Collision-based power analysis of modular exponentiation using chosen-message pairs

Naofumi Homma; Atsushi Miyamoto; Takafumi Aoki; Akashi Satoh; Adi Shamir

doi:10.1007/978-3-540-85053-3_2

Collision-based power analysis of modular exponentiation using chosen-message pairs

Naofumi Homma, Atsushi Miyamoto, Takafumi Aoki, Akashi Satoh, Adi Shamir

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

46 Citations (Scopus)

Abstract

This paper proposes new chosen-message power-analysis attacks against public-key cryptosystems based on modular exponentiation, which use specific input pairs to generate collisions between squaring operations at different locations in the two power traces. Unlike previous attacks of this kind, the new attacks can be applied to all the standard implementations of the exponentiation process: binary (left-to-right and right-to-left), m-ary, and sliding window methods. The SPA countermeasure of inserting dummy multiplications can also be defeated (in some cases) by using the proposed attacks. The effectiveness of the attacks is demonstrated by actual experiments with hardware and software implementations of RSA on an FPGA and the PowerPC processor, respectively. In addition to the new collision generation methods, a high-accuracy waveform matching technique is introduced to detect the collisions even when the recorded signals are noisy and the clock has some jitter.

Original language	English
Title of host publication	Cryptographic Hardware and Embedded Systems - CHES 2008 - 10th International Workshop, Proceedings
Pages	15-29
Number of pages	15
DOIs	https://doi.org/10.1007/978-3-540-85053-3_2
Publication status	Published - 2008
Event	10th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2008 - Washington, D.C., United States Duration: 2008 Aug 10 → 2008 Aug 13

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	5154 LNCS
ISSN (Print)	0302-9743
ISSN (Electronic)	1611-3349

Conference

Conference	10th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2008
Country/Territory	United States
City	Washington, D.C.
Period	08/8/10 → 08/8/13

Keywords

Modular exponentiation
Power-analysis attacks
RSA
Side-channel attacks
Waveform matching

Access to Document

10.1007/978-3-540-85053-3_2

Cite this

Homma, N., Miyamoto, A., Aoki, T., Satoh, A., & Shamir, A. (2008). Collision-based power analysis of modular exponentiation using chosen-message pairs. In Cryptographic Hardware and Embedded Systems - CHES 2008 - 10th International Workshop, Proceedings (pp. 15-29). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5154 LNCS). https://doi.org/10.1007/978-3-540-85053-3_2

Homma, Naofumi ; Miyamoto, Atsushi ; Aoki, Takafumi et al. / Collision-based power analysis of modular exponentiation using chosen-message pairs. Cryptographic Hardware and Embedded Systems - CHES 2008 - 10th International Workshop, Proceedings. 2008. pp. 15-29 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{a12352b589bc48279d9afac3054ce8ee,

title = "Collision-based power analysis of modular exponentiation using chosen-message pairs",

abstract = "This paper proposes new chosen-message power-analysis attacks against public-key cryptosystems based on modular exponentiation, which use specific input pairs to generate collisions between squaring operations at different locations in the two power traces. Unlike previous attacks of this kind, the new attacks can be applied to all the standard implementations of the exponentiation process: binary (left-to-right and right-to-left), m-ary, and sliding window methods. The SPA countermeasure of inserting dummy multiplications can also be defeated (in some cases) by using the proposed attacks. The effectiveness of the attacks is demonstrated by actual experiments with hardware and software implementations of RSA on an FPGA and the PowerPC processor, respectively. In addition to the new collision generation methods, a high-accuracy waveform matching technique is introduced to detect the collisions even when the recorded signals are noisy and the clock has some jitter.",

keywords = "Modular exponentiation, Power-analysis attacks, RSA, Side-channel attacks, Waveform matching",

author = "Naofumi Homma and Atsushi Miyamoto and Takafumi Aoki and Akashi Satoh and Adi Shamir",

year = "2008",

doi = "10.1007/978-3-540-85053-3_2",

language = "English",

isbn = "354085052X",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

pages = "15--29",

booktitle = "Cryptographic Hardware and Embedded Systems - CHES 2008 - 10th International Workshop, Proceedings",

note = "10th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2008 ; Conference date: 10-08-2008 Through 13-08-2008",

}

Homma, N, Miyamoto, A, Aoki, T, Satoh, A & Shamir, A 2008, Collision-based power analysis of modular exponentiation using chosen-message pairs. in Cryptographic Hardware and Embedded Systems - CHES 2008 - 10th International Workshop, Proceedings. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 5154 LNCS, pp. 15-29, 10th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2008, Washington, D.C., United States, 08/8/10. https://doi.org/10.1007/978-3-540-85053-3_2

Collision-based power analysis of modular exponentiation using chosen-message pairs. / Homma, Naofumi; Miyamoto, Atsushi; Aoki, Takafumi et al.
Cryptographic Hardware and Embedded Systems - CHES 2008 - 10th International Workshop, Proceedings. 2008. p. 15-29 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 5154 LNCS).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Collision-based power analysis of modular exponentiation using chosen-message pairs

AU - Homma, Naofumi

AU - Miyamoto, Atsushi

AU - Aoki, Takafumi

AU - Satoh, Akashi

AU - Shamir, Adi

PY - 2008

Y1 - 2008

N2 - This paper proposes new chosen-message power-analysis attacks against public-key cryptosystems based on modular exponentiation, which use specific input pairs to generate collisions between squaring operations at different locations in the two power traces. Unlike previous attacks of this kind, the new attacks can be applied to all the standard implementations of the exponentiation process: binary (left-to-right and right-to-left), m-ary, and sliding window methods. The SPA countermeasure of inserting dummy multiplications can also be defeated (in some cases) by using the proposed attacks. The effectiveness of the attacks is demonstrated by actual experiments with hardware and software implementations of RSA on an FPGA and the PowerPC processor, respectively. In addition to the new collision generation methods, a high-accuracy waveform matching technique is introduced to detect the collisions even when the recorded signals are noisy and the clock has some jitter.

AB - This paper proposes new chosen-message power-analysis attacks against public-key cryptosystems based on modular exponentiation, which use specific input pairs to generate collisions between squaring operations at different locations in the two power traces. Unlike previous attacks of this kind, the new attacks can be applied to all the standard implementations of the exponentiation process: binary (left-to-right and right-to-left), m-ary, and sliding window methods. The SPA countermeasure of inserting dummy multiplications can also be defeated (in some cases) by using the proposed attacks. The effectiveness of the attacks is demonstrated by actual experiments with hardware and software implementations of RSA on an FPGA and the PowerPC processor, respectively. In addition to the new collision generation methods, a high-accuracy waveform matching technique is introduced to detect the collisions even when the recorded signals are noisy and the clock has some jitter.

KW - Modular exponentiation

KW - Power-analysis attacks

KW - RSA

KW - Side-channel attacks

KW - Waveform matching

UR - http://www.scopus.com/inward/record.url?scp=51049124307&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=51049124307&partnerID=8YFLogxK

U2 - 10.1007/978-3-540-85053-3_2

DO - 10.1007/978-3-540-85053-3_2

M3 - Conference contribution

AN - SCOPUS:51049124307

SN - 354085052X

SN - 9783540850526

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 15

EP - 29

BT - Cryptographic Hardware and Embedded Systems - CHES 2008 - 10th International Workshop, Proceedings

T2 - 10th International Workshop on Cryptographic Hardware and Embedded Systems, CHES 2008

Y2 - 10 August 2008 through 13 August 2008

ER -

Homma N, Miyamoto A, Aoki T, Satoh A, Shamir A. Collision-based power analysis of modular exponentiation using chosen-message pairs. In Cryptographic Hardware and Embedded Systems - CHES 2008 - 10th International Workshop, Proceedings. 2008. p. 15-29. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). doi: 10.1007/978-3-540-85053-3_2

Collision-based power analysis of modular exponentiation using chosen-message pairs

Abstract

Publication series

Conference

Keywords

Access to Document

Other files and links

Fingerprint

Cite this