Browse > Article
http://dx.doi.org/10.13089/JKIISC.2014.24.6.1091

Side-Channel Analysis Based on Input Collisions in Modular Multiplications and its Countermeasure  

Choi, Yongje (ETRI)
Choi, Dooho (ETRI)
Ha, Jaecheol (Hoseo University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.24, no.6, 2014 , pp. 1091-1102 More about this Journal
Abstract
The power analysis attack is a cryptanalytic technique to retrieve an user's secret key using the side-channel power leakage occurred during the execution of cryptographic algorithm embedded on a physical device. Especially, many power analysis attacks have targeted on an exponentiation algorithm which is composed of hundreds of squarings and multiplications and adopted in public key cryptosystem such as RSA. Recently, a new correlation power attack, which is tried when two modular multiplications have a same input, is proposed in order to recover secret key. In this paper, after reviewing the principle of side-channel attack based on input collisions in modular multiplications, we analyze the vulnerability of some exponentiation algorithms having regularity property. Furthermore, we present an improved exponentiation countermeasure to resist against the input collision-based CPA(Correlation Power Analysis) attack and existing side channel attacks and compare its security with other countermeasures.
Keywords
Power Analysis Attack; Exponentiation Algorithm; Modular Multiplication; Input Collision-based CPA;
Citations & Related Records
Times Cited By KSCI : 1  (Citation Analysis)
연도 인용수 순위
1 P. Kocher, "Timing Attacks on Implementation of Diffie-Hellman, RSA, DSS, and Other Systems,"CRYPTO'96, LNCS 1109, pp. 104-113, Aug. 1996.
2 P. Kocher, J. Jae, and B. Jun, "Differential power analysis," CRYPTO'99, LNCS 1666, pp. 388-397, Aug. 1999.
3 D. Boneh, R. DeMillo, and R. Lipton, "On the Importance of Checking Cryptographic Protocols for Faults," EUROCRYPTO'97, LNCS 1233, pp. 37-51, May. 1997.
4 National Institute of Standards and Technology, "Advanced Encryption Standards," NIST FIPS PUB 197, Nov. 2001.
5 R. Rivest, A Shamir, and L, Adelman, "A method for obtaining digital signature and public-key cryptosystems," Comm. of the ACM 21, pp. 120-126, Feb. 1978.
6 W. Diffie and M. Hellman, "New directions in cryptography," IEEE Transactions on Information Theory, vol. IT-22, no. 6, pp. 644-654, Nov. 1976.
7 D. Gordon, "A survey of fast exponentiation methods," Journal of Algorithms, vol. 27, pp. 129-146, May. 1998.   DOI   ScienceOn
8 P. Fouque and F. Valette, "The doubling attack- why upwards is better than downwards," CHES'03, LNCS 2779, pp. 269-280, Aug. 2003.
9 H. Kim and J. Ha, "A physical combined attack and its countermeasure on BNP exponentiation algorithm," Journal of The Korea Institute of Information Security & Cryptology(JKIISC), vol. 23, no. 4, pp. 585-591, Aug. 2013.   과학기술학회마을   DOI
10 E. Brier, C. Clavier, and F. Olivier, "Correlation power analysis with a leakage model," CHES'04, LNCS 3156, pp. 135-152, Aug. 2004.
11 S. Yen, S. Kim, S. Lim, and S. Moon, "A countermeasure against one physical cryptanalysis may benefit another attack," ICISC'01, LNCS 2288, pp. 414-427, Dec. 2001.
12 F. Amiel, K. Villegas, B. Feix, and L. Mercel, "Passive and Active Combined Attacks: Combining fault attacks and side channel analysis," FDTC'07, IEEE-CS, pp. 92-102, Sep. 2007.
13 M. Witteman, J. Woudenberg, and F. Menarini, "Defeating RSA Multiply- Always and Message Blinding Countermeasures," CT-RSA'11, LNCS 6558, pp. 77-88, Aug. 2011.
14 B. Feix, M. Roussellet, and A. Venelli, "Side-channel analysis on blinded regular scalar multiplications," Cryptology ePrint Archive, Report 2014/191. 2014. Available at http:eprint.iacr.org/2014/191
15 D. Knuth, The Art of Programming, Vol 2: Seminumerical Algorithms, 2nd Ed. Addison-Wesley, 1981.
16 S. Yen, L. Ko, S. Moon, and J. Ha, "Relative doubling attack against Montgomery ladder," ICISC'05, LNCS 3935, pp. 117-128, Dec. 2005.
17 C. Clavier, B. Feix, G. Gagnerot, and M. Roussellet, "Square Always exponentiation," INDOCRYPT'11, LNCS 7107, pp. 40-57, Dec. 2011.
18 P. Montgomery, "Modular multipli cation without trial division," Math. of Comp., Vol. 44, No. 170, pp. 519-521, Apr. 1985.   DOI   ScienceOn
19 M. Joye and S. M. Yen, "The Montgomery Powering Ladder," CHES'02, LNCS 2523, pp. 291-302, Aug. 2002.
20 J. Coron, "Resistance against differential power analysis for elliptic curve cryptosystems," CHES'99, LNCS 1717, pp. 292-302, Aug. 1999.
21 A. Boscher, R. Naciri, and E. Prouff, "CRT-RSA Algorithm Protected Against Fault Attacks," WISTP'07, LNCS 4462, pp. 237-252, May. 2007.
22 H. Kim, Y. Choi, D. Choi, and J. Ha "A New Exponentiation Algorithm Resistant to Combined Side Channel Attack," Journal of Internet Services and Information Security(JISIS), Vol 3, No. 3/4, pp. 17-27, Nov. 2013.