New Power Analysis on the Ha-Moon Algorithm and the MIST Algorithm
- 705 Downloads
Side channel attacks have been attracted by most implementers of cryptographic primitives. And Randomized Exponentiation Algorithm (REA) is believed to be a good countermeasure against them. This paper analyzes the security of the two well-known REAs, the Ha-Moon algorithm and the MIST algorithm. Finding the fact that the intermediate values are variable in two cases, this paper shows that Ha-Moon algorithm is not secure even when it deploys both randomized binary recording technique and branch removing technique for DPA and SPA, respectively. In addition, this paper analyzes the security of the MIST algorithm. Some adaptively chosen ciphertext attacker can lower the security deeply, which can be placed more below than Walter’s analysis.
KeywordsHa-Moon algorithm MIST algorithm randomized exponentiation algorithm power analysis
Unable to display preview. Download preview PDF.
- 2.Ebeid, N., Hasan, A.: Analysis of DPA countermeasures based on randomizing the binary algorithm. Technical Report, CORR 2003-14, Centre for Applied Cryptographic Research, Univ. of Waterloo (2003)Google Scholar
- 3.Ebeid, N., Hasan, A.: On randomizing private keys to counteract DPA attacks. Technical Report, CORR 2003-11, Centre for Applied Cryptographic Research, Univ. of Waterloo (2003)Google Scholar
- 11.Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
- 17.Okeya, K., Sakurai, K.: A multiple power analysis breaks the advanced version of the randomized addition-subtraction chains countermeasure against side channel attacks. In: IEEE Information Theory Workshop - ITW 2003, pp. 175–178 (2003)Google Scholar
- 19.Oswald, E.: A very short note on the security of the MIST exponentiation algorithm (2002) (preprint), Available from http://www.iaik.tugraz.at/aboutus/people/oswald
- 24.Walter, C.D.: Breaking the Liardet-Smart randomized exponentiation algorithm. In: CARDIS 2002, pp. 59–68, USENIX Assoc. (2002)Google Scholar