Skip to main content
SpringerLink
Log in

On Randomized Addition-Subtraction Chains to Counteract Differential Power Attacks

  • Conference paper
Information and Communications Security (ICICS 2004)

Part of the book series: Lecture Notes in Computer Science ((LNCS,volume 3269))

Included in the following conference series:

Abstract

Since the work of Coron ([Co99]) we are aware of Differential Power Analysis (DPA) as a tool used by attackers of elliptic curve cryptosystems. In 2003 Ebeid and Hasan proposed a new defense in the spirit of earlier work by Oswald/Aigner and Ha/Moon. Their algorithm produces a random representation of the key in binary signed digits. This representation translates into an addition-subtraction chain for the computation of multiplication by the key (on the elliptic curve). The security rests on the fact, that addition and subtraction are indistinguishable from a power analysis viewpoint. We introduce an attack on this new defense under the assumption that SPA is possible: The attacker has a method to detect the presence of an addition or subtraction at a particular bit position of the addition-subtraction chain, while he needs not to be able to discriminate between these. We make the embedded system execute a number N (may be as few as 100) of instances of the cryptoalgorithm with the secret key. For each bit of the key we record a statistic on the occurence of a nonzero digit at this position in the (internal) binary signed digits representation of the key. If the number N of executions is large enough, the statistic can be used to estimate the respective probability (for a nonzero digit of the random binray signed digits representation of the key at this particular position). These probabilities in turn allow to deduce the secret key.

We then propose a second algorithm along the lines given by Ebeid and Hasan, which however, processes the bits in the other direction. One of us suggested that probabilistic switching between the two algorithms might provide better security. A closer analysis showed that exploiting the correlations between the power traces makes it possible to isolate a sufficient majority of executions of a particular one of the algorithms and to mount the attack.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Blake, I., Seroussi, G., Smart, N.P.: Elliptic Curves in Cryptography. Cambridge University Press, Cambridge (1999)

    MATH  Google Scholar 

  2. Coron, J.S.: Resistance Against Differential Power Analysis for Elliptic Curve Cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  3. Dhem, J.F., Koeune, F., Leroux, P.-A., Mestre, P., Quisquater, J.J., Willems, J.L.: A practical implementation of the Timing Attack. In: Schneier, B., Quisquater, J.-J. (eds.) CARDIS 1998. LNCS, vol. 1820, pp. 175–190. Springer, Heidelberg (2000)

    Google Scholar 

  4. Ebeid, N., Hasan, M.A.: Analysis of DPA Countermeasures Based on Randomizing the Binary Algorithm. Technical Report CORR 2003-14, Centre for Applied Cryptography Research, University of Waterloo, Canada

    Google Scholar 

  5. Ebeid, N., Hasan, M.A.: On Randomizing Private Keys to Counteract DPA Attacks. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 58–72. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  6. Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic Analysis: Concrete Results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  7. Gaudry, P., Hess, F., Smart, N.P.: Contructive and Destructive Facets Of Weil Descent On Elliptic Curves. J. of Cryptology 15, 19–46 (2000)

    Article  MathSciNet  Google Scholar 

  8. Ha, J., Moon, S.: Randomized signed-scalar multiplication of ECC to resist power attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 551–563. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  9. Karlof, C., Wagner, D.: Hidden Markov Model Analysis. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 17–34. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  10. Koblitz, N.: Elliptic curve cryptosystems. Math. Comp. 45, 203–209 (1987)

    Article  MathSciNet  Google Scholar 

  11. Kocher, P.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)

    Google Scholar 

  12. Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Google Scholar 

  13. Menezes, A.J.: Elliptic Curve Public Key Cryptosystems. Kluwer Academic Publishers, Dordrecht (1993)

    MATH  Google Scholar 

  14. Menezes, A.J., Qu, M.: Analysis of the Descent Attack of Gaudry, Hess and Smart. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 308–318. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  15. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Power Analysis Attacks of Modular Exponentiation in Smartcards. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 144–157. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  16. Miller, V.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)

    Google Scholar 

  17. Okeya, K., Sakurai, K.: Power analysis breaks elliptic curve cryptosystems even secure against timing attacks. In: Roy, B., Okamoto, E. (eds.) INDOCRYPT 2000. LNCS, vol. 1977, pp. 178–190. Springer, Heidelberg (2000)

    Google Scholar 

  18. Okeya, K., Sakurai, K.: On Insecurity of the Side Channel Attack Countermeasure using Addition-Subtraction Chains under Distinguishability between Addition and Doubling. In: Batten, L.M., Seberry, J. (eds.) ACISP 2002. LNCS, vol. 2384, pp. 420–435. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  19. Okeya, K., Han, D.: Side Channel Attack on Ha-Moon’s Countermeasure of Randomized Signed Scalar Multiplication. In: Johansson, T., Maitra, S. (eds.) INDOCRYPT 2003. LNCS, vol. 2904, pp. 334–348. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  20. Oswald, E., Aigner, M.: Randomized addition-subtraction chains as a countermeasure against power attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 39–50. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  21. Schindler, W.: A Timing Attack against RSA with Chinese Remainder Theorem. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 109–124. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  22. Smart, N.P.: The Discrete Logarithm Problem On Elliptic Curves Of Trace One. J. of Cryptology 12, 193–196 (1999)

    Article  MATH  MathSciNet  Google Scholar 

  23. Walter, C.: Longer Keys may facilitate Side Channel Attacks. In: Matsui, M., Zuccherato, R.J. (eds.) SAC 2003. LNCS, vol. 3006, pp. 42–57. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  24. Wiener, M.J., Zuccherato, R.J.: Faster attacks on elliptic curve cryptosystems. In: Tavares, S., Meijer, H. (eds.) SAC 1998. LNCS, vol. 1556, pp. 190–200. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. AGE Elektronik GmbH, 82054, Sauerlach, Germany

    Anton Kargl

  2. Mathematisches Institut der Universität Erlangen, Germany

    Götz Wiesend

Authors
  1. Anton Kargl
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Götz Wiesend
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Information and Communication Technologies, University of A Coruña, Spain

    Javier Lopez

  2. Chinese Academy of Sciences, Institute of Softwear, 100080, Beijing, China

    Sihan Qing

  3. Graduate School of Systems and Information Engineering, University of Tsukuba, 1-1-1 Tennodai, Tsukuba, 305-8573, Ibaraki, Japan

    Eiji Okamoto

Rights and permissions

Reprints and permissions

Copyright information

© 2004 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Kargl, A., Wiesend, G. (2004). On Randomized Addition-Subtraction Chains to Counteract Differential Power Attacks. In: Lopez, J., Qing, S., Okamoto, E. (eds) Information and Communications Security. ICICS 2004. Lecture Notes in Computer Science, vol 3269. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-30191-2_22

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-30191-2_22

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-23563-7

  • Online ISBN: 978-3-540-30191-2

  • eBook Packages: Springer Book Archive

Publish with us

Policies and ethics

Search

Navigation