Skip to main content
SpringerLink
Log in

Similar operation template attack on RSA-CRT as a case study

  • Research Paper
  • Published:
Science China Information Sciences Aims and scope Submit manuscript

Abstract

A template attack, the most powerful side-channel attack methods, usually first builds the leakage profiles from a controlled profiling device, and then uses these profiles to recover the secret of the target device. It is based on the fact that the profiling device shares similar leakage characteristics with the target device. In this study, we focus on the similar operations in a single device and propose a new variant of the template attack, called the similar operation template attack (SOTA). SOTA builds the models on public variables (e.g., input/output) and recovers the values of the secret variables that leak similar to the public variables. SOTA’s advantage is that it can avoid the requirement of an additional profiling device. In this study, the proposed SOTA method is applied to a straightforward RSA-CRT implementation. Because the leakage is (almost) the same in similar operations, we reduce the security of RSA-CRT to a hidden multiplier problem (HMP) over GF(q), which can be solved byte-wise using our proposed heuristic algorithm. The effectiveness of our proposed method is verified as an entire prime recovery procedure in a practical leakage scenario.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Kocher P C, Jaffe J, Jun B. Differential power analysis. In: Advances in Cryptology — CRYPTO’99. Berlin: Springer, 1999. 15–19

    Google Scholar 

  2. Brier E, Clavier C, Olivier F. Correlation power analysis with a leakage model. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2004. 16–29

    Google Scholar 

  3. Gierlichs B, Batina L, Tuyls P. Mutual information analysis. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2008. 426–442

    Google Scholar 

  4. Batina L, Gierlichs B, Lemke-Rust K. Differential cluster analysis. In: Cryptographic Hardware and Embedded Systems–CHE 2009 Lausanne. Berlin: Springer, 2009. 112–127

    Chapter  Google Scholar 

  5. Chari S, Rao J R, Rohatgi P. Template attacks. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2002. 13–28

    Google Scholar 

  6. Amiel F, Feix B, Villegas K. Power analysis for secret recovering and reverse engineering of public key algorithms. In: Proceedings of International Workshop on Selected Areas in Cryptography. Berlin: Springer, 2007. 110–125

    Chapter  Google Scholar 

  7. Balasch J, Gierlichs B, Reparaz O, et al. DPA, bitslicing and masking at 1 GHz. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2015. 599–619

    Google Scholar 

  8. Tang M, Qiu Z L, Peng H B, et al. Toward reverse engineering on secret S-boxes in block ciphers. Sci China Inf Sci, 2014, 57: 032208

    MATH  Google Scholar 

  9. Genkin D, Adi Shamir A, Tromer E. RSA Key Extraction via low-bandwidth acoustic cryptanalysis. In: Proceedings of Advances in Cryptology — CRYPTO 2014. Berlin: Springer, 2014. 444–461

    Chapter  Google Scholar 

  10. Genkin D, Pipman I, Tromer E. Get your hands off my laptop: physical side-channel key-extraction attacks on PCs. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2014. 242–260

    Google Scholar 

  11. Genkin D, Pachmanov L, Pipman I, et al. Stealing keys from PCs using a radio: cheap electromagnetic attacks on windowed exponentiation. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2015. 207–228

    Google Scholar 

  12. Genkin D, Pachmanov L, Pipman I, et al. ECDSA key extraction from mobile devices via nonintrusive physical side channels. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, 2016. 1626–1638

    Google Scholar 

  13. Belgarric P, Fouque P A, Macario-Rat G, et al. Side-channel analysis of Weierstrass and Koblitz curve ECDSA on Android smartphones. In: Proceedings of the Cryptographers’ Track at the RSA Conference 2016. Cham: Springer, 2016. 236–252

    Google Scholar 

  14. Coppersmith D. Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J Cryptol, 1997, 10: 233–260

    Article  MathSciNet  MATH  Google Scholar 

  15. Joye M, Yen S M. The montgomery powering ladder. In: Proceedings of Cryptographic Hardware and Embedded Systems, Redwood Shores, 2002. 291–302

    Google Scholar 

  16. Chevallier-Mames B, Ciet M, Joye M. Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity. IEEE Trans Comp, 2004, 53: 760–768

    Article  MATH  Google Scholar 

  17. Brier É, Joye M. Weierstraß Elliptic curves and side-channel attacks. In: Proceedings of International Workshop on Public Key Cryptography. Berlin: Springer, 2002. 2274: 335–345

    Chapter  Google Scholar 

  18. Sinha Roy S, Järvinen K, Verbauwhede I. Lightweight coprocessor for Koblitz curves: 283-Bit ECC including scalar conversion with only 4300 gates. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2015. 102–122

    Google Scholar 

  19. Witteman M. A DPA attack on RSA in CRT mode. Riscure Technical Report, 2009. https://www.riscure.com/archive/DPA attack on RSA in CRT mode.pdf.

    Google Scholar 

  20. Aldaya A C, Sarmiento A J C, Sánchez-Solano S. SPA vulnerabilities of the binary extended Euclidean algorithm. J Cryp Eng, 2016, 7: 273–285

    Article  Google Scholar 

  21. Walter C D. Sliding windows succumbs to big Mac attack. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2001. 286–299

    Google Scholar 

  22. Montminy D P, Baldwin R O, Temple M A, et al. Improving cross-device attacks using zero-mean unit-variance normalization. J Cryp Eng, 2013, 3: 99–110

    Article  Google Scholar 

  23. Standaert F X, Archambeau C. Using subspace-based template attacks to compare and combine power and electromagnetic information leakages. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2008. 411–425

    Google Scholar 

  24. Archambeau C, Peeters E, Standaert F X, et al. Template attacks in principal subspaces. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2006. 1–14

    Google Scholar 

  25. Hospodar G, Gierlichs B, De Mulder E, et al. Machine learning in side-channel analysis: a first study. J Cryp Eng, 2011, 1: 293–305

    Article  Google Scholar 

  26. Lerman L, Bontempi G, Markowitch O, et al. Power analysis attack: an approach based on machine learning. Int J Appl Cryp, 2014, 3: 97–115

    Article  MathSciNet  MATH  Google Scholar 

  27. Choudary O, Kuhn M G. Template attacks on different devices. In: Proceedings of International Workshop on Constructive Side-Channel Analysis and Secure Design. Cham: Springer, 2014. 179–198

    Google Scholar 

  28. Whitnall C, Oswald E. Robust profiling for DPA-style attacks. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2015. 3–21

    Google Scholar 

  29. Rivest R L, Shamir A, Adleman LM. A method for obtaining digital signatures and public-key cryptosystems. Commun ACM, 1983, 21: 96–99

    Article  MathSciNet  MATH  Google Scholar 

  30. Quisquater J J. Fast decipherment algorithm for RSA public-key cryptosystem. Electron Lett, 2007, 18: 905–907

    Article  Google Scholar 

  31. Choudary O, Kuhn M G. Efficient template attacks. In: Proceedings of International Conference on Smart Card Research and Advanced Applications. Cham: Springer, 2013. 253–270

    Google Scholar 

  32. Belaïd S, Fouque P A, Gérard B. Side-channel analysis of multiplications in GF(2128)-application to AES-GCM. In: Proceedings of International Conference on the Theory and Application of Cryptology and Information Security. Berlin: Springer, 2014. 306–325

    Google Scholar 

  33. Belaïd S, Coron J S, Fouque P A, et al. Improved side-channel analysis of finite-field multiplication. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2015. 395–415

    Google Scholar 

  34. Merino Del Pozo S, Standaert F X. Blind source separation from single measurements using singular spectrum analysis. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems, Saint-Malo, 2015. 42–59

    Google Scholar 

  35. Renauld M, Standaert F X, Veyrat-Charvillon N, et al. A formal study of power variability issues and side-channel attacks for nanoscale devices. In: Advances in Cryptology — EUROCRYPT 2011. Berlin: Springer, 2011. 109–128

    Chapter  Google Scholar 

Download references

Acknowledgements

This work was supported by Major State Basic Research Development Program (973 Program) (Grant No. 2013CB338004), National Natural Science Foundation of China (Grant Nos. U1536103, 61402286, 61472249, 61602239, 61572192, 61472250), Minhang District Cooperation Plan (Grant No. 2016MH310), and Natural Science Foundation of Jiangsu Province (Grant No. BK20160808).

Author information

Authors and Affiliations

  1. Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, 200240, China

    Sen Xu, Xiangjun Lu, Kaiyu Zhang, Lei Wang, Weijia Wang, Zheng Guo, Junrong Liu & Dawu Gu

  2. College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing, 211106, China

    Yang Li

  3. Wanda Internet Technology Group, Shanghai, 200127, China

    Haihua Gu

  4. Shanghai Institute for Advanced Communication and Data Science, Shanghai, 200241, China

    Dawu Gu

Authors
  1. Sen Xu
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Xiangjun Lu
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Kaiyu Zhang
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Yang Li
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Lei Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  6. Weijia Wang
    View author publications

    You can also search for this author in PubMed Google Scholar

  7. Haihua Gu
    View author publications

    You can also search for this author in PubMed Google Scholar

  8. Zheng Guo
    View author publications

    You can also search for this author in PubMed Google Scholar

  9. Junrong Liu
    View author publications

    You can also search for this author in PubMed Google Scholar

  10. Dawu Gu
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Yang Li or Dawu Gu.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Xu, S., Lu, X., Zhang, K. et al. Similar operation template attack on RSA-CRT as a case study. Sci. China Inf. Sci. 61, 032111 (2018). https://doi.org/10.1007/s11432-017-9210-3

Download citation

  • Received:

  • Revised:

  • Accepted:

  • Published:

  • DOI: https://doi.org/10.1007/s11432-017-9210-3

Keywords

Search

Navigation