Skip to main content
SpringerLink
Log in

Exploiting Collisions in Addition Chain-Based Exponentiation Algorithms Using a Single Trace

  • Conference paper
  • First Online:
Topics in Cryptology –- CT-RSA 2015 (CT-RSA 2015)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9048))

Included in the following conference series:

Abstract

Public key cryptographic algorithms are typically based on group exponentiation algorithms where the exponent is unknown to an adversary. A collision attack applied to an instance of an exponentiation is typically where an adversary seeks to determine whether two operations in the exponentiation have the same input. In this paper, we extend this to an adversary who seeks to determine whether the output of one operation is used as the input to another. We describe implementations of these attacks applied to a 192-bit scalar multiplication over an elliptic curve that only require a single power consumption trace to succeed with a high probability. Moreover, our attacks do not require any knowledge of the input to the exponentiation algorithm. These attacks would, therefore, be applicable to algorithms, such as EC-DSA, where an exponent is ephemeral, or to implementations where an exponent is blinded. We then demonstrate that a side-channel resistant implementation of a group exponentiation algorithm will require countermeasures that introduce enough noise such that an attack is not practical, as algorithmic countermeasures are not possible. (The work described in this paper was conducted when the last two authors were part of the Cryptography Group at the University of Bristol, United Kingdom.)

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Rivest, R., Shamir, A., Adleman, L.M.: Method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21, 120–126 (1978)

    Article  MATH  MathSciNet  Google Scholar 

  2. National Institute of Standards and Technology (NIST): Recommended elliptic curves for federal government use. In the appendix of FIPS 186–3, available from http://csrc.nist.gov/publications/fips/fips186-3/fips_186-3.pdf (2009) (online; accessed January 2015)

  3. Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  4. Joye, M., Tunstall, M.: Exponent Recoding and Regular Exponentiation Algorithms. In: Preneel, B. (ed.) AFRICACRYPT 2009. LNCS, vol. 5580, pp. 334–349. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  5. Walter, C.D.: Sliding Windows Succumbs to Big Mac Attack. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 286–299. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  6. Amiel, F., Feix, B.: On the BRIP Algorithms Security for RSA. In: Onieva, J.A., Sauveron, D., Chaumette, S., Gollmann, D., Markantonakis, K. (eds.) WISTP 2008. LNCS, vol. 5019, pp. 136–149. Springer, Heidelberg (2008)

    Google Scholar 

  7. Kim, H., Kim, T.H., Yoon, J.C., Hong, S.: Practical second-order correlation power analysis on the message blinding method and its novel countermeasure for RSA. ETRI Journal 32, 102–111 (2010)

    Article  Google Scholar 

  8. Mamiya, H., Miyaji, A., Morimoto, H.: Efficient Countermeasures against RPA, DPA, and SPA. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 343–356. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  9. Witteman, M.F., van Woudenberg, J.G.J., Menarini, F.: Defeating RSA Multiply-Always and Message Blinding Countermeasures. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 77–88. Springer, Heidelberg (2011)

    Chapter  Google Scholar 

  10. Montgomery, P.: Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation 48, 243–264 (1987)

    Article  MATH  MathSciNet  Google Scholar 

  11. Joye, M., Yen, S.M.: The montgomery powering ladder. In: Kaliski Jr., B.S., Ç. K. Koç, Paar, C., (eds.) CHES 2002. LNCS, vol. 2523, 291–302. Springer, Heidelberg (2003)

    Google Scholar 

  12. Okeya, K., Sakurai, K.: A Second-Order DPA Attack Breaks a Window-Method Based Countermeasure against Side Channel Attacks. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, pp. 389–401. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  13. Clavier, C., Feix, B., Gagnerot, G., Giraud, C., Roussellet, M., Verneuil, V.: ROSETTA for Single Trace Analysis. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 140–155. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

  14. Joye, M.: Highly Regular Right-to-Left Algorithms for Scalar Multiplication. In: Paillier, P., Verbauwhede, I. (eds.) CHES 2007. LNCS, vol. 4727, pp. 135–147. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  15. Wireless Application Protocol (WAP) Forum: Wireless transport layer security (WTLS) specification. http://www.wapforum.org

  16. X9.62, A.: Public key cryptography for the financial services industry, the elliptic curve digital signature algorithm (ECDSA) (1999)

    Google Scholar 

  17. Coron, J.-S.: Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  18. Bauer, A., Jaulmes, E., Prouff, E., Wild, J.: Horizontal Collision Correlation Attack on Elliptic Curves. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 553–570. Springer, Heidelberg (2014)

    Chapter  Google Scholar 

  19. Chevallier-Mames, B., Ciet, M., Joye, M.: Low-cost solutions for preventing simple side-channel analysis: Side-channel atomicity. IEEE Transactions on Computers 53, 760–768 (2004)

    Article  MATH  Google Scholar 

  20. Brier, E., Joye, M.: Weierstraßelliptic curve and side-channel attacks. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 335–345. Springer, Heidelberg (2002)

    Google Scholar 

  21. Biryukov, A., Dunkelman, O., Keller, N., Khovratovich, D., Shamir, A.: Key Recovery Attacks of Practical Complexity on AES-256 Variants with up to 10 Rounds. In: Gilbert, H. (ed.) EUROCRYPT 2010. LNCS, vol. 6110, pp. 299–319. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  22. Stinson, D.: Some baby-step giant-step algorithms for the low hamming weight discrete logarithm problem. Mathematics of Computation 71, 379–391 (2002)

    Article  MATH  MathSciNet  Google Scholar 

  23. Tunstall, M., Joye, M.: The distributions of individual bits in the output of multiplicative operations. Cryptography and Communications 7, 71–90 (2015)

    Article  MathSciNet  Google Scholar 

  24. De Win, E., Mister, S., Preneel, B., Wiener, M.: On the Performance of Signature Schemes Based on Elliptic Curves. In: Buhler, J.P. (ed.) ANTS 1998. LNCS, vol. 1423, pp. 252–266. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  25. Izu, T., Takagi, T.: Fast elliptic curve multiplications resistant against side channel attacks. IEICE Transactions 88-A, 161–171 (2005)

    Google Scholar 

  26. Großschädl, J., Oswald, E., Page, D., Tunstall, M.: Side-Channel Analysis of Cryptographic Software via Early-Terminating Multiplications. In: Lee, D., Hong, S. (eds.) ICISC 2009. LNCS, vol. 5984, pp. 176–192. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  27. Research Center for Information Security: Side-channel Attack Standard Evaluation Board (SASEBO). http://www.risec.aist.go.jp/project/sasebo/ (2002) (Online; accessed January 2015)

  28. Koc, C.K., Acar, T., Kaliski Jr., B.S.: Analyzing and comparing montgomery multiplication algorithms. IEEE Micro 16, 26–33 (1996)

    Article  Google Scholar 

  29. Cohen, H., Miyaji, A., Ono, T.: Efficient Elliptic Curve Exponentiation Using Mixed Coordinates. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 51–65. Springer, Heidelberg (1998)

    Chapter  Google Scholar 

  30. Bernstein, D.J., Lange, T.: Faster Addition and Doubling on Elliptic Curves. In: Kurosawa, K. (ed.) ASIACRYPT 2007. LNCS, vol. 4833, pp. 29–50. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  31. Keller, M., Byrne, A., Marnane, W.P.: Elliptic curve cryptography on fpga for low-power applications. TRETS 2 (2009)

    Google Scholar 

  32. Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Horizontal Correlation Analysis on Exponentiation. In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 46–61. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  33. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks – Revealing the Secrets of Smart Cards. Springer (2007)

    Google Scholar 

  34. Oswald, E., Aigner, M.: Randomized Addition-Subtraction Chains as a Countermeasure against Power Attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 39–50. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  35. Fan, J., Verbauwhede, I.: An Updated Survey on Secure ECC Implementations: Attacks, Countermeasures and Cost. In: Naccache, D. (ed.) Cryphtography and Security: From Theory to Applications. LNCS, vol. 6805, pp. 265–282. Springer, Heidelberg (2012)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Centre for Secure Information Technologies, ECIT, Queen’s University Belfast, NIScience Park, Queen’s Road, Queen’s Island, Belfast, BT3 9DT, UK

    Neil Hanley

  2. Korea Institute of Science and Technology Information, 245 Daehak-ro, Yuseong-gu, Daejeon, 305-806, South Korea

    HeeSeok Kim

  3. Korea University of Science and Technology, 217 Gajeong-ro, Yuseong-gu, Daejeon, 305-350, South Korea

    HeeSeok Kim

  4. Cryptography Research, Inc., 425 Market Street, 11th Floor, San Francisco, CA, 94105, USA

    Michael Tunstall

Authors
  1. Neil Hanley
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. HeeSeok Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Michael Tunstall
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Michael Tunstall .

Editor information

Editors and Affiliations

  1. Aalto University School of Science, Espoo, Finland

    Kaisa Nyberg

Rights and permissions

Reprints and permissions

Copyright information

© 2015 Springer International Publishing Switzerland

About this paper

Cite this paper

Hanley, N., Kim, H., Tunstall, M. (2015). Exploiting Collisions in Addition Chain-Based Exponentiation Algorithms Using a Single Trace. In: Nyberg, K. (eds) Topics in Cryptology –- CT-RSA 2015. CT-RSA 2015. Lecture Notes in Computer Science(), vol 9048. Springer, Cham. https://doi.org/10.1007/978-3-319-16715-2_23

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-16715-2_23

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-16714-5

  • Online ISBN: 978-3-319-16715-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation