• Journal of the Institute of Electronics Engineers of Korea SD
• /
• v.41 no.9
• /
• pp.73-84
• /
• 2004

This paper suggests a new scalar multiplication algerian to resist SPA which threatens the security of cryptographic primitive on the hardware recently, and discusses how to apply this algerian Our algorithm is better than other SPA countermeasure algorithms aspect to computational efficiency. Since known SPA countermeasure algorithms have dependency of computation. these are difficult to construct parallel architecture efficiently. To solve this problem our algorithm removes dependency and computes a multiplication and a squaring during inversion with parallel architecture in order to minimize loss of performance. We implement hardware logic with VHDL(VHSIC Hardware Description Language) to verify performance. Synthesis tool is Synplify Pro 7.0 and target chip is Xillinx VirtexE XCV2000EFGl156. Total equivalent gate is 60,508 and maximum frequency is 30Mhz. Our scalar multiplier can be applied to digital signature, encryption and decryption, key exchange, etc. It is applied to a embedded-micom it protects SPA and provides efficient computation.

• Proceedings of the Korea Institutes of Information Security and Cryptology Conference
• /
• 2003.07a
• /
• pp.83-88
• /
• 2003

부채널 공격(side channel attack)을 막는 새로운 접근방법으로 생각되는 랜덤 부호화 스칼라 곱 알고리즘은 Ha와 Moon에 의해서 제안되었다. 그러나 이 방법은 여전히 논쟁의 여지가 있다. 본 논문에서는 Ha-Moon 알고리즘이 기존의 세 가지 단순 전력 소모량 분석(simple power analysis, SPA)에 안전함을 보인다. 그리고 정수론의 성질을 이용하여 두 가지 중요한 정리를 제시하고 이 정리들을 이용하여 Ha-Moon 알고리즘에 적용할 수 있는 공격 알고리즘을 개발한다. 예를 들면, 163-비트 키들에 대하여 제안 알고리즘은 20개의 전력 소모량을 이용하여 키 복잡도 Ο(2$^{8}$ )를 가지고 공격할 수 있다.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.26 no.5
• /
• pp.1099-1103
• /
• 2016

The user's secret key can be retrieved by the leakage informations of power consumption occurred during the execution of scalar multiplication for elliptic curve cryptographic algorithm which can be embedded on a security device. Recently, a carry random recoding method is proposed to prevent simple power and differential power analysis attack by recoding the secret key. In this paper, we show that this recoding method is still vulnerable to the differential power analysis attack due to the limitation of the size of carry bits, which is a different from the original claim.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.19 no.2
• /
• pp.11-21
• /
• 2009

The NTRU cryptosystem proposed by Hoffstein et al. in 1990s is a public key cryptosystem based on hard lattice problems. NTRU has many advantages compared to other public key cryptosystems such as RSA and elliptic curve cryptosystems. For example, it guarantees high speed encryption and decryption with the same level of security, and there is no known quantum computing algorithm for speeding up attacks against NTRD. In this paper, we analyze the security of NTRU against the simple power analysis (SPA) attack and the statistical power analysis (STPA) attack such as the correlation power analysis (CPA) attack First, we implement NTRU operations using NesC on a Telos mote, and we show how to apply CPA to recover a private key from collected power traces. We also suggest countermeasures against these attacks. In order to prevent SPA, we propose to use a nonzero value to initialize the array which will store the result of a convolution operation. On the other hand, in order to prevent STPA, we propose two techniques to randomize power traces related to the same input. The first one is random ordering of the computation sequences in a convolution operation and the other is data randomization in convolution operation.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.2
• /
• pp.261-270
• /
• 2015

In information security devices, such as Smart Cards, vulnerabilities of the RSA algorithm which is used to protect the data were found in the Side Channel Analysis. The RSA is especially vulnerable to Power Analysis which uses power consumption when the algorithm is working. Typically Power Analysis is divided into SPA(Simple Power Analysis) and DPA(Differential Power Analysis). On top of this, there is a CA(Collision Analysis) which is a very powerful attack. CA makes it possible to attack using a single waveform, even if the algorithm is designed to secure against SPA and DPA. So Message blinding, which applies the window method, was considered as a countermeasure. But, this method does not provide sufficient safety when the window size is small. Therefore, in this paper, we propose a new countermeasure that provides higher safety against CA. Our countermeasure is a combination of message and exponent blinding which is applied to the window method. In addition, through experiments, we have shown that our countermeasure provides approximately 124% higher attack complexity when the window size is small. Thus it can provide higher safety against CA.