Skip to main content
SpringerLink
Log in
Book cover

International Conference on Information Security and Cryptology

ICISC 2001: Information Security and Cryptology — ICISC 2001 pp 414–427Cite as

A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 2288))

Abstract

Recently, many research works have been reported about how physical cryptanalysis can be carried out on cryptographic devices by exploiting any possible leaked information through side channels. In this paper, we demonstrate a new type of safe-error based hardware fault cryptanalysis which is mounted on a recently reported countermeasure against simple power analysis attack. This safe-error based attack is developed by inducing a temporary random computational fault other than a temporary memory fault which was explicitly assumed in the first published safe-error based attack (in which more precisions on timing and fault location are assumed) proposed by Yen and Joye. Analysis shows that the new safe-error based attack proposed in this paper is powerful and feasible because the cryptanalytic complexity (especially the computational complexity) is quite small and the assumptions made are more reasonable. Existing research works considered many possible countermeasures against each kind of physical cryptanalysis. This paper and a few previous reports clearly show that a countermeasure developed against one physical attack does not necessarily thwart another kind of physical attack. However, almost no research has been done on dealing the possible mutual relationship between different kinds of physical cryptanalysis when choosing a specific countermeasure. Most importantly, in this paper we wish to emphasize that a countermeasure developed against one physical attack if not carefully examined may benefit another physical attack tremendously. This issue has never been explicitely noticed previously but its importance can not be overlooked because of the attack found in this paper. Notice that almost all the issues considered in this paper on a modular exponentiation also applies to a scalar multiplication over an elliptic curve.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. R.L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystem,” Commun. of ACM, vol. 21, no. 2, pp. 120–126, 1978.

    Article  MATH  MathSciNet  Google Scholar 

  2. T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete logarithms,” IEEE Trans. Inf. Theory, vol. 31, no. 4, pp. 469–472, 1985.

    Article  MATH  MathSciNet  Google Scholar 

  3. R. Anderson and M. Kuhn, “Tamper resistance-a cautionary note,” In Proceedings of the 2nd USENIX Workshop on Electronic Commerce, pp. 1–11, 1996.

    Google Scholar 

  4. R. Anderson and M. Kuhn, “Low cost attacks on tamper resistant devices,” In Preproceedings of the 1997 Security Protocols Workshop, Paris, France, 7–9th April 1997.

    Google Scholar 

  5. D. Boneh, “Twenty years of attacks on the RSA cryptosystem,” Notices of the AMS, vol. 46, no. 2, pp. 203–213, Feb 1999.

    MATH  MathSciNet  Google Scholar 

  6. Bellcore Press Release, “New threat model breaks crypto codes,” Sept. 1996, available at URL <http://www.bellcore.com/PRESS/ADVSRY96/facts.html>.

  7. D. Boneh, R.A. DeMillo, and R.J. Lipton, “On the importance of checking cryptographic protocols for faults,” In Advances in Cryptology-EUROCRYPT’97, LNCS 1233, pp. 37–51, Springer-Verlag, 1997.

    Google Scholar 

  8. F. Bao, R.H. Deng, Y. Han, A. Jeng, A.D. Narasimbalu, and T. Ngair, “Breaking public key cryptosystems on tamper resistant devices in the presence of transient faults,” In Pre-proceedings of the 1997 Security Protocols Workshop, Paris, France, 1997.

    Google Scholar 

  9. Y. Zheng and T. Matsumoto, “Breaking real-world implementations of cryptosystems by manipulating their random number generation,” In Pre-proceedings of the 1997 Symposium on Cryptography and Information Security, Fukuoka, Japan, 29th January–1st February 1997. An earlier version was presented at the rump session of ASIACRYPT’96.

    Google Scholar 

  10. I. Peterson, “Chinks in digital armor-Exploiting faults to break smart-card cryptosystems,” Science News, vol. 151, no. 5, pp. 78–79, 1997.

    Article  Google Scholar 

  11. M. Joye, J.-J. Quisquater, F. Bao, and R.H. Deng, “RSA-type signatures in the presence of transient faults,” In Cryptography and Coding, LNCS 1355, pp. 155–160, Springer-Verlag, 1997.

    Chapter  Google Scholar 

  12. D.P. Maher, “Fault induction attacks, tamper resistance, and hostile reverse engineering in perspective,” In Financial Cryptography, LNCS 1318, pp. 109–121, Springer-Verlag, Berlin, 1997.

    Google Scholar 

  13. E. Biham and A. Shamir, “Differential fault analysis of secret key cryptosystems,” In Advances in Cryptology-CRYPTO’97, LNCS 1294, pp. 513–525, Springer-Verlag, Berlin, 1997.

    Chapter  Google Scholar 

  14. A.K. Lenstra, “Memo on RSA signature generation in the presence of faults,” September 1996.

    Google Scholar 

  15. M. Joye, A.K. Lenstra, and J.-J. Quisquater, “Chinese remaindering based cryptosystems in the presence of faults,” Journal of Cryptology, vol. 12, no. 4, pp. 241–245, 1999.

    Article  MATH  Google Scholar 

  16. M. Joye, F. Koeune, and J.-J. Quisquater, “Further results on Chinese remaindering,” Tech. Report CG-1997/1, UCL Crypto Group, Louvain-la-Neuve, March 1997.

    Google Scholar 

  17. A. Shamir, “How to check modular exponentiation,” presented at the rump session of EUROCRYPT’97, Konstanz, Germany, 11–15th May 1997.

    Google Scholar 

  18. A. Shamir, “Method and apparatus for protecting public key schemes from timing and fault attacks,” United States Patent 5991415, November 23, 1999.

    Google Scholar 

  19. S.M. Yen and M. Joye, “Checking before output may not be enough against faultbased cryptanalysis,” IEEE Trans. on Computers, vol. 49, no. 9, pp. 967–970, Sept. 2000.

    Article  Google Scholar 

  20. P.J. Smith and M.J.J. Lennon, “LUC: A new public key system,” In Ninth IFIP Symposium on Computer Security, Elsevier Science Publishers, pp. 103–117, 1993.

    Google Scholar 

  21. I.F. Blake, G. Seroussi, and N.P. Smart. Elliptic curves in cryptography. vol. 265 of London Mathematical Society Lecture Note Series, Cambridge University Press, 1999.

    Google Scholar 

  22. P. Kocher, “Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems,” In Advances in Cryptology-CRYPTO’96, LNCS 1109, pp. 104–113, Springer-Verlag, 1996.

    Google Scholar 

  23. J.F. Dhem, F. Koeune, P.A. Leroux, P. Mestre, J.J. Quisquater, and J.L. Willems, “A practical implementation of the timing attack,” Technical Report CG-1998/1, UCL Crypto Group, Université catholique de Louvain, June 1998.

    Google Scholar 

  24. J.F. Dhem, F. Koeune, P.A. Leroux, P. Mestre, J.J. Quisquater, and J.L. Willems, “A practical implementation of the timing attack,” In Proceedings of CARDIS’ 98-Third Smart Card Research and Advanced Application Conference, UCL, Louvainla-Neuve, Belgium, Sep. 14–16, 1998.

    Google Scholar 

  25. F. Koeune and J.-J. Quisquater, “A timing attack against Rijndael,” Technical Report CG-1999/1, Université catholique de Louvain, June 1999.

    Google Scholar 

  26. W. Schindler, “A timing attack against RSA with the Chinese Remainder Theorem,” In Cryptographic Hardware and Embedded Systems-CHES 2000, LNCS 1965, pp. 109–124, Springer-Verlag, 2000.

    Chapter  Google Scholar 

  27. B.S. Kaliski Jr. and M.J.B. Robshaw, “Comments on some new attacks on cryptographic devices,” RSA Laboratories Bulletin, no. 5, July 1997.

    Google Scholar 

  28. P. Kocher, J. Jaffe and B. Jun, “Introduction to differential power analysis and related attacks,” 1998, available at URL <http://www.cryptography.com/dpa/technical>.

  29. P. Kocher, J. Jaffe and B. Jun, “Differential power analysis,” In Advances in Cryptology-CRYPTO’99, LNCS 1666, pp. 388–397, Springer-Verlag, 1999.

    Google Scholar 

  30. T.S. Messerges, E.A. Dabbish, and R.H. Sloan, “Power analysis attacks of modular exponentiation in smartcards,” In Cryptographic Hardware and Embedded Systems-CHES’ 99, LNCS 1717, pp. 144–157, Springer-Verlag, 1999.

    Google Scholar 

  31. C. Clavier, J.-S. Coron, and N. Dabbous, “Differential power analysis in the presence of hardware countermeasures,” In Cryptographic Hardware and Embedded Systems-CHES 2000, LNCS 1965, pp. 252–263, Springer-Verlag, 2000.

    Chapter  Google Scholar 

  32. K. Okeya and K. Sakurai, “Power analysis breaks elliptic curve cryptosystems even secure against the timing attack,” In Advances in Cryptology-INDOCRYPT2000, LNCS 1977, pp. 178–190, Springer-Verlag, 2000.

    Google Scholar 

  33. C.D. Walter, “Sliding windows succumbs to big mac attack,” In Pre-proceedings of Workshop on Cryptographic Hardware and Embedded Systems-CHES 2001, pp. 291–304, May 13–16, 2001.

    Google Scholar 

  34. C. Clavier and M. Joye, “Universal exponentiation algorithm: A first step towards provable SPA-resistance,” In Pre-proceedings of Workshop on Cryptographic Hardware and Embedded Systems-CHES 2001, pp. 305–314, May 13–16, 2001.

    Google Scholar 

  35. T.S. Messerges, E.A. Dabbish, and R.H. Sloan, “Investigations of power analysis attacks on smartcards,” In Proceedings of USENIX Workshop on Smartcard Technology, pp. 151–161, May 1999.

    Google Scholar 

  36. L. Goubin and J. Patarin, “DES and differential power analysis-The duplication method,” In Cryptographic Hardware and Embedded Systems-CHES’ 99, LNCS 1717, pp. 158–172, Springer-Verlag, 1999.

    Google Scholar 

  37. E. Biham and A. Shamir, “Power analysis of the key scheduling of the AES candidates,” In Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, pp. 115–121, March 1999, available at URL <http://csrc.nist.gov/encryption/aes/round1/Conf2/aes2conf.html>.

  38. S. Chari, C.S. Jutla, J.R. Rao, and P. Rohatgi, “A cautionary note regarding evaluation of AES candidates on smart-cards,” In Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, pp. 133–147, March 1999, available at URL <http://csrc.nist.gov/encryption/aes/round1/Conf2/aes2conf.html>.

  39. S. Chari, C.S. Jutla, J.R. Rao, and P. Rohatgi, “Towards sound approaches to counteract power-analysis attacks,” In Advances in Cryptology-CRYPTO’99, LNCS 1666, pp. 398–412, Springer-Verlag, 1999.

    Google Scholar 

  40. J. Daemen and V. Rijmen, “Resistance against implementation attacks: A comparative study of the AES proposals,” In Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, pp. 122–132, March 1999, available at URL <http://csrc.nist.gov/encryption/aes/round1/Conf2/aes2conf.html>.

  41. P.N. Fahn and P.K. Pearson, “IPA: A new class of power attacks,” In Cryptographic Hardware and Embedded Systems-CHES’ 99, LNCS 1717, pp. 173–186, Springer-Verlag, 1999.

    Google Scholar 

  42. T.S. Messerges, “Securing the AES finalists against power analysis attacks,” In Proceedings of Fast Software Encryption Workshop-FSE 2000, LNCS 1978, Springer-Verlag, 2000.

    Google Scholar 

  43. J.-S. Coron and L. Goubin, “On boolean and arithmetic masking against differential power analysis,” In Cryptographic Hardware and Embedded Systems-CHES 2000, LNCS 1965, pp. 231–237, Springer-Verlag, 2000.

    Chapter  Google Scholar 

  44. T.S. Messerges, “Using second-order power analysis to attack DPA resistant software,” In Cryptographic Hardware and Embedded Systems-CHES 2000, LNCS 1965, pp. 238–251, Springer-Verlag, 2000.

    Chapter  Google Scholar 

  45. L. Goubin, “A sound method for switching between boolean and arithmetic masking,” In Pre-proceedings of Workshop on Cryptographic Hardware and Embedded Systems-CHES 2001, pp. 3–15, May 13–16, 2001.

    Google Scholar 

  46. M. Akkar and C. Giraud, “An implementation of DES and AES, secure against some attacks,” In Pre-proceedings of Workshop on Cryptographic Hardware and Embedded Systems-CHES 2001, pp. 315–325, May 13–16, 2001.

    Google Scholar 

  47. A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone. Handbook of applied cryptography. CRC Press, 1997.

    Google Scholar 

  48. G.R. Blakley, “A computer algorithm for the product AB modulo M,” IEEE Transactions on Computers, vol. 32, no. 5, pp. 497–500, May 1983.

    Article  MATH  Google Scholar 

  49. K.R. Sloan, Jr., Comments on “A computer algorithm for the product AB modulo M,” IEEE Transactions on Computers, vol. 34, no. 3, pp. 290–292, March 1985.

    Article  MathSciNet  Google Scholar 

  50. Ç.K. Koç, “RSA hardware implementation,” Technical Report TR 801, RSA Laboratories, Redwood City, April 1996

    Google Scholar 

  51. S.M. Yen and S.Y. Tseng, “Differential power cryptanalysis of a Rijndael implementation,” LCIS Technical Report TR-2K1-9, Dept. of Computer Science and Information Engineering, National Central University, Taiwan, May 3, 2001.

    Google Scholar 

  52. M. Joye, J.-J. Quisquater, S.M. Yen, and M. Yung, “Observability analysis-detecting when improved cryptosystems fail,” In Proceedings of the CT-RSA 2002 Conference, 2002. (to appear)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Laboratory of Cryptography and Information Security (LCIS), Department of Computer Science and Information Engineering, National Central University, 320, Chung-Li, Taiwan, R.O.C.

    Yen Sung-Ming

  2. Cryptographic Technology Team, Information Security Technology Department, Korea Information Security Agency, 78, Garak-Dong, Songpa-Gu, 138-803, Seoul, Korea

    Seungjoo Kim & Seongan Lim

  3. School of Electronic and Electrical Engineering, Kyungpook National University, 702-701, Taegu, Korea

    Sangjae Moon

Authors
  1. Yen Sung-Ming
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Seungjoo Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Seongan Lim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Sangjae Moon
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. International Research center for Information Security (IRIS), Information and Communications University (ICU), 58-4, Hwaam-dong-Yusong-gu, 305-732, Daejeon, Korea

    Kwangjo Kim

Rights and permissions

Reprints and permissions

Copyright information

© 2002 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Sung-Ming, Y., Kim, S., Lim, S., Moon, S. (2002). A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack. In: Kim, K. (eds) Information Security and Cryptology — ICISC 2001. ICISC 2001. Lecture Notes in Computer Science, vol 2288. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45861-1_31

Download citation

  • DOI: https://doi.org/10.1007/3-540-45861-1_31

  • Published:

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-43319-4

  • Online ISBN: 978-3-540-45861-6

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation