Abstract. Since the introduction of side-channel attacks in the nineties, RSA implementations have been a privileged target. A wide variety of countermeasures have been proposed and most of practical attacks are nowadays efficiently defeated by them. However, in a recent work published at ICICS 2010, Clavier et al. have pointed out that almost all the existing countermeasures were ineffective if the attacks are performed with a modus operandi called Horizontal. Such attacks, originally introduced by Colin Walter at CHES 2001, involve a single observation trace contrary to the classical attacks where several ones are required. To defeat Horizontal attacks, the authors of the ICICS paper have proposed a set of new countermeasures. In this paper, we introduce a general framework enabling to model both Horizontal and classical attacks (called Vertical) in a simple way. This framework enables to enlighten the similarities and the differences of those attack types. From this formalism, we show that even if Clavier et al.'s countermeasures thwart existing attacks, they do not fully solve the leakage issue. Actually, flaws are exhibited in this paper and efficient attacks are devised. We eventually propose a new countermeasure.
Abstract. We present a chosen-ciphertext attack against the public key cryptosystem called NTRU. This cryptosystem is based on polynomial algebra. Its security comes from the interaction of the polynomial mixing system with the independence of reduction modulo two relatively prime integers p and q. In this paper, we examine the effect of feeding special polynomials built from the public key to the decryption algorithm. We are then able to conduct a chosen-ciphertext attack that recovers the secret key from a few ciphertexts/cleartexts pairs with good probability. Finally, we show that the OAEP-like padding proposed for use with NTRU does not protect against this attack. OverviewIn [7], Hoffstein, Pipher and Silverman have presented a public key cryptosystem based on polynomial algebra called NTRU. The security of NTRU comes from the interaction of the polynomial mixing system with the independence of reduction modulo p and q. In [7], the authors have studied different possible attacks on their cryptosystem.First the brute force attack, which can be eased by the meet-in-the-middle principle, may be used against the private key or against a single message. However, for a suitable choice of parameters this attack will not succeed in a reasonable time.Then there is a multiple transmission attack, which will provide the content of a message that has been transmitted several time. Thus multiple transmissions are not advised. It is also one of the reasons why NTRU recommends a preprocessing scheme.Finally, several attacks make use of the LLL algorithm of Lenstra-LenstraLovász [10] which produces a reduced basis for a given lattice. They can either recover the secret key from the public key or decipher one given message. However the authors of NTRU claim that the time required is exponential in the degree of the polynomials. For most lattices, it is indeed very difficult to find extremely short vectors. Thus for suitably large degrees, this attack is expected to fail and does fail in practice. Another idea, described by Coppersmith and M.
In this paper, we study the security of randomized CBC-MACs and propose a new construction that resists birthday paradox attacks and provably reaches full security. The size of the MAC tags in this construction is optimal, i.e., exactly twice the size of the block cipher. Up to a constant, the security of the proposed randomized CBC-MAC using an n-bit block cipher is the same as the security of the usual encrypted CBC-MAC using a 2n-bit block cipher. Moreover, this construction adds a negligible computational overhead compared to the cost of a plain, non-randomized CBC-MAC. We give a full standard proof of our construction using one pass of a block-cipher with 2n-bit keys but there also is a proof for n-bit keys block-ciphers in the random oracle model.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.