Browse > Article
http://dx.doi.org/10.13089/JKIISC.2014.24.3.477

Side-Channel Attacks on Square Always Exponentiation Algorithm  

Jung, Seung-Gyo (Hoseo University)
Ha, Jae-Cheol (Hoseo University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.24, no.3, 2014 , pp. 477-489 More about this Journal
Abstract
Based on some flaws occurred for implementing a public key cryptosystem in the embedded security device, many side-channel attacks to extract the secret private key have been tried. In spite of the fact that the cryptographic exponentiation is basically composed of a sequence of multiplications and squarings, a new Square Always exponentiation algorithm was recently presented as a countermeasure against side-channel attacks based on trading multiplications for squarings. In this paper, we propose Known Power Collision Analysis and modified Doubling attacks to break the Right-to-Left Square Always exponentiation algorithm which is known resistant to the existing side-channel attacks. And we also present a Collision-based Combined Attack which is a combinational method of fault attack and power collision analysis. Furthermore, we verify that the Square Always algorithm is vulnerable to the proposed side-channel attacks using computer simulation.
Keywords
Side-channel attack; Square Always exponentiation; Collision power analysis; Doubling attack;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 D. Boneh, R. DeMillo, and R. Lipton, "On the Importance of Checking Cryptographic Protocols for Faults," EUROCRYPTO'97, LNCS 1233, pp. 37-51, 1997.
2 M. Joye, J. Quisquater, F. Bao and R. H. Deng, "RSA-type signatures in the presence of transient faults," Cryptography and Coding, LNCS 1355, pp. 109-121, 1997.
3 M. Witteman, J. Woudenberg, and F. Menarini, "Defeating RSA Multiply-Always and Message Blinding Countermeasures," CT-RSA'11, LNCS 6558, pp. 77-88, 2011.
4 S. Yen, L. Ko, S. Moon, and J. Ha, "Relative doubling attack against Montgomery ladder," ICISC'05, LNCS 3935, pp. 117-128, 2005.
5 R. Rivest, A Shamir, and L, Adelman, "A method for obtaining digital signature and public-key cryptosystems," Comm. of the ACM vol. 21, no. 2, pp. 120-126, 1978.   DOI   ScienceOn
6 S. Yen, S. Kim, S. Lim, and S. Moon, "A countermeasure against one physical cryptanalysis may benefit another attack," ICISC'01, LNCS 2288, pp. 414-427, 2002.
7 F. Amiel, K. Villegas, B. Feix, and L. Mercel, "Passive and Active Combined Attacks: Combining fault attacks and side channel analysis," FDTC'07, IEEE-CS, pp. 92-102, 2007.
8 H. Kim and J. Ha, "A physical combined attack and its countermeasure on BNP exponentiation algorithm," Journal of The Korea Institute of Information Security & Cryptology(JKIISC), 23(4), pp. 585-591, 2013.   과학기술학회마을   DOI
9 J. Coron, "Resistance against differential power analysis for elliptic curve cryptosystems," CHES'99, LNCS 1717, pp. 292-302, 1999.
10 M. Joye and S. M. Yen, "The Montgomery Powering Ladder," CHES'02, LNCS 2523, pp. 291-302, 2002.
11 B. Chevallier-Mames, M. Ciet, and M. Joye, "Low-Cost Solutions for Preventing Simple Side-Channel Analysis: Side-Channel Atomicity," IEEE Trans. on Computers vol. 53, no. 6, pp. 760-768, 2004.   DOI   ScienceOn
12 F. Amiel, B. Feix, M. Tunstall, C. Whelen, and W. Marnane, "Distinguishing Multiplications from Squaring Operations," SAC'08, LNCS 5381, pp. 346-360, 2009.
13 W. Diffie and M. Hellman, "New directions in cryptography," IEEE Transactions on Information Theory, vol. IT-22, no. 6, pp. 644-654, Nov. 1976.
14 D. Gordon, "A survey of fast exponentiation methods," Journal of Algorithms," vol. 27, pp. 129-146, 1998.   DOI   ScienceOn
15 P. Kocher, "Timing Attacks on Implementation of Diffie-Hellman, RSA, DSS, and Other Systems," CRYPTO'96, LNCS 1109, pp. 104-113, 1996.
16 P. Kocher, J. Jae, and B. Jun, "Differential power analysis," CRYPTO' 99, LNCS 1666, pp. 388-397, 1999.
17 RSA Inc., "PKCS#1 v2.1, RSA Cryptography Standard," Jan. 2001. Available at ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf
18 C. Couvreur and J. J. Quisquater, "Fast decipherment algorithm for RSA public- key cryptosystem," Electronics Letters, vol. 18, no. 21, pp. 905-907, 1982.   DOI   ScienceOn
19 A. Boscher, R. Naciri, and E. Prouff, "CRT-RSA Algorithm Protected Against Fault Attacks," WISTP'07, LNCS 4462, pp. 237-252, 2007.
20 P. Fouque and F. Valette, "The doubling attack- why upwards is better than downwards," CHES'03, LNCS 2779, pp. 269-280, 2003.
21 C. Clavier, B. Feix, G. Gagnerot, and M. Roussellet, "Square Always exponentiation," INDOCRYPT'11, LNCS 7107, pp. 40-57, 2011.