A Physical Combined Attack and its Countermeasure on BNP Exponentiation Algorithm

Recently, the combined attack which is a combination of side channel analysis and fault attack has been developed to extract the secret key during the cryptographic processes using a security device. Unfortunately, an attacker can find the private key of RSA cryptosystem through one time fault injection and power signal analysis. In this paper, we diagnosed SPA/FA resistant BNP(Boscher, Naciri, and Prouff) exponentiation algorithm as having threats to a similar combined attack. And we proposed a simple countermeasure to resist against this combined attack by randomizing the private key using error infective method.

[1]  Benoit Feix,et al.  Passive and Active Combined Attacks: Combining Fault Attacks and Side Channel Analysis , 2007, Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2007).

[2]  Christophe Clavier,et al.  Passive and Active Combined Attacks on AES Combining Fault Attacks and Side Channel Analysis , 2007 .

[3]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[4]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[5]  Benoit Feix,et al.  Distinguishing Multiplications from Squaring Operations , 2009, Selected Areas in Cryptography.

[6]  Marc Joye,et al.  The Montgomery Powering Ladder , 2002, CHES.

[7]  노미정 Advanced Encryption Standards engine apparatus having copy protection function and encryption/decryption method thereof , 2004 .

[8]  Benoit Feix,et al.  Defeating with Fault Injection a Combined Attack Resistant Exponentiation , 2013, COSADE.

[9]  Simon Heron,et al.  Encryption: Advanced Encryption Standard (AES) , 2009 .

[10]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[11]  Emmanuel Prouff,et al.  CRT RSA Algorithm Protected Against Fault Attacks , 2007, WISTP.

[12]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[13]  J. Quisquater,et al.  Fast decipherment algorithm for RSA public-key cryptosystem , 1982 .

[14]  Thomas Roche,et al.  Combined Fault and Side-Channel Attack on Protected Implementations of AES , 2011, CARDIS.

[15]  Christophe Clavier,et al.  Passive and Active Combined Attacks on AES Combining Fault Attacks and Side Channel Analysis , 2007, 2010 Workshop on Fault Diagnosis and Tolerance in Cryptography.

[16]  Marc Joye,et al.  Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity , 2004, IEEE Transactions on Computers.

[17]  Roberto Maria Avanzi,et al.  Combined Implementation Attack Resistant Exponentiation , 2010, LATINCRYPT.

[18]  Richard J. Lipton,et al.  On the Importance of Checking Cryptographic Protocols for Faults (Extended Abstract) , 1997, EUROCRYPT.