• Title/Summary/Keyword: Exponentiation

Search Result 127, Processing Time 0.029 seconds

Side-Channel Attacks on Square Always Exponentiation Algorithm (Square Always 멱승 알고리듬에 대한 부채널 공격)

  • Jung, Seung-Gyo;Ha, Jae-Cheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.24 no.3
    • /
    • pp.477-489
    • /
    • 2014
  • Based on some flaws occurred for implementing a public key cryptosystem in the embedded security device, many side-channel attacks to extract the secret private key have been tried. In spite of the fact that the cryptographic exponentiation is basically composed of a sequence of multiplications and squarings, a new Square Always exponentiation algorithm was recently presented as a countermeasure against side-channel attacks based on trading multiplications for squarings. In this paper, we propose Known Power Collision Analysis and modified Doubling attacks to break the Right-to-Left Square Always exponentiation algorithm which is known resistant to the existing side-channel attacks. And we also present a Collision-based Combined Attack which is a combinational method of fault attack and power collision analysis. Furthermore, we verify that the Square Always algorithm is vulnerable to the proposed side-channel attacks using computer simulation.

Modular Exponentiation by m-Numeral System (m-진법 모듈러 지수연산)

  • Lee, Sang-Un
    • The KIPS Transactions:PartC
    • /
    • v.18C no.1
    • /
    • pp.1-6
    • /
    • 2011
  • The performance and practicality of cryptosystem for encryption, decryption, and primality test is primarily determined by the implementation efficiency of the modular exponentiation of $a^b$(mod n). To compute $a^b$(mod n), the standard binary squaring still seems to be the best choice. But, the d-ary, (d=2,3,4,5,6) method is more efficient in large b bits. This paper suggests m-numeral system modular exponentiation. This method can be apply to$b{\equiv}0$(mod m), $2{\leq}m{\leq}16$. And, also suggests the another method that is exit the algorithm in the case of the result is 1 or a.

NAP and Optimal Normal Basis of Type II and Efficient Exponentiation in $GF(2^n)$ (NAF와 타입 II 최적정규기저를 이용한 $GF(2^n)$ 상의 효율적인 지수승 연산)

  • Kwon, Soon-Hak;Go, Byeong-Hwan;Koo, Nam-Hun;Kim, Chang-Hoon
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.34 no.1C
    • /
    • pp.21-27
    • /
    • 2009
  • We present an efficient exponentiation algorithm for a finite field $GF(2^n)$ determined by an optimal normal basis of type II using signed digit representation of the exponents. Our signed digit representation uses a non-adjacent form (NAF) for $GF(2^n)$. It is generally believed that a signed digit representation is hard to use when a normal basis is given because the inversion of a normal element requires quite a computational delay. However our result shows that a special normal basis, called an optimal normal basis (ONB) of type II, has a nice property which admits an effective exponentiation using signed digit representations of the exponents.

Efficient RSA Multisignature Scheme (효율적인 RSA 다중 서명 방식)

  • 박상준;박상우;원동호
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.7 no.2
    • /
    • pp.19-26
    • /
    • 1997
  • In this paper, we propose an RSA multisignature scheme with no bit expansion in which the signing order is not restricted. In this scheme we use RSA moduli with the same bit length. the most 1 bits of which are same. The proposed scheme is based on these RSA moduli and a repeated exponentiation of Levine and Brawley. Kiesler and Harn first utilize the repeated exponentiation technique in their multisignature scheme, which requires 1.5m exponentiations for signing, where m is the number of signers. However, the proposed scheme requires (equation omitted) m exponentiation. So if l is sufficiently large (l $\geq$ 32), then we can neglect the vaue (equation omitted

Design of Modular Exponentiation Processor for RSA Cryptography (RSA 암호시스템을 위한 모듈러 지수 연산 프로세서 설계)

  • 허영준;박혜경;이건직;이원호;유기영
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.10 no.4
    • /
    • pp.3-11
    • /
    • 2000
  • In this paper, we design modular multiplication systolic array and exponentiation processor having n bits message black. This processor uses Montgomery algorithm and LR binary square and multiply algorithm. This processor consists of 3 divisions, which are control unit that controls computation sequence, 5 shift registers that save input and output values, and modular exponentiation unit. To verify the designed exponetion processor, we model and simulate it using VHDL and MAX+PLUS II. Consider a message block length of n=512, the time needed for encrypting or decrypting such a block is 59.5ms. This modular exponentiation unit is used to RSA cryptosystem.

An EIGamal Signature Scheme using Cellular Automata (CA를 이용한 EIGamal 서명기법)

  • 이준석;장화식;이경현
    • Convergence Security Journal
    • /
    • v.2 no.2
    • /
    • pp.143-153
    • /
    • 2002
  • In this paper, we propose a multiplication scheme based on cellular automata and propose high speed multiplication scheme and exponentiation scheme using a optimal normal basis. And then EIGamal signature scheme is implemented by proposed schemes. A proposed multiplication and exponentiation scheme based on cellular automata can be used in restricted computing environments such that basis is frequently changed and cryptosystem and multimedia applications that are required high speed operations.

  • PDF

Fast exponentiation with modifed montgonmery modular multiplication (Montgomery 모듈라 곱셈을 변형한 고속 멱승)

  • 하재철;문상재
    • The Journal of Korean Institute of Communications and Information Sciences
    • /
    • v.22 no.5
    • /
    • pp.1036-1044
    • /
    • 1997
  • We modify the montgomery modeular multikplication to extract the common parts in common-multiplicand multi-plications. Since the modified method computes the common parts in two modular multiplications once rather than twice, it can speed up the exponentiations and reduce the amount of storage tables in m-ary or windowexponentiation. It can be also applied to an exponentiation mehod by folding the exponent in half. This method is well-suited to the memory limited environments such as IC card due to its speed and requirement of small memory.

  • PDF

Fast Modular Exponentiation on a Systolic Array (시스톨릭 어레이상에서 고속 모듈러 지수 연산)

  • 이건직
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.8 no.1
    • /
    • pp.39-52
    • /
    • 1998
  • 본 논문에서는 모듈러 지수승시에 요구되는 모듈러 곱셈의 반복 횟수를 줄이기 위해 SM(m)기법을 제안하며 지수를 SM(m)표현과 시스톨릭 SM(m) 표현으로 변환한다.그리고 변환된 스스톨릭 SM(m) 표현으로부터 모듈러 지수연산을 위한 선형시스톨릭 어레이를 제시한다. 제안된 기법은 기존의 방법보다 소프트웨어로 구현시에 선 계산기에 필요한 기업 장소의 크기를 줄였으며, 선형 시스톨릭 어레이로 구현시에 기존의 방법들보다 처리기의 개수를 감소시키며, 처리기내에 필요한 기억 장소의 크기를 줄였다. 수정된 부호화 디지트 기법과 비교하면 처리기의 개수를 24%정도 줄일 수 있다.

Square-and-Divide Modular Exponentiation (제곱-나눗셈 모듈러 지수연산법)

  • Lee, Sang-Un
    • Journal of the Korea Society of Computer and Information
    • /
    • v.18 no.4
    • /
    • pp.123-129
    • /
    • 2013
  • The performance and practicality of cryptosystem for encryption, decryption, and primality test are primarily determined by the implementation efficiency of the modular exponentiation of $a^b$ (mod m). To compute $a^b$ (mod m), the standard binary squaring (square-and-multiply) still seems to be the best choice. However, in large b bits, the preprocessed n-ary, ($n{\geq}2$ method could be more efficient than binary squaring method. This paper proposes a square-and-divide and unpreprocessed n-ary square-and-divide modular exponentiation method. Results confirmed that the square-and-divide method is the most efficient of trial number in a case where the value of b is adjacent to $2^k+2^{k-1}$ or to. $2^{k+1}$. It was also proved that for b out of the beforementioned range, the unpreprocessed n-ary square-and-divide method yields higher efficiency of trial number than the general preprocessed n-ary method.

Analysis and Countermeasure on RSA Algorithm Having High Attack Complexity in Collision-Based Power Analysis Attack (충돌 전력 분석 공격에 높은 공격 복잡도를 갖는 RSA 알고리즘에 대한 취약점 분석 및 대응기법)

  • Kim, Suhri;Kim, Taewon;Jo, Sungmin;Kim, HeeSeok;Hong, Seokhie
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.2
    • /
    • pp.335-344
    • /
    • 2016
  • It is known that power analysis is one of the most powerful attack in side channel analysis. Among power analysis single trace attack is widely studied recently since it uses one power consumption trace to recover secret key of public cryptosystem. Recently Sim et al. proposed new exponentiation algorithm for RSA cryptosystem with higher attack complexity to prevent single trace attack. In this paper we analyze the vulnerability of exponentiation algorithm described by Sim et al. Sim et al. applied message blinding and random exponentiation splitting method on $2^t-ary$ for higher attack complexity. However we can reveal private key using information exposed during pre-computation generation. Also we describe modified algorithm that provides higher attack complexity on collision attack. Proposed algorithm minimized the reuse of value that are used during exponentiation to provide security under single collision attack.