Defeating RSA Multiply-Always and Message Blinding Countermeasures

Witteman, Marc F.; Woudenberg, Jasper G. J. van; Menarini, Federico

doi:10.1007/978-3-642-19074-2_6

Cited by 67 publications

(53 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We have not evaluated the implementation against higher order attacks, like cross-correlation [34] (Observe that the scalar splitting should mitigate the cross-correlation attack. ), horizontal cross-correlation [35], single trace template attacks [31] and horizontal cluster attacks [36].…”

Section: Resultsmentioning

confidence: 99%

Completing the Complete ECC Formulae with Countermeasures

Chmielewski¹,

Massolino

Vliegen

et al. 2017

JLPEA

View full text Add to dashboard Cite

This work implements and evaluates the recent complete addition formulae for the prime order elliptic curves of Renes, Costello and Batina on an FPGA platform. We implement three different versions: (1) an unprotected architecture; (2) an architecture protected through coordinate randomization; and (3) an architecture with both coordinate randomization and scalar splitting in place. The evaluation is done through timing analysis and test vector leakage assessment (TVLA). The results show that applying an increasing level of countermeasures leads to an increasing resistance against side-channel attacks. This is the first work looking into side-channel security issues of hardware implementations of the complete formulae.

show abstract

Section: Resultsmentioning

confidence: 99%

Completing the Complete ECC Formulae with Countermeasures

Chmielewski¹,

Massolino

Vliegen

et al. 2017

JLPEA

View full text Add to dashboard Cite

show abstract

“…Remark Collision based analyses are also known as cross-correlation attacks in [22] and multiple-differential collision attacks in [3]. We prefer the term collisioncorrelation attacks since cross-correlation may be ambiguous depending on the context, and multiple-differential collision attacks seems us too generic for our method.…”

Section: Fig 1 General Description Of the Collision-correlation Attackmentioning

confidence: 99%

“…He then studied in [3] statistical techniques to detect collisions between power curves. Two recent papers have updated the state-of-the-art by introducing correlation based collision detection: Moradi et al [15] proposed a collision attack to defeat an AES implementation using masked S-Boxes, while Witteman et al [22] applied a cross-correlation analysis to an RSA implementation using message blinding.…”

Section: Introductionmentioning

confidence: 99%

Improved Collision-Correlation Power Analysis on First Order Protected AES

Clavier

Feix

Gagnerot

et al. 2011

Cryptographic Hardware and Embedded Systems – CHES 2011

View full text Add to dashboard Cite

Abstract. The recent results presented by Moradi et al. on AES at CHES 2010 and Witteman et al. on square-and-multiply always RSA exponentiation at CT-RSA 2011 have shown that collision-correlation power analysis is able to recover the secret keys on embedded implementations. However, we noticed that the attack published last year by Moradi et al. is not efficient on correctly first-order protected implementations. We propose in this paper improvements on collision-correlation attacks which require less power traces than classical second-order power analysis techniques. We present here two new methods and show in practice their real efficiency on two first-order protected AES implementations. We also mention that other symmetric embedded algorithms can be targeted by our new techniques.

show abstract

“…The Big Mac attack [41] is the first theoretical attack on public key cryptosystems, in which only a single trace is required to observe key dependencies and collisions during an RSA exponentiation. Witteman et al in [43] performed a similar attack on the RSA modular exponentiation in the presence of blinded messages. Clavier et al introduced in [13] horizontal correlation analysis, as a type of attack where a single power trace is enough to recover the private key.…”

Section: Introductionmentioning

confidence: 99%

Online template attacks

Batina

Chmielewski²,

Papachristodoulou

et al. 2017

J Cryptogr Eng

View full text Add to dashboard Cite

Template attacks are a special kind of sidechannel attacks that work in two stages. In a first stage, the attacker builds up a database of template traces collected from a device which is identical to the attacked device, but under the attacker's control. In the second stage, traces from the target device are compared to the template traces to recover the secret key. In the context of attacking elliptic curve scalar multiplication with template attacks, one can interleave template generation and template matching and reduce the amount of template traces. This paper enhances the power of this technique by defining and applying the concept of online template attacks, a general attack technique with minimal assumptions for an attacker, who has very very limited control over the template device. We show that online template attacks need only one power consumption trace of a scalar multiplication on the target device; they are thus suitable not only against ECDSA and static elliptic curve Diffie-Hellman (ECDH), but also against elliptic curve scalar multiplication in ephemeral ECDH. In addition, online template attacks need only one template trace per scalar bit and they can be applied to a broad variety of scalar multiplication algorithms. To demonstrate the power of online template attacks, we recover scalar bits of a scalar multiplication using the double-and-add-always algorithm on a twisted Edwards curve running on a smartcard with an ATmega163 CPU.

show abstract

Defeating RSA Multiply-Always and Message Blinding Countermeasures

Cited by 67 publications

References 10 publications

Completing the Complete ECC Formulae with Countermeasures

Completing the Complete ECC Formulae with Countermeasures

Improved Collision-Correlation Power Analysis on First Order Protected AES

Online template attacks

Contact Info

Product

Resources

About