Abstract
This paper proposes new chosen-message power-analysis attacks for public-key cryptosystems based on modular exponentiation, where specific input pairs are used to generate collisions between squaring operations at different locations in the two power traces. Unlike previous attacks of this kind, the new attack can be applied to all standard implementations of the exponentiation process, namely binary (left-to-right and right-to-left), m-ary, and sliding window methods. The proposed attack can also circumvent typical countermeasures, such as the Montgomery powering ladder and the double-add algorithm. The effectiveness of the attack is demonstrated in experiments with hardware and software implementations of RSA on an FPGA and a PowerPC processor, respectively. In addition to the new collision generation methods, a highly accurate waveform matching technique is introduced for detecting the collisions even when the recorded signals are noisy and there is a certain amount of clock jitter.
| Original language | English |
|---|---|
| Article number | 5342411 |
| Pages (from-to) | 795-807 |
| Number of pages | 13 |
| Journal | IEEE Transactions on Computers |
| Volume | 59 |
| Issue number | 6 |
| DOIs | |
| Publication status | Published - 2010 |
Keywords
- Modular exponentiation
- Power-analysis attacks
- RSA
- Side-channel attacks
- Waveform matching
ASJC Scopus subject areas
- Software
- Theoretical Computer Science
- Hardware and Architecture
- Computational Theory and Mathematics