google Scholar 

  53. M. Joye and C. Tymen, “Protection against Differential Analysis for Elliptic Curve Cryptography”, CHES 2001, LNCS 2162, pp. 377–390, 2001.

    Google Scholar 

  54. B. Kaliski and M. Robshaw, “Secure use of RSA,” CRYPTOBYTES, Vol.1, No.3, pp.7–13, 1995.

    Google Scholar 

  55. B. Kaliski, “Timing Attacks on Cryptosystems,” RSA Laboratories Bulletin, No.2, 1996.

    Google Scholar 

  56. S. Kim, J. Cheon, M. Joye, S. Lim, M. Mambo, D. Won, and Y. Zheng, “Strong Adaptive Chosen-Ciphertext Attacks with Memory Dump (or: The Importance of the Order of Decryption and Validation),” Cryptography and Coding, 8th IMA Int. Conf., LNCS 2260, pp.114–127, 2001.

    Google Scholar 

  57. V. Klíma and T. Rosa, “Further Results and Considerations on Side Channel Attacks on RSA,” CHES 2002, LNCS 2523, pp.244–259, 2003.

    Google Scholar 

  58. C. Kocher, “Timing attacks on Implementations of Diffie-Hellman, RSA, DSS, and other Systems,” CRYPTO’ 96, LNCS 1109, pp.104–113, 1996.

    Google Scholar 

  59. C. Kocher, J. Jaffe, and B. Jun, “Differential Power Analysis,” CRYPTO’ 99, LNCS 1666, pp.388–397, 1999.

    Google Scholar 

  60. K. Koyama and Y. Tsuruoka, “Speeding Up Elliptic Curve Cryptosystems using a Signed Binary Windows Method,” CRYPTO’ 92, LNCS740, pp. 345–357, 1992.

    Google Scholar 

  61. H. Lenstra, Jr., “Factoring integers with elliptic curves”, Annals of Mathematics, 126, pp.649–673, 1987.

    MATH  MathSciNet  Google Scholar 

  62. A. K. Lenstra and H. W. Lenstra, Jr. (Eds.), “The development of the number field sieve,” Lecture Notes in Mathematics, 1554, Springer, 1991.

    Google Scholar 

  63. P. Liardet and N. Smart, “Preventing SPA/DPA in ECC Systems Using the Jacobi Form,” CHES 2001, LNCS2162, pp.391–401, 2001.

    Google Scholar 

  64. LiDIA, A C++ Library For Computational Number Theory, Technische Universtät Darmstadt, http://www.informatik.tu-darmstadt.de/TI/LiDIA/

    Google Scholar 

  65. J. Manger, “A Chosen Ciphertext Attack on RSA Optimal Asymmetric Encryption Padding (OAEP) as Standardized in PKCS #1 v2.0,” CRYPTO 2001, LNCS 2139, pp.230–238, 2001.

    Google Scholar 

  66. T. Messerges, E. Dabbish, R. Sloan, “Power Analysis Attacks of Modular Exponentiation in Smartcards,” CHES’99, LNCS 1717, pp.144–157, 1999.

    Google Scholar 

  67. F. Morain and J. Olivos, “Speeding Up the Computation on an Elliptic Curve Using Addition-Subtraction Chains,” Inform. Theory Appl. 24, pp.531–543, 2000.

    MathSciNet  Google Scholar 

  68. A. Menezes, P. van Oorschot, and S. Vanstone, Handbook of Applied Cryptography, CRC Press, 1997.

    Google Scholar 

  69. A. Miyaji, T. Ono, and H. Cohen, “Efficient Elliptic Curve Exponentiation,” ICICS 1997, LNCS 1334, pp.282–291, 1997.

    Google Scholar 

  70. P. L. Montgomery, “Speeding the Pollard and Elliptic Curve Methods of Factorization”, Mathematics of Computation, vol. 48, pp. 243–264, 1987.

    MATH  MathSciNet  Google Scholar 

  71. B. Möller, “Securing Elliptic Curve Point Multiplication against Side-Channel Attacks”, ISC 2001, LNCS 2200, pp.324–334, 2001.

    Google Scholar 

  72. B. Möller, “Improved Techniques for Fast Exponentiation,” ICISC 2002, LNCS 2587, pp.298–312, 2003.

    Google Scholar 

  73. M. Nishioka, H. Satoh, and K. Sakurai, “Design and Analysis of Fast Provably Secure Public-Key Cryptosystems Based on a Modular Squaring,” ICISC 2001, LNCS 2288, pp.81–102, 2001.

    Google Scholar 

  74. NESSIE, New European Schemes for Signatures, Integrity, nd Encryption, IST-1999-12324. https://www.cosic.esat.kuleuven.ac.be/nessie/

    Google Scholar 

  75. R. Novak, “SPA-Based Adaptive Chosen-Ciphertext Attack on RSA Implementation,” PKC 2002, LNCS 2274, pp.252–262, 2002.

    Google Scholar 

  76. T. Okamoto and D. Pointcheval, “REACT: Rapid Enhanced-security Asymmetric Cryptosystem Transform,” In Proceedings of the Cryptographers’ Track at RSA Conference’ 2001, LNCS 2020, (2001), pp.159–175.

    Google Scholar 

  77. T. Okamoto and S. Uchiyama; “A New Public-Key Cryptosystem as Secure as Factoring,” Eurocrypt’98, LNCS 1403, pp.308–318, 1998.

    Google Scholar 

  78. K. Okeya and K. Sakurai, “Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack”, INDOCRYPT 2000, LNCS 1977, pp.178–190, Springer-Verlag, 2000.

    Google Scholar 

  79. K. Okeya and K. Sakurai, “On Insecurity of the Side Channel Attack Countermeasure using Addition-Subtraction Chains under Distinguishability between Addition and Doubling,” ACISP 2002, LNCS2384, pp.420–435, 2002.

    Google Scholar 

  80. K. Okeya and K. Sakurai, “A Second-Order DPA Attack Breaks a Window-method based Countermeasure against Side Channel Attacks,” ISC 2002, LNCS 2433, pp.389–401, 2002.

    Google Scholar 

  81. K. Okeya, and T. Takagi, “The Width-w NAF Method Provides Small Memory and Fast Elliptic Scalar Multiplications Secure against Side Channel Attacks”, CT-RSA 2003, LNCS 2612, pp.328–342, 2003.

    Google Scholar 

  82. K. Okeya, and T. Takagi, “A More Flexible Countermeasure against Side Channel Attacks Using Window Method,” CHES 2003, LNCS 2779, pp.397–410, 2003.

    Google Scholar 

  83. E. Oswald, “Enhancing Simple Power-Analysis Attacks on Elliptic Curve Cryptosystems,” CHES 2002, LNCS 2523, pp.82–97. 2002.

    Google Scholar 

  84. E. Oswald and M. Aigner, “Randomized Addition-Subtraction Chains as a Countermeasure against Power Attacks,” CHES 2001, LNCS2162, pp.39–50, 2001.

    Google Scholar 

  85. P. Paillier, “Public-Key Cryptosystems based on Composite Degree Residuosity Classes,” Eurocrypt’99, LNCS 1592, pp.223–238, 1999.

    Google Scholar 

  86. Public-Key Cryptography Standards, PKCS # 1, Amendment 1: Multi-Prime RSA, RSA Laboratories. http://www.rsasecurity.com/rsalabs/pkcs/

    Google Scholar 

  87. R. Peralta and E. Okamoto, “Faster factoring of integers of a special form,” IEICE Trans. Fundamentals, Vol.E79-A, No.4, pp.489–493, 1996.

    Google Scholar 

  88. D. Pointcheval, “Chosen-ciphertext security for any one-way cryptosystem,” Public Key Cryptography 2000, LNCS 1751, pp.129–146, 2000.

    Google Scholar 

  89. J.-J. Quisquater and C. Couvreur, “Fast decipherment algorithm for RSA public-key cryptosystem,” Electronic Letters, 18, pp.905–907, 1982.

    Google Scholar 

  90. R. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Communications of the ACM, 21(2), pp.120–126, 1978.

    Article  MathSciNet  Google Scholar 

  91. R. Rivest and R. D. Silverman, “Are’ strong’ primes needed for RSA,” The 1997 RSA Laboratories Seminar Series, Seminars Proceedings, 1997.

    Google Scholar 

  92. S. Cavallar, B. Dodson, A. Lenstra, W. Lioen, P. Montgomery, B. Murphy, H. te Riele, K. Aardal, J. Gilchrist, G. Guillerm, P. Leyland, J. Marchand, F. Morian, A. Muffett, C. Putnam, C. Putnam, and P. Zimmermann, “Factorization of a 512-Bit RSA Modulus,” EUROCRYPT 2000, LNCS1807, pp.1–18, 2000.

    Google Scholar 

  93. V. Shoup, “A Proposal for an ISO Standard for Public-Key Encryption (version 2.1),” http://www.shoup.net.

    Google Scholar 

  94. J. Silverman, The Arithmetic of Elliptic Curves, GMT 106, Springer-Verlag, 1986.

    Google Scholar 

  95. R. Silverman, “A cost-based security analysis of symmetric and asymmetric key lengths,” RSA Laboratories Bulletin, No.13, 2000. http://www.rsasecurity.com/rsalabs/bulletins/bulletin13.html

    Google Scholar 

  96. N. Smart, “The Hessian form of an elliptic curve,” CHES2001, LNCS 2162, pp.118–125, 2001.

    Google Scholar 

  97. N. Smart, “An Analysis of Goubin’s Refined Power Analysis Attack,” CHES 2003, LNCS 2779, pp. 281–290, Springer-Verlag, 2003.

    Google Scholar 

  98. J. Solinas, “Efficient Arithmetic on Koblitz Curves,” Design, Codes and Cryptography, 19, pp.195–249, 2000.

    MATH  MathSciNet  Google Scholar 

  99. Standard for Efficient Cryptography (SECG), SEC2: Recommended Elliptic Curve Domain Parameters, Version 1.0, 2000. http://www.secg.org/

    Google Scholar 

  100. T. Takagi, “Fast RSA-type cryptosystem modulo pkq,” CRYPTO’ 98, LNCS 1462, pp.318–326, 1998.

    Google Scholar 

  101. E. Verheul and H. van Tilborg, “Cryptanalysis of ‘less short’ RSA secret exponents,” Applicable Algebra in Engineering, Communication and Computing, 8, pp.425–435, 1997.

    Article  MathSciNet  Google Scholar 

  102. C. Walter, “MIST: An Efficient, Randomized Exponentiation Algorithm for Resisting Power Analysis”, CT-RSA 2002, LNCS 2271, pp.53–66, 2002.

    Google Scholar 

  103. C. Walter, “Some Security Aspects of the Mist Randomized Exponentiation Algorithm,” CHES 2002, LNCS 2523, pp.564–578, 2002.

    Google Scholar 

  104. M. J. Wiener, “Cryptanalysis of short RSA secret exponents,” IEEE Transactions on Information Theory, IT-36, pp.553–558, 1990.

    MathSciNet  Google Scholar 

Download references

Authors
  1. Tsuyoshi Takagi
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

Copyright information

© 2005 Birkhäuser Verlag

About this chapter

Cite this chapter

Takagi, T. (2005). Efficient and Secure Public-Key Cryptosystems. In: Contemporary Cryptology. Advanced Courses in Mathematics - CRM Barcelona. Birkhäuser Basel. https://doi.org/10.1007/3-7643-7394-6_5

Download citation

  • DOI: https://doi.org/10.1007/3-7643-7394-6_5

  • Publisher Name: Birkhäuser Basel

  • Print ISBN: 978-3-7643-7294-1

  • Online ISBN: 978-3-7643-7394-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation