Updated Recommendations for Blinded Exponentiation vs. Single Trace Analysis
Side-channel analysis has become a very powerful tool helpful for attackers trying to recover the secrets embedded in microprocessors such as smartcards. Since the initial publications from Kocher et al. many improvements on side-channel techniques have been proposed. At the same time developers have designed countermeasures to counterfeit those threats. The challenge for securing smart devices remains rough. The most complex techniques like Differential, Correlation and Mutual-information analysis are more studied today than simple side-channel analysis which seems less considered as said less powerful. We revisit in this paper the simple side-channel analysis attacks previously published. Relying on previous leakage models we design two new methods to build chosen message which allows more efficient analysis on blinded exponentiation. We also show that, contrarily to common belief, with our chosen message method simple side-channel analysis can be successful also in some hashed message models. In a second step we introduce a more precise but realistic leakage model for hardware multipliers which leads us to new results on simple side-channel efficiency. Relying on these models we show that even with big base multipliers leakages can be exploited to recover the secret exponent on blinded exponentiations.
Keywordsside-channel analysis arithmetic coprocessor long integer algorithms exponentiation padding
Unable to display preview. Download preview PDF.
- 1.Avanzi, R.-M., Cohen, H., Doche, C., Frey, G., Lange, T., Nguyen, K., Verkauteren, F.: Handbook of Elliptic and Hyperelliptic Curve Cryptography (2006)Google Scholar
- 2.Bellare, M., Rogaway, P.: Random Oracles are Practical: A Paradigm for Designing Efficient Protocols. In: ACM Conference on Computer and Communications Security, pp. 62–73 (1993)Google Scholar
- 6.Clavier, C., Feix, B.: Updated recommendations for blinded exponentiation vs. single trace analysis - extended version. IACR Cryptology ePrint Archive (2013)Google Scholar
- 10.Dhem, J.-F.: Design of an efficient public-key cryptographic library for RISC-based smart cards. PhD thesis, Université catholique de Louvain, Louvain (1998)Google Scholar
- 17.Joye, M.: Highly regular m-ary powering ladders, pp. 135–147Google Scholar
- 18.Joye, M.: Protecting RSA against fault attacks: The embedding method. In: Breveglieri, L., Koren, I., Naccache, D., Oswald, E., Seifert, J.-P. (eds.) Sixth International Workshop on Fault Diagnosis and Tolerance in Cryptography, FDTC 2009, pp. 41–45. IEEE Computer Society (2009)Google Scholar
- 19.Kocher, P.C.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
- 21.Mayer Sommer, R.: Smartly Analyzing the Simplicity and the Power of Simple Power Analysis on Smartcards, pp. 78–92Google Scholar
- 22.Menezes, A., van Oorschot, P.C., Vanstone, S.A.: Handbook of Applied Cryptography. CRC Press (1996)Google Scholar
- 25.Standaert, F.-X., Gierlichs, B., Verbauwhede, I.: Partition vs. Comparison Side-Channel Distinguishers: An Empirical Evaluation of Statistical Tests for Univariate Side-Channel Attacks against Two Unprotected CMOS Devices. In: Lee, P.J., Cheon, J.H. (eds.) ICISC 2008. LNCS, vol. 5461, pp. 253–267. Springer, Heidelberg (2009)CrossRefGoogle Scholar
- 26.Yen, S.-M., Lien, W.-C., Moon, S.-J., Ha, J.C.: Power Analysis by Exploiting Chosen Message and Internal Collisions – Vulnerability of Checking Mechanism for RSA-Decryption. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 183–195. Springer, Heidelberg (2005)CrossRefGoogle Scholar