Journal of the Institute of Electronics Engineers of Korea SP (대한전자공학회논문지SP)

The Institute of Electronics and Information Engineers (대한전자공학회)
권호 표지

Subspace-based Power Analysis on the Random Scalar Countermeasure

랜덤 스칼라 대응기법에 대한 부분 공간 기반 전력 분석

  • Kim, Hee-Seok (Graduate School of Information Management and Security, Korea University) ;
  • Han, Dong-Guk (Department of Mathematics, Kookmin University) ;
  • Hong, Seok-Hie (Graduate School of Information Management and Security, Korea University) ;
  • Yi, Ok-Yeon (Department of Mathematics, Kookmin University)
  • 김희석 (고려대학교 정보경영공학전문대학원) ;
  • 한동국 (국민대학교 수학과) ;
  • 홍석희 (고려대학교 정보경영공학전문대학원) ;
  • 이옥연 (국민대학교 수학과)
  • Published : 2010.01.25
Download PDF
⟨ Previous Next ⟩

Abstract

Random scalar countermeasures, which carry out the scalar multiplication by the ephemeral secret key, against the differential power analysis of ECIES and ECDH have been known to be secure against various power analyses. However, if an attacker can find this ephemeral key from the one power signal, these countermeasures can be analyzed. In this paper, we propose a new power attack method which can do this analysis. Proposed attack method can be accomplished while an attacker compares the elliptic curve doubling operations and we use the principle component analysis in order to ease this comparison. When we have actually carried out the proposed power analysis, we can perfectly eliminate the error of existing function for the comparison and find a private key from this elimination of the error.

ECIES와 ECDH의 강력한 DPA 대응방법으로 알려진 랜덤 스칼라 기법은 다양한 전력 분석에 안전한 것으로 알려져 있다. 이 대응방법은 매번 생성되는 난수를 키로 사용해 스칼라 곱셈 연산을 수행하는 하나의 파형에서 이 난수 값을 알 수 있다면 분석이 가능하다. 하지만 이러한 분석 사례가 기존에 없어 아직 안전한 것으로 알려져 있다. 본 논문에서는 이러한 분석을 가능하게 할 수 있는 새로운 전력 분석을 제안한다. 제안하는 분석 기법은 타원곡선의 더블링 연산들을 비교함에 의해 이루어지며 이러한 비교를 용이하게 하기 위해 주성분 분석을 이용한다. 제안하는 주성분 분석을 이용한 부분공간 기반 전력 분석을 실제로 수행했을 때 기존의 판별 함수의 에러를 완벽하게 제거할 수 있었으며 이를 통해 개인키를 찾아낼 수 있었다.

Keywords

References

  1. P. Kocher, J. Jaffe, and B. Jun, "Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Others Systems, " CRYPTO 1996, LNCS 1109, pp. 104-113, Springer-Verlag, 1996.
  2. Bellcore Press Release, "New threat model breaks crypto codes," or D. Boneh, R. A. DeMillo, and R. J. Lipton, "On the importance of checking cryptographic protocols for faults", EUROCRYPT 1997, LNCS 1233, pp. 37-51, Springer-Verlag, 1997.
  3. S. M. Yen, S. J. Kim, S. G. Lim, and S. J. Moon, "A countermeasure against one physical cryptanalysis May Benefit Another Attack," ICISC 2001, LNCS 2288 , pp. 414-427, Springer-Verlag, 2001.
  4. P. Kocher, J. Jaffe, and B. Jun, "Differential power analysis," CRYPTO 1999, LNCS 1666, pp. 388-397, Springer-Verlag, 1999.
  5. P. Kocher, J. Jaffe, and B. Jun, "Introduction to differential power analysis and related attacks," Available online at http://www.cryptography.com /dpa/technical, 1998.
  6. T. S. Messerges, E. A. Dabbish, and R. H. Sloan, "Power analysis attacks on modular exponentiation in Smart cards," CHES 1999, LNCS 1717, pp. 144-157, Springer-Verlag, 1999.
  7. D. Agrawal, B. Archambeault, J. R. Rao, and P. Rohatgi, "The EM Side-Channel(s)," CHES 2002, LNCS 2523, pp. 29-45, Springer-Verlag, 2003
  8. Certicom Research, Standards for efficient cryptography, SEC 1: Elliptic Curve Cryptography, Version 1.0, September 20, 2000.
  9. NIST, Special Publication 800-56A, Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography, March, 2006.
  10. J. S. Coron, "Resistance against differential power analysis for Elliptic Curve Cryptosystems," CHES 1999, LNCS 1717, pp.292-302 , Springer-Verlag, 1999.
  11. T. Izu and T. Takagi, "A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks," PKC 2002, LNCS 2274, pp. 280-296, Springer-Verlag, 2002.
  12. B. Chevallier-Mames, M. Ciet, and M. Joye, "Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity," IEEE Trans. Computers, Vol. 53, No. 6, pp. 760-768, 2004. https://doi.org/10.1109/TC.2004.13
  13. H. Mamiya, A. Miyaji, and H. Morimoto, "Efficient Countermeasures Against RPA, DPA, and SPA," CHES 2004, LNCS 3156, pp. 343-356, Springer-Verlag, 2004.
  14. K. Itoh, T. Izu, and M. Takenaka, "Improving the Randomized Initial Point Countermeasure Against DPA," ACNS 2006, LNCS 3989, pp.459 –469, Springer-Verlag, 2006.
  15. J.S. Coron, "Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems," CHES 1999, LNCS 1717, pp. 292-302, Springer-Verlag, 1999.
  16. C. Clavier and M. Joye, "Universal exponentiation algorithm - A first step towards provable SPA-resistance -," CHES 2001, LNCS 2162, pp. 300-308, Springer-Verlag, 2001.
  17. M. Ciet and M. Joye, "(Virtually) Free randomization technique for elliptic curve cryptography", ICICS 2003, LNCS, 2836, pp. 348-359, Springer-Verlag, 2003.
  18. K. Okeya and K. Sakurai, "A Second-Order DPA Attack Breaks a Window method based Countermeasure against Side Channel Attacks," ISC 2002, LNCS 2433, pp. 389-401, Springer-Verlag, 2002.
  19. M. Medwed, E. Oswald, "Template Attack on ECDSA," WISA 2008, LNCS 5379, pp. 14-27, Springer-Verlag, 2008.
  20. P. A. Fouque and F. Valette, "The Doubling Attack – Why Upwards Is Better than Downwards", CHES 2003, LNCS 2779, pp. 269– 280, Springer-Verlag, 2003.
  21. I. T. Jolliffe. Principal Component Analysis. Springer-Verlag, New York, 1986.
  22. K. Fukunaga. Introduction to Statistical Pattern Recognition. Elsevier, New York, 1990.
  23. N. Homma, A. Miyamoto, T. Aoki, A. Satoh, and A. Shamir, "Collision-Based Power Analysis of Modular Exponentiation Using Chosen-Message Pairs," CHES 2008, LNCS 5154, pp.15-29 , Springer-Verlag, 2008.