New cross correlation attack methods on the Montgomery Ladder implementation of RSA

Kuzu, Ebru Akalp; Soysal, Betul; Sahinoglu, Muhammet; Guvenc, Umut; Tangel, Ali

doi:10.1109/iadcc.2013.6514209

Cited by 4 publications

(9 citation statements)

References 13 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The powers g i (mod n) (i=1,2,…,2 m-1 ) can be pre-computed and used in the multipli-in [15] , where techniques to strengthen cross correlation attack by averaging correlation values and comparing to a threshold were described. The CCAs against Montgomery ladder implementation of the RSA algorithm were analyzed in [16][17][18], and the voting mechanism and novel one or multi reference bits approaches were proposed.…”

Section: The Binary Modular Exponentiation Algorithmsmentioning

confidence: 99%

“…The typical CCAs are useful for the message blinding countermeasures [13][14][15][16][17][18]. The basic idea of CCA algorithms are that the operations would be trivially independent if two operations have no operand in common.…”

Section: Cross Correlation Attacks On Message Blinding Exponentiationmentioning

confidence: 99%

“…[15]. Akalp, et al proposed improved methods summing up correlation coefficients with the bigger correlation values comparing to a threshold [16][17][18].…”

Section: Cross Correlation Attacks On Message Blinding Exponentiationmentioning

confidence: 99%

“…Now, the proposed new cross correlation attacks on message blinding exponentiation algorithm is an improved method [16][17][18]. The basic idea of the new CCAs algorithm is that the attackers can find the power points which are less affected by noise and misalignment.…”

Section: An Optimized Cross Correlation Attacks On Message Blindmentioning

confidence: 99%

“…However, the weakness of these countermeasures is that one operand in the multiplication is fixed and the same pre-computed value is used when the same bits of the private key are manipulated. Various countermeasures using the message blinding method may still be vulnerable to Cross Correlation Attacks [13][14][15][16][17][18].…”

mentioning

confidence: 99%

See 4 more Smart Citations

An optimized cross correlation power attack of message blinding exponentiation algorithms

2015

View full text Add to dashboard Cite

The message blinding method is the most efficient and secure countermeasure against first-order differential power analysis(DPA). Although cross correlation attacks(CCAs) were given for defeating message blinding methods, however searching for correlation points is difficult for noise, misalignment in practical environment. In this paper, we propose an optimized cross correlation power attack for message blinding exponentiation algorithms. The attack method can select the more correlative power points of share one operation in the modular multiplication by comparing variances between correlation coefficients. Further we demonstrate that the attack method is more efficient in experiments with hardware implementation of RSA on a crypto chip card. In addition to the proposed CCA method can recovery all 1024bits secret key and recognition rate increases to 100% even when the recorded signals are noisy.

show abstract

Section: The Binary Modular Exponentiation Algorithmsmentioning

confidence: 99%

Section: Cross Correlation Attacks On Message Blinding Exponentiationmentioning

confidence: 99%

“…[15]. Akalp, et al proposed improved methods summing up correlation coefficients with the bigger correlation values comparing to a threshold [16][17][18].…”

Section: Cross Correlation Attacks On Message Blinding Exponentiationmentioning

confidence: 99%

Section: An Optimized Cross Correlation Attacks On Message Blindmentioning

confidence: 99%

mentioning

confidence: 99%

See 3 more Smart Citations

An optimized cross correlation power attack of message blinding exponentiation algorithms

2015

View full text Add to dashboard Cite

show abstract

Correlation template matching CPA method

Kuzu

Tangel

2016

Electron. lett.

Self Cite

View full text Add to dashboard Cite

An improved decision mechanism to the previously advertised correlation power analysis (CPA) type of attack which is applied on the Montgomery ladder exponentiation steps of the Application-Specific Integrated Circuit (ASIC) RSA implementation is proposed. As the nature of this previous attack, for each m-bit sized windows of the key bits, ratios of the correlation values of the correct type vector with all the other candidate vectors must also exist between the peak value of the correlation curve of the correct type vector and of the other candidate vectors. As a novelty, proposed method uses this property; namely, it searches the closest matching between these ratios to decide the correct bit type vector. It is experimentally and theoretically shown that this decision mechanism requires lesser number of traces to extract the correct key bit types compared with the previous CPA type attack. Also this decision methodology can be used to improve the effectiveness of other possible CPA type of attacks which construct power leakage models for more than one bit.

show abstract

All bits cross correlation attack on the Montgomery Ladder implementation of RSA

Kuzu

Tangel

2013

2013 18th International Conference on Digital Signal Processing (DSP)

View full text Add to dashboard Cite

New cross correlation attack methods on the Montgomery Ladder implementation of RSA

Cited by 4 publications

References 13 publications

An optimized cross correlation power attack of message blinding exponentiation algorithms

An optimized cross correlation power attack of message blinding exponentiation algorithms

Correlation template matching CPA method

All bits cross correlation attack on the Montgomery Ladder implementation of RSA

Contact Info

Product

Resources

About