Abstract
The recent development of side channel attacks has lead implementers to use increasingly sophisticated countermeasures in critical operations such as modular exponentiation, or scalar multiplication on elliptic curves. A new class of countermeasures is based on inserting random decisions when choosing one representation of the secret scalar out of a large set of representations of the same value. For instance, this is the case of countermeasures proposed by Oswald and Aigner, or Ha and Moon, both based on randomized Binary Signed Digit (BSD) representations. Their advantage is to offer excellent speed performances. However, the first countermeasure and a simplified version of the second one were already broken using Markov chain analysis.
In this paper, we take a different approach to break the full version of Ha-Moon’s countermeasure using a novel technique based on detecting local collisions in the intermediate states of computation. We also show that randomized BSD representations present some fundamental problems and thus recommend not to use them as a protection against side-channel attacks.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Brier, E., Joye, M.: Weierstrass Elliptic Curves and Side-Channel Attacks. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 335–345. Springer, Heidelberg (2002)
Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)
Ebeid, N., Hasan, A.: Analysis of DPA Countermeasures Based on Randomizing the Binary Algorithm. Technical Report CORR 2003-14 (2003), http://www.cacr.math.uwaterloo.ca/techreports/2003/corr2003-14.ps
FIPS PUB 186-2. Digital Signature Standard (DSS) (2000)
Fouque, P.-A., Valette, F.: The Doubling Attack – Why Upwards is Better than Downwards. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 269–280. Springer, Heidelberg (2003)
Goubin, L.: A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 199–210. Springer, Heidelberg (2002)
Ha, J., Moon, S.: Randomized signed-scalar multiplication of ECC to resist power attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 551–563. Springer, Heidelberg (2003)
Joye, M., Quisquater, J.-J.: Hessian Elliptic Curves and Side-Channel Attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 402–410. Springer, Heidelberg (2001)
Joye, M., Tymen, C.: Compact Encoding of Non-adjacent Forms with Applications to Elliptic Curve Cryptography. In: Kim, K.-c. (ed.) PKC 2001. LNCS, vol. 1992, pp. 353–364. Springer, Heidelberg (2001)
Karlof, C., Wagner, D.: Hidden markov model cryptanalysis. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 17–34. Springer, Heidelberg (2003)
Kocher, P.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Others Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Liardet, P.-Y., Smart, N.: Preventing SPA/DPA in ECC Systems Using the Jacobi Form. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 391–401. Springer, Heidelberg (2001)
Messerges, T., Dabbish, E., Sloan, R.: Power Analysis Attacks of Modular Exponentiation in Smartcards. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 144–157. Springer, Heidelberg (1999)
Morain, F., Olivos, J.: Speeding up the Computation on an Elliptic Curve using Addition-Substraction Chains. Inform. Theory Appl. 24, 531–543 (1990)
Okeya, K., Han, D.-G.: Side Channel Attack on Ha-Moon’s Countermeasure of Randomized Signed Scalar Multiplication. In: Advances in Cryptology – INDOCRYPT (2003) (to appear)
Okeya, K., Sakurai, K.: Power Analysis Attacks and Algorithmic Approaches to their Countermeasures for Koblitz curve Cryptosystems. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 93–108. Springer, Heidelberg (2000)
Okeya, K., Sakurai, K.: On Insecurity of the Side Channel Attack Countermeasure using Addition-Substraction Chains under Distinguishability Between Addition and Doubling. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 420–435. Springer, Heidelberg (2002)
Oswald, E.: Enhancing Simple Power-Analysis Attacks on Elliptic Curves Cryptosystems. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 82–97. Springer, Heidelberg (2003)
Oswald, E., Aigner, K.: Randomized Addition-substraction Chains as a Countermeasure against Power Attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 39–50. Springer, Heidelberg (2001)
Pollard, J.M.: Monte Carlo Methods for Index Computation (mod p). Mathematics of Computation 32(143), 918–924 (1978)
Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Communications of the ACM 21(2), 120–126 (1978)
RSA Laboratories. PKCS #1 v1.5 : RSA Encryption Standard (1993), Available at http://www.rsalabs.com/pkcs/pkcs-1
Schramm, K., Wollinger, T., Paar, C.: A New Class of Collision Attacks and its Application to DES. In: Johansson, T. (ed.) FSE 2003. LNCS, vol. 2887, pp. 206–222. Springer, Heidelberg (2003)
van Oorschot, P.C., Wiener, M.: On diffie-hellman key agreement with short exponents. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 332–343. Springer, Heidelberg (1996)
Walter, C.: Breaking the Liardet-Smart Randomized Exponentiation Algorithm. In: CARDIS (2002), Available at http://www.usenix.org/
Walter, C.D.: Issues of Security with the Oswald-Aigner Exponentiation Algorithm. In: Okamoto, T. (ed.) CT-RSA 2004. LNCS, vol. 2964, pp. 208–221. Springer, Heidelberg (2004)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2004 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Fouque, PA., Muller, F., Poupard, G., Valette, F. (2004). Defeating Countermeasures Based on Randomized BSD Representations. In: Joye, M., Quisquater, JJ. (eds) Cryptographic Hardware and Embedded Systems - CHES 2004. CHES 2004. Lecture Notes in Computer Science, vol 3156. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-28632-5_23
Download citation
DOI: https://doi.org/10.1007/978-3-540-28632-5_23
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-22666-6
Online ISBN: 978-3-540-28632-5
eBook Packages: Springer Book Archive