A countermeasure against one physical cryptanalysis may benefit another attack

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

Volumn 2288, Issue , 2002, Pages 414-427

  Yen, Sung Ming ^a   Kim, Seungjoo ^b   Lim, Seongan ^b   Moon, Sangjae ^c  

^a NATIONAL CENTRAL UNIVERSITY   (Taiwan)

^b Korea Internet and Security Agency   (South Korea)

^c Kyungpook National University   (South Korea)

Author keywords

Cryptography; Exponentiation; Hardware fault cryptanalysis; Physical cryptanalysis; Power analysis attack; Side channel attack; Square multiply exponentiation; Timing attack

Indexed keywords

CRYPTOGRAPHY; ERRORS; HARDWARE; SECURITY OF DATA;

CRYPTOGRAPHIC DEVICES; EXPONENTIATIONS; HARDWARE FAULTS; MODULAR EXPONENTIATION; PHYSICAL ATTACKS; PHYSICAL CRYPTANALYSIS; SCALAR MULTIPLICATION; SIMPLE POWER ANALYSIS;

SIDE CHANNEL ATTACK;

EID: 84949979593     PISSN: 03029743     EISSN: 16113349     Source Type: Book Series    
DOI: None     Document Type: Conference Paper

References (53)

1. R.L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystem”, Commun. of ACM, vol. 21, no. 2, pp. 120–126, 1978.
2. T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete logarithms”, IEEE Trans. Inf. Theory, vol. 31, no. 4, pp. 469–472, 1985.
3. R. Anderson and M. Kuhn, “Tamper resistance–a cautionary note”, In Proceedings of the 2nd USENIX Workshop on Electronic Commerce, pp. 1–11, 1996.
4. R. Anderson and M. Kuhn, “Low cost attacks on tamper resistant devices”, In Preproceedings of the 1997 Security Protocols Workshop, Paris, France, 7–9th April 1997.
5. D. Boneh, “Twenty years of attacks on the RSA cryptosystem”, Notices of the AMS, vol. 46, no. 2, pp. 203–213, Feb 1999.
6. Bellcore Press Release, “New threat model breaks crypto codes”, Sept. 1996, available at URL .
7. D. Boneh, R.A. DeMillo, and R.J. Lipton, “On the importance of checking cryptographic protocols for faults”, In Advances in Cryptology–EUROCRYPT’97, LNCS 1233, pp. 37–51, Springer-Verlag, 1997.
8. F. Bao, R.H. Deng, Y. Han, A. Jeng, A.D. Narasimbalu, and T. Ngair, “Breaking public key cryptosystems on tamper resistant devices in the presence of transient faults”, In Pre-proceedings of the 1997 Security Protocols Workshop, Paris, France, 1997.
9. Y. Zheng and T. Matsumoto, “Breaking real-world implementations of cryptosystems by manipulating their random number generation”, In Pre-proceedings of the 1997 Symposium on Cryptography and Information Security, Fukuoka, Japan, 29th January–1st February 1997. An earlier version was presented at the rump session of ASIACRYPT’96.
10. I. Peterson, “Chinks in digital armor–Exploiting faults to break smart-card cryptosystems”, Science News, vol. 151, no. 5, pp. 78–79, 1997.
11. M. Joye, J.-J. Quisquater, F. Bao, and R.H. Deng, “RSA-type signatures in the presence of transient faults”, In Cryptography and Coding, LNCS 1355, pp. 155–160, Springer-Verlag, 1997.
12. D.P. Maher, “Fault induction attacks, tamper resistance, and hostile reverse engineering in perspective”, In Financial Cryptography, LNCS 1318, pp. 109–121, Springer-Verlag, Berlin, 1997.
13. E. Biham and A. Shamir, “Differential fault analysis of secret key cryptosystems”, In Advances in Cryptology–CRYPTO’97, LNCS 1294, pp. 513–525, Springer-Verlag, Berlin, 1997.
14. A.K. Lenstra, “Memo on RSA signature generation in the presence of faults”, September 1996.
15. M. Joye, A.K. Lenstra, and J.-J. Quisquater, “Chinese remaindering based cryptosystems in the presence of faults”, Journal of Cryptology, vol. 12, no. 4, pp. 241-245, 1999.
16. M. Joye, F. Koeune, and J.-J. Quisquater, “Further results on Chinese remaindering”, Tech. Report CG-1997/1, UCL Crypto Group, Louvain-la-Neuve, March 1997.
17. A. Shamir, “How to check modular exponentiation”, presented at the rump session of EUROCRYPT’97, Konstanz, Germany, 11–15th May 1997.
18. A. Shamir, “Method and apparatus for protecting public key schemes from timing and fault attacks”, United States Patent 5991415, November 23, 1999.
19. S.M. Yen and M. Joye, “Checking before output may not be enough against faultbased cryptanalysis”, IEEE Trans. on Computers, vol. 49, no. 9, pp. 967–970, Sept. 2000.
20. P.J. Smith and M.J.J. Lennon, “LUC: A new public key system”, In Ninth IFIP Symposium on Computer Security, Elsevier Science Publishers, pp. 103–117, 1993.
21. I.F. Blake, G. Seroussi, and N.P. Smart. Elliptic curves in cryptography. vol. 265 of London Mathematical Society Lecture Note Series, Cambridge University Press, 1999.
22. P. Kocher, “Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems”, In Advances in Cryptology–CRYPTO’96, LNCS 1109, pp. 104–113, Springer-Verlag, 1996.
23. J.F. Dhem, F. Koeune, P.A. Leroux, P. Mestre, J.J. Quisquater, and J.L. Willems, “A practical implementation of the timing attack”, Technical Report CG-1998/1, UCL Crypto Group, Université catholique de Louvain, June 1998.
24. J.F. Dhem, F. Koeune, P.A. Leroux, P. Mestre, J.J. Quisquater, and J.L. Willems, “A practical implementation of the timing attack”, In Proceedings of CARDIS’98–Third Smart Card Research and Advanced Application Conference, UCL, Louvainla-Neuve, Belgium, Sep. 14-16, 1998.
25. F. Koeune and J.-J. Quisquater, “A timing attack against Rijndael”, Technical Report CG-1999/1, Université catholique de Louvain, June 1999.
26. W. Schindler, “A timing attack against RSA with the Chinese Remainder Theorem”, In Cryptographic Hardware and Embedded Systems–CHES 2000, LNCS 1965, pp. 109–124, Springer-Verlag, 2000.
27. B.S. Kaliski Jr. and M.J.B. Robshaw, “Comments on some new attacks on cryptographic devices”, RSA Laboratories Bulletin, no. 5, July 1997.
28. P. Kocher, J. Jaffe and B. Jun, “Introduction to differential power analysis and related attacks”, 1998, available at URL .
29. P. Kocher, J. Jaffe and B. Jun, “Differential power analysis”, In Advances in Cryptology–CRYPTO’99, LNCS 1666, pp. 388–397, Springer-Verlag, 1999.
30. J.-S. Coron, “Resistance against differential power analysis for elliptic curve cryptosystems”, In Cryptographic Hardware and Embedded Systems–CHES’99, LNCS 1717, pp. 292–302, Springer-Verlag, 1999.
31. T.S. Messerges, E.A. Dabbish, and R.H. Sloan, “Power analysis attacks of modular exponentiation in smartcards”, In Cryptographic Hardware and Embedded Systems–CHES’99, LNCS 1717, pp. 144–157, Springer-Verlag, 1999.
32. C. Clavier, J.-S. Coron, and N. Dabbous, “Differential power analysis in the presence of hardware countermeasures”, In Cryptographic Hardware and Embedded Systems–CHES 2000, LNCS 1965, pp. 252–263, Springer-Verlag, 2000.
33. K. Okeya and K. Sakurai, “Power analysis breaks elliptic curve cryptosystems even secure against the timing attack”, In Advances in Cryptology–INDOCRYPT2000, LNCS 1977, pp. 178–190, Springer-Verlag, 2000.
34. C.D. Walter, “Sliding windows succumbs to big mac attack”, In Pre-proceedings of Workshop on Cryptographic Hardware and Embedded Systems–CHES 2001, pp. 291–304, May 13-16, 2001.
35. C. Clavier and M. Joye, “Universal exponentiation algorithm: A first step towards provable SPA-resistance”, In Pre-proceedings of Workshop on Cryptographic Hardware and Embedded Systems–CHES 2001, pp. 305–314, May 13-16, 2001.
36. T.S. Messerges, E.A. Dabbish, and R.H. Sloan, “Investigations of power analysis attacks on smartcards”, In Proceedings of USENIX Workshop on Smartcard Technology, pp. 151–161, May 1999.
37. L. Goubin and J. Patarin, “DES and differential power analysis–The duplication method”, In Cryptographic Hardware and Embedded Systems–CHES’99, LNCS 1717, pp. 158–172, Springer-Verlag, 1999.
38. E. Biham and A. Shamir, “Power analysis of the key scheduling of the AES candidates”, In Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, pp. 115–121, March 1999, available at URL .
39. S. Chari, C.S. Jutla, J.R. Rao, and P. Rohatgi, “A cautionary note regarding evaluation of AES candidates on smart-cards”, In Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, pp. 133–147, March 1999, available at URL .
40. S. Chari, C.S. Jutla, J.R. Rao, and P. Rohatgi, “Towards sound approaches to counteract power-analysis attacks”, In Advances in Cryptology–CRYPTO’99, LNCS 1666, pp. 398–412, Springer-Verlag, 1999.
41. J. Daemen and V. Rijmen, “Resistance against implementation attacks: A comparative study of the AES proposals”, In Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, pp. 122–132, March 1999, available at URL .
42. P.N. Fahn and P.K. Pearson, “IPA: A new class of power attacks”, In Cryptographic Hardware and Embedded Systems–CHES’99, LNCS 1717, pp. 173–186, Springer-Verlag, 1999.
43. T.S. Messerges, “Securing the AES finalists against power analysis attacks”, In Proceedings of Fast Software Encryption Workshop–FSE 2000, LNCS 1978, Springer-Verlag, 2000.
44. J.-S. Coron and L. Goubin, “On boolean and arithmetic masking against differential power analysis”, In Cryptographic Hardware and Embedded Systems–CHES 2000, LNCS 1965, pp. 231–237, Springer-Verlag, 2000.
45. T.S. Messerges, “Using second-order power analysis to attack DPA resistant software”, In Cryptographic Hardware and Embedded Systems–CHES 2000, LNCS 1965, pp. 238–251, Springer-Verlag, 2000.
46. L. Goubin, “A sound method for switching between boolean and arithmetic masking”, In Pre-proceedings of Workshop on Cryptographic Hardware and Embedded Systems–CHES 2001, pp. 3–15, May 13-16, 2001.
47. M. Akkar and C. Giraud, “An implementation of DES and AES, secure against some attacks”, In Pre-proceedings of Workshop on Cryptographic Hardware and Embedded Systems–CHES 2001, pp. 315–325, May 13-16, 2001.
48. A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone. Handbook of applied cryptography. CRC Press, 1997.
49. G.R. Blakley, “A computer algorithm for the product AB modulo M”, IEEE Transactions on Computers, vol. 32, no. 5, pp. 497–500, May 1983.
50. K.R. Sloan Jr., Comments on “A computer algorithm for the product AB modulo M”, IEEE Transactions on Computers, vol. 34, no. 3, pp. 290–292, March 1985.
51. Ç. K. Koç, “RSA hardware implementation”, Technical Report TR 801, RSA Laboratories, Redwood City, April 1996
52. S.M. Yen and S.Y. Tseng, “Differential power cryptanalysis of a Rijndael implementation”, LCIS Technical Report TR-2K1-9, Dept. of Computer Science and Information Engineering, National Central University, Taiwan, May 3, 2001.
53. M. Joye, J.-J. Quisquater, S.M. Yen, and M. Yung, “Observability analysis–detecting when improved cryptosystems fail”, In Proceedings of the CT-RSA 2002 Conference, 2002. (to appear)