Skip to main content
SpringerLink
Log in

Combined Implementation Attack Resistant Exponentiation

  • Conference paper
Progress in Cryptology – LATINCRYPT 2010 (LATINCRYPT 2010)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6212))

Abstract

Different types of implementation attacks, like those based on side channel leakage and active fault injection, are often considered as separate threats. Countermeasures are, therefore, often developed and implemented accordingly. However, Amiel et al. showed that an adversary can successfully combine two attack methods to overcome such countermeasures. In this paper, we consider instances of these combined attacks applied to RSA and elliptic curve-based cryptosystems. We show how previously proposed countermeasures may fail to thwart these attacks, and propose a countermeasure that protects the variables in a generic exponentiation algorithm in the same scenario.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)

    Google Scholar 

  2. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Google Scholar 

  3. Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: Concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  4. Anderson, R.J., Kuhn, M.G.: Tamper resistance — a cautionary note. In: Adam, N.R., Yesha, Y. (eds.) Electronic Commerce 1994. LNCS, vol. 1028, pp. 1–11. Springer, Heidelberg (1996)

    Google Scholar 

  5. Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  6. Baek, Y.J., Vasyltsov, I.: How to prevent DPA and fault attack in a unified way for ECC scalar multiplication — ring extension method. In: Dawson, E., Wong, D.S. (eds.) ISPEC 2007. LNCS, vol. 4464, pp. 225–237. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  7. Kim, C.H., Quisquater, J.J.: How can we overcome both side channel analysis and fault attacks on RSA-CRT? In: Breveglieri, L., Gueron, S., Koren, I., Naccache, D., Seifert, J.P. (eds.) FDTC 2007, pp. 21–29. IEEE Computer Society, Los Alamitos (2007)

    Google Scholar 

  8. Amiel, F., Villegas, K., Feix, B., Marcel, L.: Passive and active combined attacks: Combining fault attacks and side channel analysis. In: Breveglieri, L., Gueron, S., Koren, I., Naccache, D., Seifert, J.P. (eds.) FDTC 2007, pp. 92–102. IEEE Computer Society, Los Alamitos (2007)

    Google Scholar 

  9. Yen, S.M., Kim, S., Lim, S., Moon, S.J.: RSA speedup with residue number system immune against hardware fault cryptanalysis. In: Kim, K. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 397–413. Springer, Heidelberg (2002)

    Google Scholar 

  10. Gaubatz, G., Sunar, B.: Robust finite field arithmetic for fault-tolerant public-key cryptography. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 196–210. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  11. Chevallier-Mames, B., Ciet, M., Joye, M.: Low-cost solutions for preventing simple side-channel analysis: Side-channel atomicity. IEEE Transactions on Computers 53(6), 760–768 (2004)

    Article  Google Scholar 

  12. Shamir, A.: Improved method and apparatus for protecting public key schemes from timing and fault attacks. US Patent 5991415 (1999)

    Google Scholar 

  13. Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks — Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)

    MATH  Google Scholar 

  14. Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer’s apprentice guide to fault attacks. Proceedings of the IEEE 94(2), 370–382 (2006)

    Article  Google Scholar 

  15. Courrége, J.C., Feix, B., Roussellet, M.: Simple power analysis on exponentiation revisited. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 65–79. Springer, Heidelberg (2010)

    Google Scholar 

  16. Bernstein, D.J., Lange, T.: Inverted Edwards coordinates. In: Boztas, S., Lu, H. (eds.) AAECC 2007. LNCS, vol. 4851, pp. 20–27. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  17. Kim, C.H., Quisquater, J.J.: Fault attacks for CRT based RSA: New attacks, new results, and new countermeasures. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J. J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 215–228. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  18. Dottax, E., Giraud, C., Rivain, M., Sierra, Y.: On second-order fault analysis resistance for CRT-RSA implementations. In: Markowitch, O., Bilas, A., Hoepman, J.H., Mitchell, C.J., Quisquater, J.J. (eds.) WISTP 2009. LNCS, vol. 5746, pp. 68–83. Springer, Heidelberg (2009)

    Google Scholar 

  19. Rivain, M.: Securing RSA against fault analysis by double addition chain exponentiation. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 459–480. Springer, Heidelberg (2009)

    Google Scholar 

  20. Giraud, C.: An RSA implementation resistant to fault attacks and to simple power analysis. IEEE Transactions on Computers 12(4), 241–245 (2006)

    MathSciNet  Google Scholar 

  21. Joye, M., Yen, S.M.: The Montgomery powering ladder. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  22. Boscher, A., Naciri, R., Prouff, E.: CRT RSA algorithm protected against fault attacks. In: Sauveron, D., Markantonakis, C., Bilas, A., Quisquater, J.J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 229–243. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  23. Fumaroli, G., Vigilant, D.: Blinded fault resistant exponentiation. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 62–70. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  24. Proudler, I.K.: Idempotent AN codes. In: IEE Colloquium on Signal Processing Applications of Finite Field Mathematics, pp. 8/1–8/5. IEEE, Los Alamitos (1989)

    Google Scholar 

  25. Medwed, M., Schmidt, J.M.: A generic fault countermeasure providing data and program flow integrity. In: Breveglieri, L., Gueron, S., Koren, I., Naccache, D., Seifert, J.P. (eds.) FDTC 2008, pp. 68–73. IEEE, Los Alamitos (2008)

    Google Scholar 

  26. Smart, N., Oswald, E., Page, D.: Randomised representations. In: IET Proceedings on Information Security, vol. 2(2), pp. 19–27 (2008)

    Google Scholar 

  27. Lange, T.: Trace zero subvarieties of genus 2 curves for cryptosystems. Journal of the Ramanujan Mathematical Society 19(1), 15–33 (2004)

    MATH  MathSciNet  Google Scholar 

  28. Blömer, J., Otto, M., Seifert, J.P.: Sign change fault attacks on elliptic curve cryptosystems. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J. P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 36–52. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  29. Goubin, L.: A refined power analysis attack on elliptic curve cryptosystems. In: Desmedt, Y. (ed.) PKC 2003. LNCS, vol. 2567, pp. 199–210. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  30. Biehl, I., Meyer, B., Müller, V.: Differential fault attacks on elliptic curve cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 131–146. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  31. Avanzi, R.M.: Countermeasures against differential power analysis for hyperelliptic curves. In: Walter, C., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  32. Acimez, O., Gueron, S., Seifert, J.P.: New branch prediction vulnerabilities in OpenSSL and necessary software countermeasures. In: Galbraith, S.D. (ed.) Cryptography and Coding 2007. LNCS, vol. 4887, pp. 185–203. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  33. Jebelean, T.: An algorithm for exact division. Journal of Symbolic Computation 15(2), 169–180 (1993)

    Article  MATH  MathSciNet  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Institute for Applied Information Processing and Communications, Graz University of Technology, Inffeldgasse 16a, A–8010, Graz, Austria

    Jörn-Marc Schmidt

  2. Department of Computer Science, University of Bristol, Merchant Venturers Building, Woodland Road, Bristol, BS8 1UB, United Kingdom

    Michael Tunstall

  3. Horst Görtz Institute for IT Security, Ruhr-University Bochum, Bochum, Germany

    Roberto Avanzi, Timo Kasper & David Oswald

  4. Computer Science and Communications Research Unit, University of Luxembourg, Luxembourg

    Ilya Kizhvatov

Authors
  1. Jörn-Marc Schmidt
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Michael Tunstall
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Roberto Avanzi
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Ilya Kizhvatov
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Timo Kasper
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. David Oswald
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Computer Science Department, École Normale Supérieure, 45 Rue d’Ulm, 75230, Paris Cedex 05, France

    Michel Abdalla

  2. Computer Architecture and Networking Laboratory (LARC), Universidade de Sáo Paulo, Av. Prof. Luciano Gualberto, trav.3, n.158, 05508-900, Sáo Paulo (SP), Brazil

    Paulo S. L. M. Barreto

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Schmidt, JM., Tunstall, M., Avanzi, R., Kizhvatov, I., Kasper, T., Oswald, D. (2010). Combined Implementation Attack Resistant Exponentiation. In: Abdalla, M., Barreto, P.S.L.M. (eds) Progress in Cryptology – LATINCRYPT 2010. LATINCRYPT 2010. Lecture Notes in Computer Science, vol 6212. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14712-8_19

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-14712-8_19

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-14711-1

  • Online ISBN: 978-3-642-14712-8

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation