• Title/Summary/Keyword: side-channel attack

Search Result 168, Processing Time 0.029 seconds

Subspace-based Power Analysis on the Random Scalar Countermeasure (랜덤 스칼라 대응기법에 대한 부분 공간 기반 전력 분석)

  • Kim, Hee-Seok;Han, Dong-Guk;Hong, Seok-Hie;Yi, Ok-Yeon
    • Journal of the Institute of Electronics Engineers of Korea SP
    • /
    • v.47 no.1
    • /
    • pp.139-149
    • /
    • 2010
  • Random scalar countermeasures, which carry out the scalar multiplication by the ephemeral secret key, against the differential power analysis of ECIES and ECDH have been known to be secure against various power analyses. However, if an attacker can find this ephemeral key from the one power signal, these countermeasures can be analyzed. In this paper, we propose a new power attack method which can do this analysis. Proposed attack method can be accomplished while an attacker compares the elliptic curve doubling operations and we use the principle component analysis in order to ease this comparison. When we have actually carried out the proposed power analysis, we can perfectly eliminate the error of existing function for the comparison and find a private key from this elimination of the error.

DPA-Resistant Logic Gates and Secure Designs of SEED and SHA-1 (차분 전력분석 공격에 안전한 논리 게이트 및 SEED 블록 암호 알고리즘과 SHA-1 해쉬 함수에의 응용)

  • Baek, Yoo-Jin
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.18 no.6A
    • /
    • pp.17-25
    • /
    • 2008
  • The differential power attack (DPA)[8] is a very powerful side-channel attack tool against various cryptosystems and the masking method[10] is known to be one of its algorithmic countermeasures. But it is non-trivial to apply the masking method to non-linear functions, especially, to arithmetic adders. This paper proposes simple and efficient masking methods applicable to arithmetic adders. For this purpose, we use the fact that every combinational logic circuit (including the adders) can be decomposed into basic logic gates (AND, OR, NAND, NOR, XOR, XNOR, NOT) and try to devise efficient masking circuits for these basic gates. The resulting circuits are then applied to the arithmetic adders to get their masking algorithm. As applications, we applied the proposed masking methods to SEED and SHA-1 in hardware.

Enhanced Equidistant Chosen Message Power Analysis of RSA-CRT Algorithm (RSA-CRT의 향상된 등간격 선택 평문 전력 분석)

  • Park, Jong-Yeon;Han, Dong-Guk;Yi, Ok-Yeon;Choi, Doo-Ho
    • Journal of the Institute of Electronics Engineers of Korea CI
    • /
    • v.48 no.2
    • /
    • pp.117-126
    • /
    • 2011
  • RSA-CRT algorithm is widely used to improve the performance of RSA algorithm. However, it is also vulnerable to side channel attacks like as general RSA. One of the power attacks on RSA-CRT, proposed by Boer et al., is a power analysis which utilizes reduction steps of RSA-CRT algorithm with equidistant chosen messages, called as ECMPA(Equidistant Chosen Messages Power Analysis) or MRED(Modular Reduction on Equidistant Data) analysis. This method is to find reduction output value r=xmodp which has the same equidistant patterns as equidistant messages. One can easily compute secret prime p from exposure of r. However, the result of analysis from a reduction step in [5] is remarkably different in our experiment from what Boer expected in [5]. Especially, we found that there are Ghost key patterns depending on the selection of attack bits and selected reduction algorithms. Thus, in this paper we propose several Ghost key patterns unknown to us until now, then we suggest enhanced and detailed analyzing methods.

Power Analysis Attacks on Blinding Countermeasure against Horizontal CPA (수평적 상관관계 분석에 안전한 블라인딩 대응기법에 대한 전력 분석 공격)

  • Lee, Sangyub;Kim, Taewon;Kim, HeeSeok;Hong, Seokhie
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.25 no.4
    • /
    • pp.727-738
    • /
    • 2015
  • Until recently, power analysis is one of the most popular research issues among various side channel analyses. Since Differential Power Analysis had been first proposed by Kocher et al., various practical power analyses correspond with software/hardware cryptographic devices have been proposed. In this paper, we analyze vulnerability of countermeasure against power analysis exploiting single power trace of public cryptographic algorithm. In ICICS 2010, Clavier et al. proposed Horizontal Correlation Analysis which can recover secret information from a single exponentiation trace and corresponding countermeasures. "Blind operands in LIM", one of their countermeasures, exploits additive blinding in order to prevent leakage of intermediate value related to secret information. However, this countermeasure has vulnerability of having power leakage that is dependant with the message known by an adversary. In this paper, we analyzed vulnerabilities by three attack scenarios and proved them by practical correlation power analysis experiments.

MILP-Aided Division Property and Integral Attack on Lightweight Block Cipher PIPO (경량 블록 암호 PIPO의 MILP-Aided 디비전 프로퍼티 분석 및 인테그랄 공격)

  • Kim, Jeseong;Kim, Seonggyeom;Kim, Sunyeop;Hong, Deukjo;Sung, Jaechul;Hong, Seokhie
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.5
    • /
    • pp.875-888
    • /
    • 2021
  • In this paper, we search integral distinguishers of lightweight block cipher PIPO and propose a key recovery attack on 8-round PIPO-64/128 with the obtained 6-round distinguishers. The lightweight block cipher PIPO proposed in ICISC 2020 is designed to provide the efficient implementation of high-order masking for side-channel attack resistance. In the proposal, various attacks such as differential and linear cryptanalyses were applied to show the sufficient security strength. However, the designers leave integral attack to be conducted and only show that it is unlikely for PIPO to have integral distinguishers longer than 5-round PIPO without further analysis on Division Property. In this paper, we search integral distinguishers of PIPO using a MILP-aided Division Property search method. Our search can show that there exist 6-round integral distinguishers, which is different from what the designers insist. We also consider linear operation on input and output of distinguisher, respectively, and manage to obtain totally 136 6-round integral distinguishers. Finally, we present an 8-round PIPO-64/128 key recovery attack with time complexity 2124.5849 and memory complexity of 293 with four 6-round integral distinguishers among the entire obtained distinguishers.

Power analysis attacks against NTRU and their countermeasures (NTRU 암호에 대한 전력 분석 공격 및 대응 방법)

  • Song, Jeong-Eun;Han, Dong-Guk;Lee, Mun-Kyu;Choi, Doo-Ho
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.19 no.2
    • /
    • pp.11-21
    • /
    • 2009
  • The NTRU cryptosystem proposed by Hoffstein et al. in 1990s is a public key cryptosystem based on hard lattice problems. NTRU has many advantages compared to other public key cryptosystems such as RSA and elliptic curve cryptosystems. For example, it guarantees high speed encryption and decryption with the same level of security, and there is no known quantum computing algorithm for speeding up attacks against NTRD. In this paper, we analyze the security of NTRU against the simple power analysis (SPA) attack and the statistical power analysis (STPA) attack such as the correlation power analysis (CPA) attack First, we implement NTRU operations using NesC on a Telos mote, and we show how to apply CPA to recover a private key from collected power traces. We also suggest countermeasures against these attacks. In order to prevent SPA, we propose to use a nonzero value to initialize the array which will store the result of a convolution operation. On the other hand, in order to prevent STPA, we propose two techniques to randomize power traces related to the same input. The first one is random ordering of the computation sequences in a convolution operation and the other is data randomization in convolution operation.

The Study on the Hydrodynamic Characteristics of the Single Slot Cambered Otter Board (단일 슬롯 만곡형전개판의 유체역학적 특성에 대한 연구)

  • Park, Kyoung-Hyun;Lee, Ju-Hee;Hyun, Beom-Soo;Bae, Jae-Hyun
    • Journal of the Korean Society of Fisheries and Ocean Technology
    • /
    • v.37 no.1
    • /
    • pp.1-8
    • /
    • 2001
  • This study deals with the experimental and numerical investigations to design the high performance otter board. Experiment was carried out to determine the most effective slot size of single-slot cambered otter board in the circulation water channel of BAEK KYUNG IND. Co. LTD. Numerical analysis was done by the commercial CFD code, FLUENT, to provide some valuable physical interpretations and finally to design the otter board section by numerical method. The major results are as follows ; 1. In experiment, the maximum lift and drag coefficients of simple cambered type otterboard were 1.41, 0.55, respectively, at the angle of attack $28^\circ$, while those of slot one with slot size 0.02C (C denotes the chord length) were 1.72, 0.42 at the angle of attack $24^\circ$. 2. The hydrodynamic characteristics depending upon slot size shows the greatest at 0.02C of the slot size. 3. Numerical results well visualized the streamlines, pressure fields, and speed vectors of a simple cambered and slot cambered otter board with slot size 0.02C. The slot cambered one with slot size 0.02C was shown that pressure field was distributed moderately on front and back side of otter board. And, the delay and decrease of separation were favorably achieved by flow through slot. 4. Computed result on the pattern of hydrodynamic field and the values of $C_L$ and $C_D$ by the commercial CFD code, FLUENT, show almost the same as those of the experimental result.

  • PDF

A New Scalar Recoding Method against Side Channel Attacks (부채널 공격에 대응하는 새로운 스칼라 레코딩 방법)

  • Ryu, Hyo Myoung;Cho, Sung Min;Kim, TaeWon;Kim, Chang han;Hong, Seokhie
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.26 no.3
    • /
    • pp.587-601
    • /
    • 2016
  • In this paper we suggest method for scalar recoding which is both secure against SPA and DPA. Suggested method is countermeasure to power analysis attack through scalar recoding using negative expression. Suggested method ensures safety of SPA by recoding the operation to apply same pattern to each digit. Also, by generating the random recoding output according to random number, safety of DPA is ensured. We also implement precomputation table and modified scalar addition algorithm for addition to protect against SPA that targets digit's sign. Since suggested method itself can ensure safety to both SPA and DPA, it is more effective and efficient. Through suggested method, compared to previous scalar recoding that ensures safety to SPA and DPA, operation efficiency is increased by 11%.

New Higher-Order Differential Computation Analysis on Masked White-Box AES (마스킹 화이트 박스 AES에 대한 새로운 고차 차분 계산 분석 기법)

  • Lee, Yechan;Jin, Sunghyun;Kim, Hanbit;Kim, HeeSeok;Hong, Seokhie
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.30 no.1
    • /
    • pp.1-15
    • /
    • 2020
  • As differential computation analysis attack(DCA) which is context of side-channel analysis on white-box cryptography is proposed, masking white-box cryptography based on table encoding has been proposed by Lee et al. to counter DCA. Existing higher-order DCA for the masked white box cryptography did not consider the masking implementation structure based on table encoding, so it is impossible to apply this attack on the countermeasure suggested by Lee et al. In this paper, we propose a new higher-order DCA method that can be applied to the implementation of masking based on table encoding, and prove its effectiveness by finding secret key information of masking white-box cryptography suggested by Lee et al. in practice.

Non-Profiling Power Analysis Attacks Using Continuous Wavelet Transform Method (연속 웨이블릿 변환을 사용한 비프로파일링 기반 전력 분석 공격)

  • Bae, Daehyeon;Lee, Jaewook;Ha, Jaecheol
    • Journal of the Korea Institute of Information Security & Cryptology
    • /
    • v.31 no.6
    • /
    • pp.1127-1136
    • /
    • 2021
  • In the field of power analysis attacks, electrical noise and misalignment of the power consumption trace are the major factors that determine the success of the attack. Therefore, several studies have been conducted to overcome this problem, and one of them is a signal processing method based on wavelet transform. Up to now, discrete wavelet transform, which can compress the trace, has been mostly used for power side-channel power analysis because continuous wavelet transform techniques increase data size and analysis time, and there is no efficient scale selection method. In this paper, we propose an efficient scale selection method optimized for power analysis attacks. Furthermore, we show that the analysis performance can be greatly improved when using the proposed method. As a result of the CPA(Correlation Power Analysis) and DDLA(Differential Deep Learning Analysis) experiments, which are non-profiling attacks, we confirmed that the proposed method is effective for noise reduction and trace alignment.