Abstract
In 2000, Lenstra and Verheul presented the XTR Public Key System which used a subgroup of the multiplicative group GF(p 6) with a compact representation. In two other papers, Han et al. analyzed the security against power analysis of the XTR algorithms presented by Lenstra and Verheul in 2000. In particular they showed that the XTR Single Exponentiation (XTR-SE) is vulnerable to a modification of the Refined Power Analysis (MRPA) and they presented a countermeasure based on the XTR double exponentiation. In the first part of this paper, we show that this countermeasure is not efficient for some particular inputs. For these inputs, an attacker has a probability of 2/3 to retrieve the secret exponent with only one power measurement. In a second part, we show that all the inputs used by Han et al. for MRPA are not valid inputs for XTR. As one of these dangerous inputs can also be obtained by Fault Injection, we discuss about the different scenarios of attacks and about their respective countermeasures.
Keywords
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsPreview
Unable to display preview. Download preview PDF.
References
Akishita, T., Takagi, T.: Zero-value Point Attacks on Elliptic Curve Cryptosystem. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 218–233. Springer, Heidelberg (2003)
Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The Sorcerer’s Apprentice Guide to Fault Attacks. In: Breveglieri, L., Koren, I. (eds.) Workshop on Fault Diagnosis and Tolerance in Cryptography – FDTC 2004, pp. 330–342. IEEE Computer Society, Los Alamitos (2004)
Ciet, M., Giraud, C.: Transient Fault Induction Attacks on XTR. In: López et al. [14], pp. 440–451
Fouque, P.-A., Valette, F.: The Doubling Attack: Why Upwards is better than Downwards. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 269–280. Springer, Heidelberg (2003)
Golic, J., Tymen, C.: Multiplicative masking and power analysis of AES. In: Kaliski Jr. et al. [10], pp. 198–212
Goubin, L.: A Refined Power-Analysis Attack on Elliptic Curve Cryptosystem. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 199–210. Springer, Heidelberg (2002)
Han, D.-G., Izu, T., Lim, J., Sakurai, K.: Modified Power-Analysis Attacks on XTR and an Efficient Countermeasure. In: López et al. [14], pp. 305–317
Han, D.-G., Lim, J., Sakurai, K.: On Security of XTR public key cryptosystems against Side Channel Attacks. In: Wang, H., Pieprzyk, J., Varadharajan, V. (eds.) ACISP 2004. LNCS, vol. 3108, pp. 454–465. Springer, Heidelberg (2004)
Itoh, K., Izu, T., Takenak, M.: Address-bit Differential Power Analysis of Cryptographic Schemes OK-ECDH and OK-ECDSA. In: Kaliski Jr. et al. [10], pp. 129–143
Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.): CHES 2002. LNCS, vol. 2523. Springer, Heidelberg (2003)
Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M.J. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Lenstra, A.K., Verheul, E.R.: The XTR public key system. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 1–19. Springer, Heidelberg (2000)
Lenstra, A.K., Verheul, E.R.: Fast irreductibility and subgroup membership testing in XTR. In: Kim, K. (ed.) PKC 2001. LNCS, vol. 1992, pp. 73–86. Springer, Heidelberg (2001)
López, J., Qing, S., Okamoto, E. (eds.): ICICS 2004. LNCS, vol. 3269. Springer, Heidelberg (2004)
Novak, R.: SPA-Based Adaptive Chosen-Ciphertext Attack on RSA Implementation. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 252–262. Springer, Heidelberg (2002)
Page, D., Stam, M.: On XTR and Side-Channel Analysis. In: Matsui, M., Zuccherato, R. (eds.) SAC 2004. LNCS, vol. 3357, pp. 54–68. Springer, Heidelberg (2004)
Shparlinski, I.E.: On the Generalized Hidden Number Problem and Bit Security of XTR. In: Bozta, S., Sphparlinski, I. (eds.) AAECC 2001. LNCS, vol. 2227, pp. 268–277. Springer, Heidelberg (2001)
Stam, M., Lenstra, A.K.: Speeding up XTR. In: Boyd, E. (ed.) ASIACRYPT 2001. LNCS, vol. 2248, pp. 125–143. Springer, Heidelberg (2001)
Verheul, E.R.: Evidence that XTR Is More Secure then Supersingular Elliptic Curve Cryptosystems. In: Pfitzmann, B. (ed.) EUROCRYPT 2001. LNCS, vol. 2045, pp. 195–210. Springer, Heidelberg (2001)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2005 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Bevan, R. (2005). Improved Zero Value Attack on XTR. In: Boyd, C., González Nieto, J.M. (eds) Information Security and Privacy. ACISP 2005. Lecture Notes in Computer Science, vol 3574. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11506157_18
Download citation
DOI: https://doi.org/10.1007/11506157_18
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-26547-4
Online ISBN: 978-3-540-31684-8
eBook Packages: Computer ScienceComputer Science (R0)