ABSTRACT
The Montgomery ladder exponentiation algorithm is recognized as a very efficient countermeasure against Simple Power Analysis and C Safe-Error Attacks on RSA or elliptic curve cryptosystem. In this paper, we demonstrate the vulnerability of the Montgomery ladder algorithm to fault analysis attack when an error is injected during its operation in an embedded cryptographic chip. After injecting an error, we measure the power traced and compare it with an original correct trace. As a result, we can derive the secret key of the public-key cryptosystems such as RSA by computing the correlation coefficients of two power traces for correct and faulty cryptographic operations with same input.
- P. Kocher, J. Jaffe, and B. Jun, 1999 "Differential Power Analysis", in Advances in Cryptology, 1666, 388--397. Google ScholarDigital Library
- J. S. Coron, 1999 "Resistance Against Power Analysis' for Elliptic Curve Cryptosystems", in Cryptographic Hardware and Embedded Systems, 1717, 292--302 Google ScholarDigital Library
- C. Aumüller, P. Bier, W. Fischer, P. Hofreiter, and J. P. Seifert, 2002, "Fault attacks on RSA with CRT: Concrete results and practical countermeasures," in Cryptographic Hardware and Embedded Systems. 2523, 260--275 Google ScholarDigital Library
- C. H. Kim and J. J. Quisquater, 2007, "Fault Attacks for CRT Based RSA: New Attacks, New Results, and New Countermeasures," in Workshop in Information Security Theory and Practices, 4462, 215--228 Google ScholarDigital Library
- J. J. Quisquater and D. Samyde, 2002, "Eddy Current for Magnetic Analysis with Active Sensor", in Proceedings of E-SmartGoogle Scholar
- S. Skorobogatov. 2005, "Semi-invasive Attacks - A New Approach to Hardware Security Analysis". Technical report, 2005.Google Scholar
- P. A. Fouque and F. Valette, 2003, "The Doubling Attack -- Why Upwards is Better than Downwards," in Cryptographic Hardware and Embedded Systems, 2779, 269--280Google Scholar
- S. M. Yen, S. J. Kim, S. G. Lim and S. J. Moon, 2002, "A Countermeasure Against One Physical Cryptanalysis May Benefit Another Attack," in Proceedings of Information Security and Cryptology, 2288, 414--427 Google ScholarDigital Library
- M. Joye and S. M. Yen, 2003, "The Montgomery Powering Ladder," In Cryptographic Hardware and Embedded Systems, 2523, 291--302 Google ScholarDigital Library
Index Terms
- A new fault cryptanalysis on montgomery ladder exponentiation algorithm
Recommendations
RSA Speedup with Chinese Remainder Theorem Immune against Hardware Fault Cryptanalysis
This article considers the problem of how to prevent the fast RSA signature and decryption computation with residue number system (or called the CRT-based approach) speedup from a hardware fault cryptanalysis in a highly reliable and efficient approach. ...
Using Templates to Attack Masked Montgomery Ladder Implementations of Modular Exponentiation
Information Security ApplicationsSince side-channel attacks turned out to be a major threat against implementations of cryptographic algorithms, many countermeasures have been proposed. Amongst them, multiplicative blinding is believed to provide a reasonable amount of security for ...
Improvement on ha-moon randomized exponentiation algorithm
ICISC'04: Proceedings of the 7th international conference on Information Security and CryptologyRandomized recoding on the exponent of an exponentiation computation into a signed-digit representation has been a well known countermeasure against some side-channel attacks. However, this category of countermeasures can only be applicable to those ...
Comments