A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems

Goubin, Louis

doi:10.1007/3-540-36288-6_15

Cited by 146 publications

(96 citation statements)

References 23 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…They include randomizing the secret scalar, blinding the point and using randomized projective coordinates. New directions for attacking these countermeasures have recently been proposed [5,6] but none of them works when all protections proposed by Coron are applied An alternative to Coron's countermeasures is to randomize the multiplication algorithm itself by introducing some random decisions. Two recent propositions [7,20] use a randomized addition-subtraction chain, which is equivalent to represent the scalar with the alternative set of digits {0, 1, −1}.…”

Section: Countermeasures Using a Randomized Scalar Representationmentioning

confidence: 99%

Defeating Countermeasures Based on Randomized BSD Representations

Fouque

Muller

Poupard

et al. 2004

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. The recent development of side channel attacks has lead implementers to use increasingly sophisticated countermeasures in critical operations such as modular exponentiation, or scalar multiplication on elliptic curves. A new class of countermeasures is based on inserting random decisions when choosing one representation of the secret scalar out of a large set of representations of the same value. For instance, this is the case of countermeasures proposed by Oswald and Aigner, or Ha and Moon, both based on randomized Binary Signed Digit (BSD) representations. Their advantage is to offer excellent speed performances. However, the first countermeasure and a simplified version of the second one were already broken using Markov chain analysis. In this paper, we take a different approach to break the full version of HaMoon's countermeasure using a novel technique based on detecting local collisions in the intermediate states of computation. We also show that randomized BSD representations present some fundamental problems and thus recommend not to use them as a protection against side-channel attacks.

show abstract

Section: Countermeasures Using a Randomized Scalar Representationmentioning

confidence: 99%

Defeating Countermeasures Based on Randomized BSD Representations

Fouque

Muller

Poupard

et al. 2004

Lecture Notes in Computer Science

View full text Add to dashboard Cite

show abstract

“…In particular, this is the case for RSA as the factorization of the modulus and the public exponent are rarely available to the device. Note that our countermeasure also fully applies to the ECC setting since the randomization of projective coordinates, introduced by Coron in [5], was later proven insufficiant by Goubin in [6]. As pointed out recently by Dupuy and Kuntz-Jacques [7], when the attacker can tamper with the base element, scalar point multiplications also require randomization of the computation flow to provide DPA resistance.…”

Section: Introductionmentioning

confidence: 91%

Blinded Fault Resistant Exponentiation

Fumaroli¹,

Vigilant

2006

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. As the core operation of many public key cryptosystems, group exponentiation is central to cryptography. Attacks on its implementation in embedded device setting is hence of great concern. Recently, implementations resisting both simple side-channel analysis and fault attacks were proposed. In this paper, we go further and present an algorithm that also inherently thwarts differential side-channel attacks in finite abelian groups with only limited time and storage overhead.

show abstract

“…Our attack seems to be Goubin's Refined Power-analysis Attack [6], but ours uses the discriminative method that compares two waveforms (The method is introduced in Section 4). Also, while Goubin's attack can use only "special point" with zero coordinate, our attack has a merit that can use almost every points over elliptic curve.…”

Section: Initializing Attackmentioning

confidence: 99%

Enhanced Doubling Attacks on Signed-All-Bits Set Recoding

Kim¹,

Kim²,

Ryoo³

et al. 2007

Information Security Theory and Practices. Smart Cards, Mobile and Ubiquitous Computing Systems

View full text Add to dashboard Cite

Abstract. In cryptographic devices like a smart card whose computing ability and memory are limited, cryptographic algorithms should be performed efficiently. However, the issue of efficiency sometimes raises vulnerabilities against side channel attacks (SCAs). In elliptic curve cryptosystems, one of main operations is the scalar multiplication. Thus it must be constructed in safety against SCAs. Recently, Hedabou et al. proposed a signed-all-bits set (sABS) recoding as simple power analysis countermeasure, which is also secure against doubling attack (DA). In this paper we propose enhanced doubling attacks which break Hedabou's countermeasure based on sABS recoding, and then show the statistical approach of noise reduction to experiment on the proposed attacks in actuality. We also introduce a countermeasure based on a projective coordinate.

show abstract

A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems

Cited by 146 publications

References 23 publications

Defeating Countermeasures Based on Randomized BSD Representations

Defeating Countermeasures Based on Randomized BSD Representations

Blinded Fault Resistant Exponentiation

Enhanced Doubling Attacks on Signed-All-Bits Set Recoding

Contact Info

Product

Resources

About