Abstract
Different types of implementation attacks, like those based on side channel leakage and active fault injection, are often considered as separate threats. Countermeasures are, therefore, often developed and implemented accordingly. However, Amiel et al. showed that an adversary can successfully combine two attack methods to overcome such countermeasures. In this paper, we consider instances of these combined attacks applied to RSA and elliptic curve-based cryptosystems. We show how previously proposed countermeasures may fail to thwart these attacks, and propose a countermeasure that protects the variables in a generic exponentiation algorithm in the same scenario.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: Concrete results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)
Anderson, R.J., Kuhn, M.G.: Tamper resistance — a cautionary note. In: Adam, N.R., Yesha, Y. (eds.) Electronic Commerce 1994. LNCS, vol. 1028, pp. 1–11. Springer, Heidelberg (1996)
Skorobogatov, S.P., Anderson, R.J.: Optical fault induction attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 2–12. Springer, Heidelberg (2003)
Baek, Y.J., Vasyltsov, I.: How to prevent DPA and fault attack in a unified way for ECC scalar multiplication — ring extension method. In: Dawson, E., Wong, D.S. (eds.) ISPEC 2007. LNCS, vol. 4464, pp. 225–237. Springer, Heidelberg (2007)
Kim, C.H., Quisquater, J.J.: How can we overcome both side channel analysis and fault attacks on RSA-CRT? In: Breveglieri, L., Gueron, S., Koren, I., Naccache, D., Seifert, J.P. (eds.) FDTC 2007, pp. 21–29. IEEE Computer Society, Los Alamitos (2007)
Amiel, F., Villegas, K., Feix, B., Marcel, L.: Passive and active combined attacks: Combining fault attacks and side channel analysis. In: Breveglieri, L., Gueron, S., Koren, I., Naccache, D., Seifert, J.P. (eds.) FDTC 2007, pp. 92–102. IEEE Computer Society, Los Alamitos (2007)
Yen, S.M., Kim, S., Lim, S., Moon, S.J.: RSA speedup with residue number system immune against hardware fault cryptanalysis. In: Kim, K. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 397–413. Springer, Heidelberg (2002)
Gaubatz, G., Sunar, B.: Robust finite field arithmetic for fault-tolerant public-key cryptography. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 196–210. Springer, Heidelberg (2006)
Chevallier-Mames, B., Ciet, M., Joye, M.: Low-cost solutions for preventing simple side-channel analysis: Side-channel atomicity. IEEE Transactions on Computers 53(6), 760–768 (2004)
Shamir, A.: Improved method and apparatus for protecting public key schemes from timing and fault attacks. US Patent 5991415 (1999)
Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks — Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)
Bar-El, H., Choukri, H., Naccache, D., Tunstall, M., Whelan, C.: The sorcerer’s apprentice guide to fault attacks. Proceedings of the IEEE 94(2), 370–382 (2006)
Courrége, J.C., Feix, B., Roussellet, M.: Simple power analysis on exponentiation revisited. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 65–79. Springer, Heidelberg (2010)
Bernstein, D.J., Lange, T.: Inverted Edwards coordinates. In: Boztas, S., Lu, H. (eds.) AAECC 2007. LNCS, vol. 4851, pp. 20–27. Springer, Heidelberg (2007)
Kim, C.H., Quisquater, J.J.: Fault attacks for CRT based RSA: New attacks, new results, and new countermeasures. In: Sauveron, D., Markantonakis, K., Bilas, A., Quisquater, J. J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 215–228. Springer, Heidelberg (2007)
Dottax, E., Giraud, C., Rivain, M., Sierra, Y.: On second-order fault analysis resistance for CRT-RSA implementations. In: Markowitch, O., Bilas, A., Hoepman, J.H., Mitchell, C.J., Quisquater, J.J. (eds.) WISTP 2009. LNCS, vol. 5746, pp. 68–83. Springer, Heidelberg (2009)
Rivain, M.: Securing RSA against fault analysis by double addition chain exponentiation. In: Fischlin, M. (ed.) CT-RSA 2009. LNCS, vol. 5473, pp. 459–480. Springer, Heidelberg (2009)
Giraud, C.: An RSA implementation resistant to fault attacks and to simple power analysis. IEEE Transactions on Computers 12(4), 241–245 (2006)
Joye, M., Yen, S.M.: The Montgomery powering ladder. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003)
Boscher, A., Naciri, R., Prouff, E.: CRT RSA algorithm protected against fault attacks. In: Sauveron, D., Markantonakis, C., Bilas, A., Quisquater, J.J. (eds.) WISTP 2007. LNCS, vol. 4462, pp. 229–243. Springer, Heidelberg (2007)
Fumaroli, G., Vigilant, D.: Blinded fault resistant exponentiation. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 62–70. Springer, Heidelberg (2006)
Proudler, I.K.: Idempotent AN codes. In: IEE Colloquium on Signal Processing Applications of Finite Field Mathematics, pp. 8/1–8/5. IEEE, Los Alamitos (1989)
Medwed, M., Schmidt, J.M.: A generic fault countermeasure providing data and program flow integrity. In: Breveglieri, L., Gueron, S., Koren, I., Naccache, D., Seifert, J.P. (eds.) FDTC 2008, pp. 68–73. IEEE, Los Alamitos (2008)
Smart, N., Oswald, E., Page, D.: Randomised representations. In: IET Proceedings on Information Security, vol. 2(2), pp. 19–27 (2008)
Lange, T.: Trace zero subvarieties of genus 2 curves for cryptosystems. Journal of the Ramanujan Mathematical Society 19(1), 15–33 (2004)
Blömer, J., Otto, M., Seifert, J.P.: Sign change fault attacks on elliptic curve cryptosystems. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J. P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 36–52. Springer, Heidelberg (2006)
Goubin, L.: A refined power analysis attack on elliptic curve cryptosystems. In: Desmedt, Y. (ed.) PKC 2003. LNCS, vol. 2567, pp. 199–210. Springer, Heidelberg (2002)
Biehl, I., Meyer, B., Müller, V.: Differential fault attacks on elliptic curve cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 131–146. Springer, Heidelberg (2000)
Avanzi, R.M.: Countermeasures against differential power analysis for hyperelliptic curves. In: Walter, C., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 77–88. Springer, Heidelberg (2003)
Acimez, O., Gueron, S., Seifert, J.P.: New branch prediction vulnerabilities in OpenSSL and necessary software countermeasures. In: Galbraith, S.D. (ed.) Cryptography and Coding 2007. LNCS, vol. 4887, pp. 185–203. Springer, Heidelberg (2007)
Jebelean, T.: An algorithm for exact division. Journal of Symbolic Computation 15(2), 169–180 (1993)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Schmidt, JM., Tunstall, M., Avanzi, R., Kizhvatov, I., Kasper, T., Oswald, D. (2010). Combined Implementation Attack Resistant Exponentiation. In: Abdalla, M., Barreto, P.S.L.M. (eds) Progress in Cryptology – LATINCRYPT 2010. LATINCRYPT 2010. Lecture Notes in Computer Science, vol 6212. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-14712-8_19
Download citation
DOI: https://doi.org/10.1007/978-3-642-14712-8_19
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-14711-1
Online ISBN: 978-3-642-14712-8
eBook Packages: Computer ScienceComputer Science (R0)