The Doubling Attack - Why Upwards Is Better than Downwards

The recent developments of side channel attacks have lead implementers to use more and more sophisticated countermeasures in critical operations such as modular exponentiation, or scalar multiplication in the elliptic curve setting. In this paper, we propose a new attack against a classical implementation of these operations that only requires two queries to the device. The complexity of this so-called “doubling attack” is much smaller than previously known ones. Furthermore, this approach defeats two of the three countermeasures proposed by Coron at CHES ’99.

[1]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2002 , 2003, Lecture Notes in Computer Science.

[2]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[3]  William M. Daley,et al.  Digital Signature Standard (DSS) , 2000 .

[4]  Elena Trichina,et al.  Implementation of Elliptic Curve Cryptography with Built-In Counter Measures against Side Channel Attacks , 2002, CHES.

[5]  Alfred Menezes,et al.  Progress in Cryptology — INDOCRYPT 2002 , 2002, Lecture Notes in Computer Science.

[6]  Kouichi Sakurai,et al.  A Second-Order DPA Attack Breaks a Window-Method Based Countermeasure against Side Channel Attacks , 2002, ISC.

[7]  JaeCheol Ha,et al.  Randomized Signed-Scalar Multiplication of ECC to Resist Power Attacks , 2002, CHES.

[8]  Robert H. Sloan,et al.  Power Analysis Attacks of Modular Exponentiation in Smartcards , 1999, CHES.

[9]  Mihir Bellare,et al.  Optimal Asymmetric Encryption , 1994, EUROCRYPT.

[10]  Louis Goubin,et al.  A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems , 2003, Public Key Cryptography.

[11]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[12]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[13]  T. Elgamal A public key cryptosystem and a signature scheme based on discrete logarithms , 1984, CRYPTO 1984.

[14]  J. Olivos,et al.  Speeding up the computations on an elliptic curve using addition-subtraction chains , 1990, RAIRO Theor. Informatics Appl..

[15]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[16]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[17]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[18]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[19]  Kouichi Itoh,et al.  DPA Countermeasures by Improving the Window Method , 2002, CHES.

[20]  Gerhard Goos,et al.  Fast Software Encryption , 2001, Lecture Notes in Computer Science.

[21]  Taher ElGamal,et al.  A public key cyryptosystem and signature scheme based on discrete logarithms , 1985 .

[22]  Yvo Desmedt Public Key Cryptography — PKC 2003 , 2002, Lecture Notes in Computer Science.

[23]  Alfredo De Santis,et al.  Advances in Cryptology — EUROCRYPT'94 , 1994, Lecture Notes in Computer Science.

[24]  Christof Paar,et al.  A New Class of Collision Attacks and Its Application to DES , 2003, FSE.