Using Templates to Attack Masked Montgomery Ladder Implementations of Modular Exponentiation

Herbst, Christoph; Medwed, Marcel

doi:10.1007/978-3-642-00306-6_1

Christoph Herbst¹⁹ &
Marcel Medwed¹⁹

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 5379))

Included in the following conference series:

International Workshop on Information Security Applications

908 Accesses
6 Citations

Abstract

Since side-channel attacks turned out to be a major threat against implementations of cryptographic algorithms, many countermeasures have been proposed. Amongst them, multiplicative blinding is believed to provide a reasonable amount of security for public-key algorithms. In this article we show how template attacks can be used to extract sufficient information to recover the mask. Our practical experiments verify that one power trace suffices in order to remove such a blinding factor. In the course of our work we attacked a protected Montgomery Powering Ladder implementation on a widely used microcontroller. As a result we can state that the described attack could be a serious threat for public key algorithms implemented on devices with small word size.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution

Chapter: USD 29.95; Price excludes VAT (USA)

eBook: USD 39.99; Price excludes VAT (USA)

Softcover Book: USD 54.99; Price excludes VAT (USA)

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

References

Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)
Chapter Google Scholar
Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)
Chapter Google Scholar
Kocher, P.C.: Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Google Scholar
Rivest, R.L., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978)
Article MathSciNet MATH Google Scholar
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Chapter Google Scholar
Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Power analysis attacks of modular exponentiation in smartcards. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 144–157. Springer, Heidelberg (1999)
Chapter Google Scholar
Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)
Chapter Google Scholar
Rechberger, C., Oswald, E.: Practical template attacks. In: Lim, C.H., Yung, M. (eds.) WISA 2004. LNCS, vol. 3325, pp. 443–457. Springer, Heidelberg (2005)
Chapter Google Scholar
Medwed, M., Oswald, E.: Template Attacks on ECDSA. Cryptology ePrint Archive, Report 2008/081 (2008), http://eprint.iacr.org/
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks- Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)
MATH Google Scholar
Kim, C., Ha, J., Moon, S., Yen, S.-M., Lien, W.-C., Kim, S.-H.: An Improved and Effcient Countermeasure against Power Analysis Attacks. Cryptology ePrint Archive, Report 2005/022 (2005), http://eprint.iacr.org/
Fumaroli, G., Vigilant, D.: Blinded fault resistant exponentiation. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.-P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 62–70. Springer, Heidelberg (2006)
Chapter Google Scholar
Montgomery, P.L.: Speeding the Pollard and Elliptic Curve Methods of Factorization. Mathematics of Computation 48(177), 243–264 (1987)
Article MathSciNet MATH Google Scholar
Joye, M., Yen, S.-M.: The montgomery powering ladder. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003)
Chapter Google Scholar

Download references

Author information

Authors and Affiliations

Institute for Applied Information Processing and Communications, Graz University of Technology, Inffeldgasse 16a, A–8010, Graz, Austria
Christoph Herbst & Marcel Medwed

Authors

Christoph Herbst
View author publications
You can also search for this author in PubMed Google Scholar
Marcel Medwed
View author publications
You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

Information Security Research Division, Electronics and Telecommunications Research Institute (ETRI), 161 Gajeong Dong, YuseongGu, 305-700, Daejeon, Korea
Kyo-Il Chung
The Attached Institute of Electronics and Telecommunications Research Institute (ETRI), 1 Yuseong-Post, 305-702, Daejeon, Korea
Kiwook Sohn
Computer Science Department, Google Inc. and Columbia University, 1214 Amsterdam Avenue, NY 10027, New York, USA
Moti Yung

Rights and permissions

Reprints and permissions

Copyright information

About this paper

Cite this paper

Herbst, C., Medwed, M. (2009). Using Templates to Attack Masked Montgomery Ladder Implementations of Modular Exponentiation. In: Chung, KI., Sohn, K., Yung, M. (eds) Information Security Applications. WISA 2008. Lecture Notes in Computer Science, vol 5379. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-00306-6_1

Download citation

DOI: https://doi.org/10.1007/978-3-642-00306-6_1
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-00305-9
Online ISBN: 978-3-642-00306-6
eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics