Cryptographic Hardware and Embedded Systems - CHES 2003

We introduce multi-channel attacks, i.e., side-channel attacks which utilize multiple side-channels such as power and EM simultaneously. We propose an adversarial model which combines a CMOS leakage model and the maximum-likelihood principle for performing and analyzing such attacks. This model is essential for deriving the optimal and very often counter-intuitive techniques for channel selection and data analysis. We show that using multiple channels is better for template attacks by experimentally showing a three-fold reduction in the error probability. Developing sound countermeasures against multi-channel attacks requires a rigorous leakage assessment methodology. Under suitable assumptions and approximations, our model also yields a practical assessment methodology for net information leakage from the power and all available EM channels in constrained devices such as chip-cards. Classical DPA/DEMA style attacks assume an adversary weaker than that of our model. For this adversary, we apply the maximum-likelihood principle to such design new and more efficient single and multiple-channel DPA/DEMA attacks.

[1]  Kris Gaj,et al.  Hardware performance of the AES finalists-survey and analysis of results , 2000 .

[2]  Daniel M. Gordon,et al.  A Survey of Fast Exponentiation Methods , 1998, J. Algorithms.

[3]  Jean-Jacques Quisquater,et al.  Recent Results on Modular Multiplications for Smart Cards , 1998, CARDIS.

[4]  M. Anwar Hasan,et al.  Efficient Exponentiation of a Primitive Root in GF(2^m) , 1997, IEEE Trans. Computers.

[5]  Igor E. Shparlinski,et al.  Orders of Gauss Periods in Finite Fields , 1995, ISAAC.

[6]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[7]  B. Sunar,et al.  Low-complexity bit-parallel canonical and normal basis multipliers for a class of finite fields , 1998, Proceedings. 1998 IEEE International Symposium on Information Theory (Cat. No.98CH36252).

[8]  Kouichi Sakurai,et al.  Elliptic Curves with the Montgomery-Form and Their Cryptographic Applications , 2000, Public Key Cryptography.

[9]  Soonhak Kwon,et al.  Efficient Bit Serial Multiplication Using Optimal Normal Bases of Type II in GF (2m) , 2002, ISC.

[10]  Mitsuru Matsui,et al.  Hardware Evaluation of the AES Finalists , 2000, AES Candidate Conference.

[11]  Kouichi Sakurai,et al.  Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack , 2000, INDOCRYPT.

[12]  Servaas Vandenberghe,et al.  A Fast Software Implementation for Arithmetic Operations in GF(2n) , 1996, ASIACRYPT.

[13]  Henri Cohen,et al.  A course in computational algebraic number theory , 1993, Graduate texts in mathematics.

[14]  Ian F. Blake,et al.  Finite Field Multiplier Using Redundant Representation , 2002, IEEE Trans. Computers.

[15]  Dieter Gollmann,et al.  VLSI Design for Exponentiation in GF (2n) , 1990, AUSCRYPT.

[16]  Jasper Scholten,et al.  Hyperelliptic Curves in Characteristic 2 , 2000 .

[17]  ÇETIN K. KOÇ,et al.  Montgomery Multiplication in GF(2k) , 1998, Des. Codes Cryptogr..

[18]  Kris Gaj,et al.  Comparison of the Hardware Performance of the AES Candidates Using Reconfigurable Hardware , 2000, AES Candidate Conference.

[19]  Gordon B. Agnew,et al.  Fast Exponentiation in GF(2n) , 1988, EUROCRYPT.

[20]  Keshab K. Parhi,et al.  Efficient semisystolic architectures for finite-field arithmetic , 1998, IEEE Trans. Very Large Scale Integr. Syst..

[21]  Shyue-Win Wei VLSI architectures for computing exponentiations, multiplicative inverses, and divisions in GF(2/sup m/) , 1994, Proceedings of IEEE International Symposium on Circuits and Systems - ISCAS '94.

[22]  Gordon B. Agnew,et al.  An implementation for a fast public-key cryptosystem , 2004, Journal of Cryptology.

[23]  Stafford E. Tavares,et al.  Architectures for exponentiation in GF(2m) , 1988, IEEE J. Sel. Areas Commun..

[24]  Nigel P. Smart,et al.  The Hessian Form of an Elliptic Curve , 2001, CHES.

[25]  Paul Barrett,et al.  Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor , 1986, CRYPTO.

[26]  Christof Paar,et al.  Efficient Multiplier Architectures for Galois Fields GF(2 4n) , 1998, IEEE Trans. Computers.

[27]  P. L. Montgomery Modular multiplication without trial division , 1985 .