Advertisement

New Power Analysis on the Ha-Moon Algorithm and the MIST Algorithm

  • Sang Gyoo Sim
  • Dong Jin Park
  • Pil Joong Lee
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3269)

Abstract

Side channel attacks have been attracted by most implementers of cryptographic primitives. And Randomized Exponentiation Algorithm (REA) is believed to be a good countermeasure against them. This paper analyzes the security of the two well-known REAs, the Ha-Moon algorithm and the MIST algorithm. Finding the fact that the intermediate values are variable in two cases, this paper shows that Ha-Moon algorithm is not secure even when it deploys both randomized binary recording technique and branch removing technique for DPA and SPA, respectively. In addition, this paper analyzes the security of the MIST algorithm. Some adaptively chosen ciphertext attacker can lower the security deeply, which can be placed more below than Walter’s analysis.

Keywords

Ha-Moon algorithm MIST algorithm randomized exponentiation algorithm power analysis 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  2. 2.
    Ebeid, N., Hasan, A.: Analysis of DPA countermeasures based on randomizing the binary algorithm. Technical Report, CORR 2003-14, Centre for Applied Cryptographic Research, Univ. of Waterloo (2003)Google Scholar
  3. 3.
    Ebeid, N., Hasan, A.: On randomizing private keys to counteract DPA attacks. Technical Report, CORR 2003-11, Centre for Applied Cryptographic Research, Univ. of Waterloo (2003)Google Scholar
  4. 4.
    Fouque, P.-A., Muller, F., Poupard, G., Valette, F.: Defeating countermeasures based on randomized BSD representation. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 312–327. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  5. 5.
    Fouque, P.-A., Valette, F.: The doubling attack - why upwards is better than downwards. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 269–280. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  6. 6.
    Goubin, L.: A refinded power-analysis attack on elliptic curve cryptosystems. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 199–210. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  7. 7.
    Ha, J.C., Moon, S.J.: Randomized signed-scalar multiplication of ECC to resist power attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 551–563. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  8. 8.
    Han, D.-G., Okeya, K., Kim, T.H., Hwang, Y.S., Park, Y.H., Jung, S.: Cryptanalysis of the countermeasures using randomized binary signed digits. In: Jakobsson, M., Yung, M., Zhou, J. (eds.) ACNS 2004. LNCS, vol. 3089, pp. 398–413. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  9. 9.
    Han, D.-G., Chang, N.S., Jung, S.W., Park, Y.-H., Kim, C.H., Ryu, H.: Cryptanalysis of the full version randomized addition-subtraction chains. In: Safavi-Naini, R., Seberry, J. (eds.) ACISP 2003. LNCS, vol. 2727, pp. 67–78. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Itoh, K., Yajima, J., Takenaka, M., Torii, N.: DPA countermeasures by improving the window method. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 303–317. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  11. 11.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  12. 12.
    Liardet, P.-Y., Smart, N.P.: Preventing SPA/DPA in ECC systems using the Jacobi Form. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 391–401. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  13. 13.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Power analysis attacks of modular exponentiation in smartcards. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 144–157. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  14. 14.
    Okeya, K., Han, D.-G.: Side channel attack on Ha-Moon’s countermeasure of randomized signer scalar multiplication. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 334–348. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  15. 15.
    Okeya, K., Sakurai, K.: On insecurity of the side channel attack countermeasure using addition-subtraction chains under distinguishability between addition and doubling. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 420–435. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  16. 16.
    Okeya, K., Takagi, T.: A more flexible countermeasure against side channel attacks using window method. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 397–410. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  17. 17.
    Okeya, K., Sakurai, K.: A multiple power analysis breaks the advanced version of the randomized addition-subtraction chains countermeasure against side channel attacks. In: IEEE Information Theory Workshop - ITW 2003, pp. 175–178 (2003)Google Scholar
  18. 18.
    Oswald, E., Aigner, M.: Randomized addition-subtraction chains as a countermeasure against power attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 39–50. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  19. 19.
    Oswald, E.: A very short note on the security of the MIST exponentiation algorithm (2002) (preprint), Available from http://www.iaik.tugraz.at/aboutus/people/oswald
  20. 20.
    Walter, C.D.: Exponentiation using division chains. IEEE Transactions on Computers 47(7), 757–765 (1998)CrossRefGoogle Scholar
  21. 21.
    Walter, C.D.: Sliding windows succumbs to Big Mac attack. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 286–299. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  22. 22.
    Walter, C.D.: MIST: an efficient, randomized exponentiation algorithm for resisting power analysis. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 53–66. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  23. 23.
    Walter, C.D.: Some security aspects of the MIST randomized exponentiation algorithm. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 276–290. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  24. 24.
    Walter, C.D.: Breaking the Liardet-Smart randomized exponentiation algorithm. In: CARDIS 2002, pp. 59–68, USENIX Assoc. (2002)Google Scholar
  25. 25.
    Walter, C.D.: Seeing through MIST given a small fraction of an RSA private key. In: Joye, M. (ed.) CT-RSA 2003. LNCS, vol. 2612, pp. 391–402. Springer, Heidelberg (2003)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Sang Gyoo Sim
    • 1
  • Dong Jin Park
    • 2
  • Pil Joong Lee
    • 2
  1. 1.Penta Security Systems IncSeoulKorea
  2. 2.IS Lab, Dept. of EEEPOSTECHPohangKorea

Personalised recommendations