• Title/Summary/Keyword: Side channel Attack

Search Result 166, Processing Time 0.023 seconds

Compact Implementation of Multiplication on ARM Cortex-M3 Processors (ARM Cortex-M3 상에서 곱셈 연산 최적화 구현)

  • Seo, Hwa-jeong
    • Journal of the Korea Institute of Information and Communication Engineering
    • /
    • v.22 no.9
    • /
    • pp.1257-1263
    • /
    • 2018
  • Secure authentication technology is a fundamental building block for secure services for Internet of Things devices. Particularly, the multiplication operation is a core operation of public key cryptography, such as RSA, ECC, and SIDH. However, modern low-power processor, namely ARM Cortex-M3 processor, is not secure enough for practical usages, since it executes the multiplication operation in variable-time depending on the input length. When the execution is performed in variable-time, the attacker can extract the password from the measured timing. In order to resolve this issue, recent work presented constant-time solution for multiplication operation. However, the implementation still missed various speed-optimization techniques. In this paper, we analyze previous multiplication methods over ARM Cortex-M3 and provide optimized implementations to accelerate the speed-performance further. The proposed method successfully accelerates the execution-time by up-to 25.7% than previous works.

Key Recovery Algorithm of Erroneous RSA Private Key Bits Using Generalized Probabilistic Measure (일반화된 확률 측도를 이용하여 에러가 있는 RSA 개인키를 복구하는 알고리즘)

  • Baek, Yoo-Jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.5
    • /
    • pp.1089-1097
    • /
    • 2016
  • It is well-known that, if additional information other than a plaintext-ciphertext pair is available, breaking the RSA cryptosystem may be much easier than factorizing the RSA modulus. For example, Coppersmith showed that, given the 1/2 fraction of the least or most significant bits of one of two RSA primes, the RSA modulus can be factorized in a polynomial time. More recently, Henecka et. al showed that the RSA private key of the form (p, q, d, $d_p$, $d_q$) can efficiently be recovered whenever the bits of the private key are erroneous with error rate less than 23.7%. It is notable that their algorithm is based on counting the matching bits between the candidate key bit string and the given decayed RSA private key bit string. And, extending the algorithm, this paper proposes a new RSA private key recovery algorithm using a generalized probabilistic measure for measuring the consistency between the candidate key bits and the given decayed RSA private key bits.

Statistical Analysis of High-Order Power Analysis (고차 전력 분석에 대한 통계적 수식의 일반화)

  • Kim, Min-Su;Kim, Hee-Seok;Hong, Seok-Hie
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.21 no.4
    • /
    • pp.27-37
    • /
    • 2011
  • dth-order power analysis can safely be defended by dth-order masking method. However, as the degree of applied masking method increases, it can significantly decrease effectiveness of cryptosystem. The existing statistical analysis on high-order power analysis contains only analysis on second power analysis. However, this means absent of safety standards when crypto engineers apply 3rd or more order masking. this absent of standards can lead to insignificant usage of masking method which can significantly decrease effectiveness of cryptosystem. In this dissertation, we have generalize statistical values on high-order power analysis to establish these standards. In other words, we have generalized the value of a correlation coefficient when calculation of high-order power analysis methods are performed. That is to say, it can greatly be used to indicate a degrees that can be applied on further usage of masking method.

DPA-Resistant Low-Area Design of AES S-Box Inversion (일차 차분 전력 분석에 안전한 저면적 AES S-Box 역원기 설계)

  • Kim, Hee-Seok;Han, Dong-Guk;Kim, Tae-Hyun;Hong, Seok-Hie
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.4
    • /
    • pp.21-28
    • /
    • 2009
  • In the recent years, power attacks were widely investigated, and so various countermeasures have been proposed, In the case of block ciphers, masking methods that blind the intermediate values in the algorithm computations(encryption, decryption, and key-schedule) are well-known among these countermeasures. But the cost of non-linear part is extremely high in the masking method of block cipher, and so the inversion of S-box is the most significant part in the case of AES. This fact make various countermeasures be proposed for reducing the cost of masking inversion and Zakeri's method using normal bases over the composite field is known to be most efficient algorithm among these masking method. We rearrange the masking inversion operation over the composite field and so can find duplicated multiplications. Because of these duplicated multiplications, our method can reduce about 10.5% gates in comparison with Zakeri's method.

Deep Learning Based Side-Channel Analysis for Recent Masking Countermeasure on SIKE (SIKE에서의 최신 마스킹 대응기법에 대한 딥러닝 기반 부채널 전력 분석)

  • Woosang Im;Jaeyoung Jang;Hyunil Kim;Changho Seo
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.33 no.2
    • /
    • pp.151-164
    • /
    • 2023
  • Recently, the development of quantum computers means a great threat to existing public key system based on discrete algebra problems or factorization problems. Accordingly, NIST is currently in the process of contesting and screening PQC(Post Quantum Cryptography) that can be implemented in both the computing environment and the upcoming quantum computing environment. Among them, SIKE is the only Isogeny-based cipher and has the advantage of a shorter public key compared to other PQC with the same safety. However, like conventional cryptographic algorithms, all quantum-resistant ciphers must be safe for existing cryptanlysis. In this paper, we studied power analysis-based cryptographic analysis techniques for SIKE, and notably we analyzed SIKE through wavelet transformation and deep learning-based clustering power analysis. As a result, the analysis success rate was close to 100% even in SIKE with applied masking response techniques that defend the accuracy of existing clustering power analysis techniques to around 50%, and it was confirmed that was the strongest attack on SIKE.

Gate-Level Conversion Methods between Boolean and Arithmetic Masks (불 마스크와 산술 마스크에 대한 게이트 레벨 변환기법)

  • Baek, Yoo-Jin
    • Journal of the Institute of Electronics Engineers of Korea SD
    • /
    • v.46 no.11
    • /
    • pp.8-15
    • /
    • 2009
  • Side-channel attacks including the differential power analysis attack are often more powerful than classical cryptanalysis and have to be seriously considered by cryptographic algorithm's implementers. Various countermeasures have been proposed against such attacks. In this paper, we deal with the masking method, which is known to be a very effective countermeasure against the differential power analysis attack and propose new gate-level conversion methods between Boolean and arithmetic masks. The new methods require only 6n-5 XOR and 2n-2 AND gates with 3n-2 gate delay for converting n-bit masks. The basic idea of the proposed methods is that the carry and the sum bits in the ripple adder are manipulated in a way that the adversary cannot detect the relation between these bits and the original raw data. Since the proposed methods use only bitwise operations, they are especially useful for DPA-securely implementing cryptographic algorithms in hardware which use both Boolean and arithmetic operations. For example, we applied them to securely implement the block encryption algorithm SEED in hardware and present its detailed implementation result.