[KSCI] Korea Science Citation Index Service

http://dx.doi.org/10.4218/etrij.10.0109.0249

Practical Second-Order Correlation Power Analysis on the Message Blinding Method and Its Novel Countermeasure for RSA

Kim, Hee-Seok (Center for Information Security Technologies (CIST), Korea University)
Kim, Tae-Hyun (Institute Attached to ETRI)
Yoon, Joong-Chul (System LSI Division, Samsung Electronics)
Hong, Seok-Hie (Center for Information Security Technologies (CIST), Korea University)

Publication Information

ETRI Journal / v.32, no.1, 2010 , pp. 102-111 More about this Journal

Abstract

Recently power attacks on RSA cryptosystems have been widely investigated, and various countermeasures have been proposed. One of the most efficient and secure countermeasures is the message blinding method, which includes the RSA derivative of the binary-with-random-initial-point algorithm on elliptical curve cryptosystems. It is known to be secure against first-order differential power analysis (DPA); however, it is susceptible to second-order DPA. Although second-order DPA gives some solutions for defeating message blinding methods, this kind of attack still has the practical difficulty of how to find the points of interest, that is, the exact moments when intermediate values are being manipulated. In this paper, we propose a practical second-order correlation power analysis (SOCPA). Our attack can easily find points of interest in a power trace and find the private key with a small number of power traces. We also propose an efficient countermeasure which is secure against the proposed SOCPA as well as existing power attacks.

Keywords

RSA cryptosystems; side channel attacks; message blinding method; BRIP; second-order DPA;

Citations & Related Records

Times Cited By Web Of Science : 0 (Related Records In Web of Science)
Times Cited By SCOPUS : 0

Reference

1	A.C. Menezes, P.C. van Oorschot, and S.A. Vanstone, Handbook of Applied Cryptography, CRC Press, Boca Raton, 1996.
2	E. Oswald et al., "Practical Second-Order DPA Attacks for Masked Smart Card Implementations of Block Cipher," CT-RSA 2006, LNCS 3860, 2006, pp. 192-207.
3	E. Oswald and K. Schramm, "An Efficient Masking Scheme for AES Software Implementation," WISA 2005, LNCS 3786, 2006, pp. 292-305.
4	W. Schindler, "A Timing Attack against RSA with the Chinese Remainder Theorem," CHES, vol. 1965, 2000, pp. 109-124.
5	K. Okeya and K. Sakurai, "Power Analysis Breaks Elliptic Curve Cryptosystems Even Secure against the Timing Attack," INDOCRYPT, LNCS 1977, 2000, pp. 178-190.
6	C. Clavier and M. Joye, "Universal Exponentiation Algorithm: A First Step towards Provable SPA-Resistance," CHES, LNCS 2162, 2001, pp. 300-308.
7	M. Ciet and M. Joye, "(Virtually) Free Randomization Technique for Elliptic Curve Cryptography," ICICS, LNCS 2836, 2003, pp. 348-359.
8	H. Mamiya, A. Miyaji, and H. Morimoto, "Efficient Countermeasures against RPA, DPA, and SPA," CHES, LNCS 3156, 2004, pp. 343-356.
9	K. Itoh, T. Izu, and M. Takenaka, "Improving the Randomized Initial Point Countermeasure against DPA," ACNS, LNCS 3989, 2006, pp. 459-469.
10	F. Amiel and B. Feix, "On the BRIP Algorithms Security for RSA," WISTP, LNCS 5019, 2008, pp. 136-149.
11	K. Okeya and K. Sakurai, "A Second-Order DPA Attack Breaks a Window Method Based Countermeasure against Side Channel Attacks," ISC, LNCS 2433, 2002, pp. 389-401.
12	P.A. Fouque and F. Vallette, "The Doubling Attack: Why Upwards Is Better than Downwards," CHES, LNCS 2779, 2003, pp. 269-280.
13	J.S. Coron, "Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems," CHES, LNCS 1717, 1999, pp. 292-302.
14	P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis," CRYPTO, LNCS 1666, 1999, pp. 388-397.
15	T. Messerges, E. Dabbish, and R. Sloan, "Power Analysis Attacks of Modula Exponentiation in Smartcards," CHES, LNCS 1717, 1999, pp. 144-157.
16	B. Chevallier-Mames, M. Ciet, and M. Joye, "Low-Cost Solutions for Preventing Simple Side-Channel Analysis: Side-Channel Atomicity," IEEE Trans. Computers, vol. 53, no. 6, 2004, pp. 760-768. DOI ScienceOn
17	T. Izu and T. Takagi, "A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks," PKC, LNCS 2274, 2002, pp. 280-296.
18	F. Amiel, B. Feix, and K. Villegas, "Power Analysis for Secret Recovering and Reverse Engineering of Public Key Algorithms," SAC, LNCS 4876, 2007, pp. 110-125.

Reference

2	(2010) 情報保護學會論文誌 RSA 충돌 분석 공격 복잡도 향상을 위한 연구 / 25 (2) , 261
2	(2010) 情報保護學會論文誌 충돌 전력 분석 공격에 높은 공격 복잡도를 갖는 RSA 알고리즘에 대한 취약점 분석 및 대응기법 / 26 (2) , 335
1	(2010) World wide web : Internet and web information systems Practical chosen-message CPA attack on message blinding exponentiation algorithm and its efficient countermeasure / 21 (1) , 201
6	(2010) IET computers & digital techniques Low‐complexity and differential power analysis (DPA)‐resistant two‐folded power‐aware Rivest-Shamir-Adleman (RSA) security schema implementation for IoT‐connected de / 12 (6) , 279
12	(2010) Journal of circuits, systems, and computers NEMR: A Nonequidistant DPA Attack-Proof of Modular Reduction in a CRT Implementation of RSA / 27 (12) , 1850191
None	(2010) Journal of information security and applications A Cluster Correlation power analysis against double blinding exponentiation / 48 (None) , 102357
5	(2020) IET information security Chosen base‐point side‐channel attack on Montgomery ladder with <I>x</I> ‐only coordinate: with application to secp256k1 / 14 (5) , 483
3	(2010) Journal of circuits, systems, and computers A New Side-Channel Attack on Reduction of RSA-CRT Montgomery Method Based / 30 (3) , 2150038