Abstract
Möller proposed a countermeasure using window method against side channel attacks. However, its immunity to side channel attacks is still controversial. In this paper, we show Möller's countermeasure is vulnerable to a second-order differential power analysis attack. A side channel attackis an attackthat takes advantage of information leaked during execution of a cryptographic procedure. An nth-order differential power analysis attackis the side channel attack which uses n different leaked data that correspond to n different intermediate values during the execution. Our proposed attackagainst Möller's countermeasure finds out the use of same elliptic points, and restricts candidates of the secret scalar value. In these circumstances, the attack completely detects the scalar value using Baby-Step-Giant-Step method as a direct- computational attack. For a 160-bit scalar value, the proposed attack restricts the number of candidates of the scalar to a 45-bit integer, and the direct-computational attackcan actually detect the scalar value. Besides, we improve Möller's countermeasure to prevent the proposed attack. We compare the original method and improved countermeasure in terms of the computational intractability and the computational cost of the scalar multiplication.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Brier, É., Joye, M., Weierstrass Elliptic Curves and Side-Channel Attacks, Public Key Cryptography (PKC 2002), LNCS2274, (2002), 335–345.
Cohen, H., Miyaji, A., Ono, T., Efficient Elliptic Curve Exponentiation Using Mixed Coordinates, Advances in Cryptology-ASIACRYPT’98, LNCS1514, (1998), 51–65.
Coron, J.S., Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems, Cryptographic Hardware and Embedded Systems (CHES’99), LNCS1717, (1999), 292–302.
National Bureau of Standards, Data Encryption Standard, Federal Information Processing Standards Publication 46 (FIPS PUB 46), (1977).
Fischer, W., Giraud, C., Knudsen, E.W., Seifert, J.P., Parallel scalar multiplication on general elliptic curves over F p hedged against Non-Differential Side-Channel Attacks, International Association for Cryptologic Research (IACR), Cryptology ePrint Archive 2002/007, (2002). Available at http://eprint.iacr.org/
Hasan, M.A., Power Analysis Attacks and Algorithmic Approaches to Their Countermeasures for Koblitz Curve Cryptosystems, Cryptographic Hardware and Embedded Systems (CHES 2000), LNCS1965, (2000), 93–108.
Izu, T., Takagi, T., A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks, Public Key Cryptography (PKC 2002), LNCS2274, (2002), 280–296.
Joye, M., Quisquater, J.J., Hessian elliptic curves and side-channel attacks, Cryptographic Hardware and Embedded Systems (CHES 2001), LNCS2162, (2001), 402–410.
Joye, M., Tymen, C., Protections against Differential Analysis for Elliptic Curve Cryptography-An Algebraic Approach-, Cryptographic Hardware and Embedded Systems (CHES 2001), LNCS2162, (2001), 377–390.
Koblitz, N., Elliptic curve cryptosystems, Math. Comp. 48, (1987), 203–209.
Kocher, C., Cryptanalysis of Difie-Hellman, RSA, DSS, and Other Systems Using Timing Attacks. Available at http://www.cryptography.com/
Kocher, C., Timing Attacks on Implementations of Diffie-Hellman, RSA,DSS, and Other Systems, Advances in Cryptology-CRYPTO’96, LNCS1109, (1996), 104–113.
Kocher, C., Jaffe, J., Jun, B., Introduction to Differential Power Analysis and Related Attacks. Available at http://www.cryptography.com/dpa/technical/index.html
Kocher, C., Jaffe, J., Jun, B., Differential Power Analysis, Advances in Cryptology-CRYPTO’99, LNCS1666, (1999), 388–397.
Lim, C.H., Hwang, H.S., Fast implementation of Elliptic Curve Arithmetic in GF(p m), Public Key Cryptography (PKC 2000), LNCS1751, (2000), 405–421.
Liardet, P.Y., Smart, N.P., Preventing SPA/DPA in ECC systems using the Jacobi form, Cryptographic Hardware and Embedded System (CHES 2001), LNCS2162, (2001), 391–401.
Messerges, T.S., Using Second-Order Power Analysis to Attack DPA Resistant Software, Cryptographic Hardware and Embedded System (CHES 2000), LNCS1965, (2000), 238–251.
Miller, V.S., Use of elliptic curves in cryptography, Advances in Cryptology-CRYPTO’85, LNCS218,(1986), 417–426.
Möller, B., Securing Elliptic Curve Point Multiplication against Side-Channel Attacks, Information Security (ISC2001), LNCS2200, (2001), 324–334.
Oswald, E., Aigner, M., Randomized Addition-Subtraction Chains as a Countermeasure against Power Attacks, Cryptographic Hardware and Embedded Systems (CHES’01), LNCS2162, (2001), 39–50.
Okeya, K., Miyazaki, K., Sakurai, K., A Fast Scalar Multiplication Method with Randomized Projective Coordinates on a Montgomery-form Elliptic Curve Secure against Side Channel Attacks, The 4th International Conference on Information Security and Cryptology (ICISC 2001), LNCS2288, (2002), 428–439.
Okeya, K., Sakurai, K., Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack, Progress in Cryptology-INDOCRYPT 2000, LNCS1977, (2000), 178–190.
Okeya, K., Sakurai, K., On Insecurity of the Side Channel Attack Countermeasure using Addition-Subtraction Chains under Distinguishability between Addition and Doubling, The 7th Australasian Conference in Information Security and Privacy, (ACISP 2002), LNCS2384, (2002), 420–435.
Pollard, J.M., Monte Carlo methods for index computation (mod p), Math. Comp. 32, (1978), 918–924.
Rivest, R.L., Shamir, A., Adleman, L., A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, Communications of the ACM, Vol.21, No.2, (1978), 120–126.
Shanks, D., Class number, a theory of factorization and genera, In Proc. Symp. Pure Math. 20, (1971), 415–440.
Teske, E., Square-root Algorithms for the Discrete Logarithm Problem (A Survey), Public-Key Cryptography and Computational Number Theory, Walter de Gruyter, (2001), 283–301.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Okeya, K., Sakurai, K. (2002). A Second-Order DPA Attack Breaks a Window-Method Based Countermeasure against Side Channel Attacks. In: Chan, A.H., Gligor, V. (eds) Information Security. ISC 2002. Lecture Notes in Computer Science, vol 2433. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45811-5_30
Download citation
DOI: https://doi.org/10.1007/3-540-45811-5_30
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-44270-7
Online ISBN: 978-3-540-45811-1
eBook Packages: Springer Book Archive