Flexible Exponentiation with Resistance to Side Channel Attacks

Vuillaume, Camille; Okeya, Katsuyuki

doi:10.1007/11767480_18

Cited by 11 publications

(6 citation statements)

References 14 publications

(27 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Most proposed solutions to recent cache-based attacks [1,2,28,35] involve cache partitioning [21], requiring hardware modifications and decreasing performance. Specific algorithms may be hardened [34], but the only known general solution-resource partitioning-limits statistical multiplexing and undermines the cloud business model.…”

Section: Related Workmentioning

confidence: 99%

Determinating timing channels in compute clouds

Aviram

Ford

et al. 2010

Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop

View full text Add to dashboard Cite

Timing side-channels represent an insidious security challenge for cloud computing, because: (a) massive parallelism in the cloud makes timing channels pervasive and hard to control; (b) timing channels enable one customer to steal information from another without leaving a trail or raising alarms; (c) only the cloud provider can feasibly detect and report such attacks, but the provider's incentives are not to; and (d) resource partitioning schemes for timing channel control undermine statistical sharing efficiency, and, with it, the cloud computing business model. We propose a new approach to timing channel control, using provider-enforced deterministic execution instead of resource partitioning to eliminate timing channels within a shared cloud domain. Provider-enforced determinism prevents execution timing from affecting the results of a compute task, however large or parallel, ensuring that a task's outputs leak no timing information apart from explicit timing inputs and total compute duration. Experiments with a prototype OS for deterministic cloud computing suggest that such an approach may be practical and efficient. The OS supports deterministic versions of familiar APIs such as processes, threads, shared memory, and file systems, and runs coarse-grained parallel tasks as efficiently and scalably as current timing channel-ridden systems.

show abstract

Section: Related Workmentioning

confidence: 99%

Determinating timing channels in compute clouds

Aviram

Ford

et al. 2010

Proceedings of the 2010 ACM Workshop on Cloud Computing Security Workshop

View full text Add to dashboard Cite

show abstract

“…While this computation is "easy" on elliptic curves, this is not the case for the multiplicative group of integers modulo N . An unsigned version of Möller's algorithm is described in [27] where the digits are recoded in the set {1, . .…”

Section: Exponent Recodingmentioning

confidence: 99%

“…The problem with the recoding algorithms proposed in [19,27] is that they cannot easily be implemented in a regular manner. In this section we present some recoding methods for regular exponentiation, where the exponent can be simply recoded in a regular fashion.…”

Section: Exponent Recodingmentioning

confidence: 99%

See 1 more Smart Citation

Exponent Recoding and Regular Exponentiation Algorithms

Joye

Tunstall

2009

Progress in Cryptology – AFRICACRYPT 2009

View full text Add to dashboard Cite

Abstract. This paper describes methods of recoding exponents to allow for regular implementations of m-ary exponentiation algorithms. Recoding algorithms previously proposed in the literature do not lend themselves to being implemented in a regular manner, which is required if the implementation needs to resist side-channel attacks based on simple power analysis. The advantage of the algorithms proposed in this paper over previous work is that the recoding can be readily implemented in a regular manner. Recoding algorithms are proposed for exponentiation algorithms that use both signed and unsigned exponent digits.

show abstract

“…A typical approach is making the exponentiation exhibit a fixed pattern, making it independent of the private key bit. The proposed methods include Coron's dummy method [Coron 1999], the Montgomery ladder (ML) method [Izu and Takagi 2002], and some recoding methods [Hedabou et al 2005;Vuillaume and Okeya 2006]. However, the dummy method may be vulnerable to the computational safe-error (CSE) attack [Sung-Ming et al 2002], and the main drawback of the ML method is that it is hard to be applied to the precomputation-based exponentiation.…”

Section: Introductionmentioning

confidence: 99%

Message blinding method requiring no multiplicative inversion for RSA

Kim

Han

Hong

et al. 2014

ACM Trans. Embed. Comput. Syst.

View full text Add to dashboard Cite

This article proposes a new message blinding methods requiring no multiplicative inversion for RSA. Most existing message blinding methods for RSA additionally require the multiplicative inversion, even though computational complexity of this operation is O(n 3 ) which is equal to that of the exponentiation. Thus, this additional operation is known to be the main drawback of the existing message blinding methods for RSA. In addition to requiring no additional multiplicative inversion, our new countermeasure provides the security against various power analysis attacks as well as general differential power analysis.

show abstract

Flexible Exponentiation with Resistance to Side Channel Attacks

Cited by 11 publications

References 14 publications

Determinating timing channels in compute clouds

Determinating timing channels in compute clouds

Exponent Recoding and Regular Exponentiation Algorithms

Message blinding method requiring no multiplicative inversion for RSA

Contact Info

Product

Resources

About