Browse > Article
http://dx.doi.org/10.13089/JKIISC.2018.28.5.1079

Key Bit-dependent Attack on Side-Channel Analysis-Resistant Hardware Binary Scalar Multiplication Algorithm using a Single-Trace  

Sim, Bo-Yeon (Kookmin University)
Kang, Junki (The Affiliated Institute of ETRI)
Han, Dong-Guk (Kookmin University)
Publication Information
Journal of the Korea Institute of Information Security & Cryptology / v.28, no.5, 2018 , pp. 1079-1087 More about this Journal
Abstract
Binary scalar multiplication which is the main operation of elliptic curve cryptography is vulnerable to the side-channel analysis. Especially, it is vulnerable to the side-channel analysis which uses power consumption and electromagnetic emission patterns. Thus, various countermeasures have been studied. However, they have focused on eliminating patterns of data dependent branches, statistical characteristic according to intermediate values, or the interrelationships between data. No countermeasure have been taken into account for the secure design of the key bit check phase, although the secret scalar bits are directly loaded during that phase. Therefore, in this paper, we demonstrate that we can extract secret scalar bits with 100% success rate using a single power or a single electromagnetic trace by performing key bit-dependent attack on hardware implementation of binary scalar multiplication algorithm. Experiments are focused on the $Montgomery-L{\acute{o}}pez-Dahab$ ladder algorithm protected by scalar randomization. Our attack does not require sophisticated pre-processing and can defeat existing countermeasures using a single-trace. As a result, we propose a countermeasure and suggest that it should be applied.
Keywords
Side-Channel Analysis; Elliptic Curve Cryptography; Single-Trace Attack; Key Bit-dependent Attack; Countermeasure;
Citations & Related Records
연도 인용수 순위
  • Reference
1 B.-Y. Sim and D.-G. Han, "Key Bit-Dependent Attack on Protected PKC Using a Single Trace", ISPEC 2017, pp. 168-185, 2017.
2 C.D. Walter, "Sliding windows succumbs to Big Mac attack", CHES 2001, pp. 286-299, 2001.
3 C.M. Bischop, Pattern recognition and Machine Learning, Information Science and Statistics, Springer, New York, 2007.
4 D. Hankerson, A. Menezes, and S. Vanstone, Guide to Elliptic Curve Cryptography, Springer, ISBN 0-387-95273-X, 2003.
5 D. May, H.L. Muller, and N.P. Smart, "Random register renaming to foil DPA", CHES 2001, pp. 28-38, 2001.
6 G. Perin, L. Imbert, L. Torres, and P. Maurine, "Attacking randomized exponentiations using unsupervised learning", COSADE 2014, pp. 144-160, 2014.
7 G. Perin and L. Chmielewski, "A Semi-parametric approach for side-channel attacks on protected RSA implemtations", CARDIS 2015, pp. 34-53, 2016.
8 I. Diop, P.Y. Liardet, and P. Maurine, "Collision based attacks in practice", DSD 2015, pp. 367-374, 2015.
9 I. Diop, M. Carbone, S. Ordas, Y. Linge, P.Y. Liardet, and P. Maurine, "Collision for estimating SCA measurement quality and related applications", CARDIS 2015, pp. 143-157, 2015.
10 C. Clavier, B. Feix, G. Gagnerot, M. Roussellet, and V. Verneuil, "Horezontal correlation analysis on exponentiation", ICISC 2010, pp. 46-61, 2010.
11 J. Heyszl, S. Mangard, B. Heinz, F. Stumpf, and G. Sigl, "Localized electromagnetic analysis of cryptographic implementations", CT-RSA 2012. pp. 231-244, 2012.
12 J. Heyszl, A. Ibing, S. Mangard, F. De Santis, G. Sigl, "Clustering algorithms for non-profiled single-execution attacks on exponentiations", CARDIS 2013, pp. 79-93, 2014.
13 J. Lopez, and R. Dahab, "Fast multiplication on elliptic curves over $GF(2^m)$ without precomputation", CHES 1999, pp. 316-327, 1999.
14 J.-S. Coron, "Resistance against differential power analysis for elliptic curve cryptosystems", CHES 1999, pp. 292-302, 1999.
15 M. Ciet, M. Joye, "(Virtually) free randomization techniques for elliptic curve cryptography", ICISC 2003, pp. 348-359, 2003.
16 N. Homma, A. Miyamoto, T. Aoki, A. Satoh, "Comparative power analysis of modular exponentiation algorithms", IEEE Trans, pp. 759-807, 2010.
17 M. Joye, and S.-M. Yen, "The montgomery powering ladder", CHES 2002, pp. 291-302, 2003.
18 M. Joye, "Highly regular right-to-left algorithms for scalar multiplication", CHES 2007, pp. 135-147, 2007.
19 N. Hanley, H.S. Kim, and M. Tunstall, "Exploiting collisions in addition chain-based exponentiation algorithms using a single trace", CT-RSA 2015, pp. 431-448, 2015.
20 P. Kocher, "Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems", CRYPTO 1996, pp. 104-113, 1996.
21 P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis", CRYPTO 1999, pp. 388-397, 1999.
22 P. Montgomery, "Speeding the pollard and elliptic curve methods of factorization", Mathematics of Computation, pp. 243-264, 1987.
23 R. Specht, J. Heyszl, M. Kleinsteuber, and G. Sigl, "Improving non-profiled attacks on exponentiations based on clustering and extracting leakage from multi-channel high-resolution EM measurements", COSADE 2014, pp. 3-19, 2015.
24 T. Sugawara, D. Suzuki, and M. Saeki, "Internal collision attack on RSA under closed EM measurement", SCIS 2014.
25 T. Sugawar, D. Suzuki, and M. Saeki, "Tow operands of multipliers in side-channel attack", COSADE 2014, pp. 64-78, 2015.