Skip to main content
SpringerLink
Log in

From theory to practice: horizontal attacks on protected implementations of modular exponentiations

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Nowadays, horizontal or single-shot side-channel attacks against protected implementations of RSA and similar algorithms constitute a theoretic threat against secure devices. Nevertheless, in practice their application remains very difficult not only because of their complexity, but also because of environmental countermeasures integrated by designers that render their application even more difficult. Horizontal side-channel attacks take place in multiple steps. Among them, the most important are the acquisition of a complete trace with a sufficiently high sampling rate, its cutting into regular patterns, the realignment of the obtained patterns, the reduction as far as possible of noise in the acquired trace, the identification of the points of interest and the application of an effective distinguisher. Each of these steps is crucial and leads, if performed without enough attention, to an unsuccessful attack. In this context, this paper introduces effective solutions to efficiently perform all these steps, i.e., practicable means for implementing efficient horizontal attacks.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14
Fig. 15
Fig. 16
Fig. 17
Fig. 18
Fig. 19
Fig. 20
Fig. 21
Fig. 22
Fig. 23
Fig. 24
Fig. 25

Similar content being viewed by others

References

  1. Archambeau, C., Peeters, E., Standaert, X.F., Quisquater, J.-J.: Template attacks in principal subspaces. In: Cryptographic Hardware and Embedded Systems—CHES 2006, 8th International Workshop, volume 4249 of Lecture Notes in Computer Science, pp. 1–14. Springer (2006)

  2. Bajard, J.-C., Imbert, L., Liardet, P.-Y., Teglia, Y.: Leak resistant arithmetic. In: Cryptographic Hardware and Embedded Systems—CHES 2004: 6th International Workshop Cambridge, MA, USA, August 11–13, 2004. Proceedings, volume 3156 of Lecture Notes in Computer Science, pp. 62–75. Springer (2004)

  3. Bhasin, S., Danger, J.-L., Guilley, S., Najm, Z.: NICV: normalized inter-class variance for detection of side-channel leakage. In: 2014 International Symposium on Electromagnetic Compatibility, Tokyo (EMC’14/Tokyo), pp. 310–313. IEEE (2014)

  4. Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Cryptographic Hardware and Embedded Systems—CHES 2004: 6th International Workshop Cambridge, MA, USA, August 11–13, 2004. Proceedings, volume 3156 of Lecture Notes in Computer Science, pp. 16–29. Springer (2004)

  5. Chari, S., Rao, J. R., Rohatgi, P.: Template attacks. In: Cryptographic Hardware and Embedded Systems—CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, August 13–15, 2002, Revised Papers, volume 2523 of Lecture Notes in Computer Science, pp. 13–28. Springer (2002)

  6. Chevallier-Mames, B., Ciet, M., Joye, M.: Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity. IEEE Trans. Comput. 53(6), 760–768 (2004)

    Article  MATH  Google Scholar 

  7. Clavier, C., Feix, B., Gagnerot, G., Giraud, C., Roussellet, M., Verneuil, V.: Rosetta for single trace analysis. In: Progress in Cryptology—INDOCRYPT 2012, pp. 140–155. Springer (2012)

  8. Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Horizontal correlation analysis on exponentiation. Inf. Commun. Secur. 6476, 46–61 (2010)

    Article  MATH  Google Scholar 

  9. Cooper, J., De Mulder, E., Goodwill, G., Jaffe, J., Kenworthy, G., Rohatgi, P., et al.: Test vector leakage assessment (TVLA) methodology in practice. In: International Cryptographic Module Conference (2013)

  10. Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Cryptographic Hardware and Embedded Systems, First International Workshop, CHES’99, Worcester, MA, USA, August 12–13, 1999, Proceedings, volume 1717 of Lecture Notes in Computer Science, pp. 292–302. Springer (1999)

  11. Diop, I., Carbone, M., Ordas, S., Linge, Y., Liardet, P., Maurine, P.: Collision for estimating SCA measurement quality and related applications. In: Smart Card Research and Advanced Applications—14th International Conference, CARDIS 2015, Bochum, Germany, November 4–6, 2015. Revised Selected Papers, pp. 143–157 (2015)

  12. Diop, I., Liardet, P.-Y., Linge, Y., Maurine, P.: Collision based attacks in practice. In: 2015 Euromicro Conference on Digital System Design (DSD), pp. 367–374. IEEE (2015)

  13. Duda, R., Hart, P., Stork, D.: Pattern Classification. Wiley Interscience, New York (2001)

    MATH  Google Scholar 

  14. Durvaux, F., Standaert, F.-X.: From improved leakage detection to the detection of points of interests in leakage traces. In: Technical Report, Cryptology ePrint Archive, Report 2015/536, (2015)

  15. Fouque, P.-A., Valette, F.: The doubling attack–why upwards is better than downwards. In: Cryptographic Hardware and Embedded Systems—CHES 2003, pp. 269–280. Springer (2003)

  16. Gamal, T. E.: On computing logarithms over finite fields. In: Advances in Cryptology—CRYPTO ’85, Santa Barbara, California, USA, August 18–22, 1985, Proceedings, volume 218 of Lecture Notes in Computer Science, pp. 396–402. Springer (1985)

  17. Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: Cryptographic Hardware and Embedded Systems—CHES 2001, Third International Workshop, Paris, France, May 14–16, 2001, Proceedings, volume 2162 of Lecture Notes in Computer Science, pp. 251–261. Springer (2001)

  18. Hanley, N., Kim, H., Tunstall, M.: Exploiting collisions in addition chain-based exponentiation algorithms using a single trace. Technical Report, Cryptology ePrint Archive, Report 2012/485, (2012)

  19. Heyszl, J., Ibing, A., Mangard, S., De Santis, F., Sigl, G.: Clustering algorithms for non-profiled single-execution attacks on exponentiations. In: Smart Card Research and Advanced Applications, pp. 79–93. Springer (2014)

  20. Homma, N., Nagashima, S., Imai, Y., Aoki, T., Satoh, A.: High-resolution side-channel attack using phase-based waveform matching. In Cryptographic Hardware and Embedded Systems—CHES 2006, 8th International Workshop, volume 4249 of Lecture Notes in Computer Science, pp. 187–200. Springer (2006)

  21. Itoh, K., Izu, T., Takenaka, M.: Address-bit differential power analysis of cryptographic schemes OK-ECDH and OK-ECDSA. In: Cryptographic Hardware and Embedded Systems—CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, August 13–15, 2002, Revised Papers, volume 2523 of Lecture Notes in Computer Science, pp. 129–143. Springer (2002)

  22. Jaffe, J., Rohatgi, P., Riscure, M.W.: Efficient Sidechannel Testing for Public Key Algorithms: RSA Case Study. Citeseer, New York (2011)

    Google Scholar 

  23. Joye, M., Yen, S.-M.: The montgomery powering ladder. In: Cryptographic Hardware and Embedded Systems—CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, August 13–15, 2002, Revised Papers, volume 2523 of Lecture Notes in Computer Science, pp. 291–302. Springer (2002)

  24. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Advances in Cryptology—CRYPTO ’96, 16th Annual International Cryptology Conference, Santa Barbara, California, USA, August 18–22, 1996, Proceedings, volume 1109 of Lecture Notes in Computer Science, pp. 104–113. Springer 1996

  25. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Advances in Cryptology—CRYPTO ’99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15–19, 1999, Proceedings, volume 1666 of Lecture Notes in Computer Science, pp. 388–397. Springer (1999)

  26. Mangard, S.: Hardware countermeasures against DPA—a statistical analysis of their effectiveness. In: Topics in Cryptology–CT-RSA 2004: The Cryptographers’ Track at the RSA Conference 2004, San Francisco, CA, USA, February 23–27, 2004, Proceedings, volume 2964, p. 222. Springer Science & Business Media (2004)

  27. Mangard, S., Oswald, E., Popp, T.: Power analysis attacks: revealing the secrets of smart cards, vol. 31. Springer Science & Business Media, New York (2008)

  28. Mateos, E., Gebotys, C.H.: A new correlation frequency analysis of the side channel. In: Proceedings of the 5th Workshop on Embedded Systems Security, p. 4. ACM, 2010

  29. Montgomery, P.L.: Speeding the pollard and elliptic curve methods of factorization. Math. Comput. 48(177), 243–264 (1987)

    Article  MathSciNet  MATH  Google Scholar 

  30. Perin, G., Imbert, L., Torres, L., Maurine, P.: Attacking randomized exponentiations using unsupervised learning. In: Constructive Side-Channel Analysis and Secure Design, pp. 144–160. Springer (2014)

  31. Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)

    Article  MathSciNet  MATH  Google Scholar 

  32. Schramm, K., Wollinger, T.J., Paar, C.: A new class of collision attacks and its application to des. In: Fast Software Encryption, 10th International Workshop, FSE 2003, Lund, Sweden, February 24–26, 2003, Revised Papers, volume 2887 of Lecture Notes in Computer Science, pp. 206–222. Springer (2003)

  33. Tiran, S., Ordas, S., Teglia, Y., Agoyan, M., Maurine, P.: A model of the leakage in the frequency domain and its application to CPA and DPA. J. Cryptogr. Eng. 4(3), 197–212 (2014)

    Article  Google Scholar 

  34. van Woudenberg, J.G., Witteman, M. F., Bakker, B.: Improving differential power analysis by elastic alignment. In: Topics in Cryptology–CT-RSA 2011, pp. 104–119. Springer (2011)

  35. Walter, C.D.: Sliding windows succumbs to big MAC attack. In: Cryptographic Hardware and Embedded Systems—CHES 2001, Third International Workshop, Paris, France, May 14–16, 2001, Proceedings, volume 2162 of Lecture Notes in Computer Science, pp. 286–299. Springer (2001)

  36. Yen, S.-M., Joye, M.: Checking before output may not be enough against fault-based cryptanalysis. IEEE Trans. Comput. 49(9), 967–970 (2000)

    Article  MATH  Google Scholar 

  37. Yen, S.-M., Lien, W.-C., Moon, S., Ha, J.: Power analysis by exploiting chosen message and internal collisions–vulnerability of checking mechanism for rsa-decryption. In: Progress in Cryptology–Mycrypt 2005, pages 183–195. Springer, (2005)

Download references

Author information

Authors and Affiliations

  1. STMicroelectronics, Rousset, France

    Ibrahima Diop, Yanis Linge, Thomas Ordas & Pierre-Yvan Liardet

  2. Ecole Nationale Superieure des Mines de Saint-Étienne, EMSE 880 route de Mimet, 13541, Gardanne, France

    Ibrahima Diop

  3. LIRMM, Université Montpellier II, Zone Industrielle,190 Avenue Coq, 13106, Rousset, France

    Philippe Maurine

  4. CEA Commissariat à l’Énergie Atomique et aux Énergies Alternatives, 880 route de Mimet, 13120, Gardanne, France

    Philippe Maurine

Authors
  1. Ibrahima Diop
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Yanis Linge
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Thomas Ordas
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Pierre-Yvan Liardet
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Philippe Maurine
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ibrahima Diop.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Diop, I., Linge, Y., Ordas, T. et al. From theory to practice: horizontal attacks on protected implementations of modular exponentiations. J Cryptogr Eng 9, 37–52 (2019). https://doi.org/10.1007/s13389-018-0181-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-018-0181-1

Keywords

Search

Navigation