A Practical Countermeasure against Address-Bit Differential Power Analysis

Itoh, Kazuya; Izu, Tetsuya; Takenaka, Masahiko

doi:10.1007/978-3-540-45238-6_30

Cited by 43 publications

(28 citation statements)

References 34 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Based on the results presented above, we conclude that the implementation protected with coordinate randomization does not leak the intermediate point values during the scalar multiplication. However, the implementation seems to leak the key bit values; therefore, we suspect that the implementation might be susceptible to attacks similar to address-based DPA [30] or address-based template attacks [31].…”

Section: Implementation Protected With Coordinate Randomizationmentioning

confidence: 99%

Completing the Complete ECC Formulae with Countermeasures

Chmielewski¹,

Massolino

Vliegen

et al. 2017

JLPEA

View full text Add to dashboard Cite

This work implements and evaluates the recent complete addition formulae for the prime order elliptic curves of Renes, Costello and Batina on an FPGA platform. We implement three different versions: (1) an unprotected architecture; (2) an architecture protected through coordinate randomization; and (3) an architecture with both coordinate randomization and scalar splitting in place. The evaluation is done through timing analysis and test vector leakage assessment (TVLA). The results show that applying an increasing level of countermeasures leads to an increasing resistance against side-channel attacks. This is the first work looking into side-channel security issues of hardware implementations of the complete formulae.

show abstract

Section: Implementation Protected With Coordinate Randomizationmentioning

confidence: 99%

Completing the Complete ECC Formulae with Countermeasures

Chmielewski¹,

Massolino

Vliegen

et al. 2017

JLPEA

View full text Add to dashboard Cite

show abstract

“…However, these do not prevent a differential SCA targeting the chain itself (as for instance the SEMD attack of [30] or the address-bit DPA [20]). To deal with this issue, we suggest to use a Boolean masking such as proposed in [21].…”

Section: Differential Side Channel Analysismentioning

confidence: 99%

Securing RSA against Fault Analysis by Double Addition Chain Exponentiation

Rivain

2009

Topics in Cryptology – CT-RSA 2009

View full text Add to dashboard Cite

Abstract. Fault Analysis is a powerful cryptanalytic technique that enables to break cryptographic implementations embedded in portable devices more efficiently than any other technique. For an RSA implemented with the Chinese Remainder Theorem method, one faulty execution suffices to factorize the public modulus and fully recover the private key. It is therefore mandatory to protect embedded implementations of RSA against fault analysis. This paper provides a new countermeasure against fault analysis for exponentiation and RSA. It consists in a self-secure exponentiation algorithm, namely an exponentiation algorithm that provides a direct way to check the result coherence. An RSA implemented with our solution hence avoids the use of an extended modulus (which slows down the computation) as in several other countermeasures. Moreover, our exponentiation algorithm involves 1.65 multiplications per bit of the exponent which is significantly less than the 2 required by other self-secure exponentiations.

show abstract

“…Defences against this new form of attack have been proposed [6] that mix a random value r into the index so that the access is performed as T ki⊕r . If r is refreshed before each application of the point multiplication algorithm, the table accesses are permuted to some extent meaning that simply recovering the address of a given access does not reveal the corresponding part of the secret multiplier.…”

Section: Address-bit Dpamentioning

confidence: 99%

Attacking DSA Under a Repeated Bits Assumption

Leadbitter

Page

Smart

2004

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract.We discuss how to recover the private key for DSA style signature schemes if partial information about the ephemeral keys is revealed. The partial information we examine is of a second order nature that allows the attacker to know whether certain bits of the ephemeral key are equal, without actually knowing their values. Therefore, we extend the work of Howgrave-Graham, Smart, Nguyen and Shparlinski who, in contrast, examine the case where the attacker knows the actual value of such bits. We also discuss how such partial information leakage could occur in a real life scenario. Indeed, the type of leakage envisaged by our attack would appear to be feasible than that considered in the prior work.

show abstract

A Practical Countermeasure against Address-Bit Differential Power Analysis

Cited by 43 publications

References 34 publications

Completing the Complete ECC Formulae with Countermeasures

Completing the Complete ECC Formulae with Countermeasures

Securing RSA against Fault Analysis by Double Addition Chain Exponentiation

Attacking DSA Under a Repeated Bits Assumption

Contact Info

Product

Resources

About