Two Operands of Multipliers in Side-Channel Attack

Sugawara, Takeshi; Suzuki, Daisuke; Saeki, Minoru

doi:10.1007/978-3-319-21476-4_5

Takeshi Sugawara¹⁵,
Daisuke Suzuki¹⁵ &
Minoru Saeki¹⁵

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 9064))

Included in the following conference series:

International Workshop on Constructive Side-Channel Analysis and Secure Design

1187 Accesses
7 Citations

Abstract

The single-shot collision attack on RSA proposed by Hanley et al. is studied focusing on the difference between two operands of multipliers. There are two consequences. Firstly, designing order of operands can be a cost-effective countermeasure.We show a concrete example in which operand order determines success and failure of the attack. Secondly, countermeasures can be ineffective if the asymmetric leakage is considered. In addition to the main results, the attack by Hanley et al. is extended using the signal-processing technique of the big mac attack. An experimental result to successfully analyze an FPGA implementation of RSA with the multiply-always method is also presented.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Notes

1.
Clavier et al. proposed another single-shot extension [15]. The purpose of the attack is to distinguish multiplication and squaring. There is a practical result on a software implementation.
2.
The method can be thought as a missing variant with “regular algorithm + unknown message” in the categorization by Bauer et al. [10].
3.
Note that Walter and Samyde noticed that leakage from the Booth recoding is not the one by the Hamming-weight model [13]. However, the difference between operands was not discussed.
4.
Hanley et al. considered more general cases considering a collision between input and output. However, the input-output collision was very weak in our setup.

References

Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Chapter Google Scholar
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks: Revealing the Secrets of Smart Cards. Springer-Verlag, New York (2007)
Google Scholar
Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, p. 292. Springer, Heidelberg (1999)
Chapter Google Scholar
Amiel, F., Feix, B., Tunstall, M., Whelan, C., Marnane, W.P.: Distinguishing multiplications from squaring operations. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 346–360. Springer, Heidelberg (2009)
Chapter Google Scholar
Homma, N., Miyamoto, A., Aoki, T., Satoh, A., Shamir, A.: Collision-based power analysis of modular exponentiation using chosen-message pairs. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 15–29. Springer, Heidelberg (2008)
Chapter Google Scholar
Heyszl, J., Ibing, A., Mangard, S., De Santis, F., Sigl, G.: Clustering algorithms for non-profiled single-execution attacks on exponentiations. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 79–93. Springer, Heidelberg (2014)
Google Scholar
Perin, G., Imbert, L., Torres, L., Maurine, P.: Attacking randomized exponentiations using unsupervised learning. In: Prouff, E. (ed.) COSADE 2014. LNCS, vol. 8622, pp. 144–160. Springer, Heidelberg (2014)
Google Scholar
Hanley, N., Kim, H.,Tunstall, M.: Exploiting collisions in addition chain-based exponentiation algorithms using a single trace. Cryptography ePrint Archive: Report 2012/485. http://eprint.iacr.org/2012/485
Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Horizontal correlation analysis on exponentiation. In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 46–61. Springer, Heidelberg (2010)
Chapter Google Scholar
Bauer, A., Jaulmes, E., Prouff, E., Wild, J.: Horizontal and vertical side-channel attacks against secure RSA implementations. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 1–17. Springer, Heidelberg (2013)
Chapter Google Scholar
Bajard, J.-C., Imbert, L., Liardet, P.-Y., Teglia, Y.: Leak resistant arithmetic. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 62–75. Springer, Heidelberg (2004)
Chapter Google Scholar
Walter, C.D.: Sliding windows succumbs to Big Mac attack. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, p. 286. Springer, Heidelberg (2001)
Chapter Google Scholar
Walter, C.D.,Samyde, D.: Data Dependent Power Use in Multipliers. In: 17thIEEE Symposium on Computer Arithmetic (ARITH 2005)
Google Scholar
Witteman, M.F., van Woudenberg, J.G.J., Menarini, F.: Defeating RSA multiply-always and message blinding countermeasures. In: Kiayias, A. (ed.) CT-RSA 2011. LNCS, vol. 6558, pp. 77–88. Springer, Heidelberg (2011)
Chapter Google Scholar
Clavier, C., Feix, B., Gagnerot, G., Giraud, C., Roussellet, M., Verneuil, V.: ROSETTA for single trace analysis. In: Galbraith, S., Nandi, M. (eds.) INDOCRYPT 2012. LNCS, vol. 7668, pp. 140–155. Springer, Heidelberg (2012)
Chapter Google Scholar
Koç, C.K., Acar, T., Kaliski Jr, B.S.: Analyzing and comparing montgomery multiplication algorithms. Micro, IEEE 16(3), 26–33 (1996)
Article Google Scholar
Koren, I.: Computer Arithmetic Algorithms, 2nd edn. A K Peters, CRC Press, Boston, Boca Raton (2001)
Google Scholar
Sugawara, T., Suzuki, D., Saeki, M., Shiozaki, M., Fujino, T.: On measurable side-channel leaks inside ASIC design primitives. In: Bertoni, G., Coron, J.-S. (eds.) CHES 2013. LNCS, vol. 8086, pp. 159–178. Springer, Heidelberg (2013)
Chapter Google Scholar
Okeya, K., Sakurai, K.: A second-order DPA attack breaks a window-method based countermeasure against side channel attacks. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, p. 389. Springer, Heidelberg (2002)
Chapter Google Scholar
AIST, Side-Channel Attack Standard Evaluation Board. http://www.risec.aist.go.jp/project/sasebo/

Download references

Acknowledgement

The authors would like to thank the anonymous reviewers at COSADE 2015 for their valuable comments. The study was conducted as a part of the CREST Dependable VLSI Systems Project funded by the Japan Science and Technology Agency.

Author information

Authors and Affiliations

Mitsubishi Electric Corporation, Kamakura, Japan
Takeshi Sugawara, Daisuke Suzuki & Minoru Saeki

Authors

Takeshi Sugawara
View author publications
You can also search for this author in PubMed Google Scholar
Daisuke Suzuki
View author publications
You can also search for this author in PubMed Google Scholar
Minoru Saeki
View author publications
You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Takeshi Sugawara .

Editor information

Editors and Affiliations

Graz University of Technology, Graz, Austria
Stefan Mangard
NXP Semiconductors Germany GmbH, Hamburg, Germany
Axel Y. Poschmann

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Sugawara, T., Suzuki, D., Saeki, M. (2015). Two Operands of Multipliers in Side-Channel Attack. In: Mangard, S., Poschmann, A. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2015. Lecture Notes in Computer Science(), vol 9064. Springer, Cham. https://doi.org/10.1007/978-3-319-21476-4_5

Download citation

DOI: https://doi.org/10.1007/978-3-319-21476-4_5
Published: 17 July 2015
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-21475-7
Online ISBN: 978-3-319-21476-4
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics