Advertisement

Issues of Security with the Oswald-Aigner Exponentiation Algorithm

  • Colin D. Walter
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2964)

Abstract

In smartcard encryption and signature applications, randomized algorithms can be used to increase tamper resistance against attacks based on averaging data-dependent power or EMR variations. Oswald and Aigner describe such an algorithm for point multiplication in elliptic curve cryptography (ECC). Assuming an attacker can identify and distinguish additions and doublings during a single point multiplication, it is shown that the algorithm is insecure for repeated use of the same secret key without blinding of that key. Thus blinding should still be used or great care taken to minimise the differences between point additions and doublings.

Keywords

Addition-subtraction chains randomized exponentiation elliptic curve cryptography ECC point multiplication power analysis SPA DPA SEMA DEMA blinding smartcard 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Brier, E., Joye, M.: Weierstraß Elliptic Curves and Side-Channel Attacks. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 335–345. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  2. 2.
    Gebotys, C., Gebotys, R.: Secure Elliptic Curve Implementations: An Analysis of Resistance to Power-Attacks in a DSP Processor. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 114–128. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  3. 3.
    Itoh, K., Yajima, J., Takenaka, M., Torii, N.: DPA Countermeasures by improving the Window Method. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 303–317. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  4. 4.
    Joye, M., Quisquater, J.-J.: Hessian Elliptic Curves and Side Channel Attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 402–410. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  5. 5.
    Joye, M., Yen, S.-M.: The Montgomery Powering Ladder. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Kocher, P.: Timing Attack on Implementations of Diffie-Hellman, RSA, DSS, and other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  7. 7.
    Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  8. 8.
    Liardet, P.-Y., Smart, N.P.: Preventing SPA/DPA in ECC Systems using the Jacobi Form. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 391–401. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  9. 9.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Power Analysis Attacks of Modular Exponentiation in Smartcards. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 144–157. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  10. 10.
    Oswald, E., Aigner, M.: Randomized Addition-Subtraction Chains as a Countermeasure against Power Attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 39–50. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  11. 11.
    Oswald, E.: Enhancing Simple Power-Analysis Attacks on Elliptic Curve Cryptosystems. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 82–97. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  12. 12.
    Quisquater, J.-J., Samyde, D.: ElectroMagnetic analysis (EMA): Measures and counter-measures for smart cards. In: Attali, S., Jensen, T. (eds.) E-smart 2001. LNCS, vol. 2140, pp. 200–210. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Quisquater, J.-J., Samyde, D.: Eddy current for Magnetic Analysis with Active Sensor. In: Proc. Smart Card Programming and Security (e-Smart 2002), Nice, pp. 183–194 (September 2002)Google Scholar
  14. 14.
    Okeya, K., Sakurai, K.: On Insecurity of the Side Channel Attack Countermeasure using Addition-Subtraction Chains under Distinguishability between Addition and Doubling. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 420–435. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  15. 15.
    Walter, C.D.: MIST: An Efficient, Randomized Exponentiation Algorithm for Resisting Power Analysis. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 53–66. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  16. 16.
    Walter, C.D.: Breaking the Liardet-Smart Randomized Exponentiation Algorithm. In: Proc. Cardis 2002, San José, Usenix Association, Berkeley, pp. 59–68 (November 2002)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Colin D. Walter
    • 1
  1. 1.Comodo Research LabBradfordUK

Personalised recommendations