A Combined Timing and Power Attack

In [9] Walter and Thompson introduced a new side-channel attack on the secret exponents of modular exponentiations which uses techniques from timing attacks to exploit specific information gained by a power attack. Walter and Thompson assumed that the attacked device uses a particular table method combined with Montgomery's algorithm. In the present paper their attack is optimized and generalized. For 2- bit tables this leads to a reduction of the necessary sample size to 20 per cent. The original attack cannot be applied if 4-bit tables are used,a case of particular practical interest, whereas the optimized attack gets by with 500 measurements. The optimized version can straightforwardly be adapted to other table methods,other multiplication algorithms and inexact timings. Moreover,it is shown that the countermeasures proposed in [9] do not prevent the optimized attack if unsuitable parameters are chosen.

[1]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[2]  Michael Wiener,et al.  Advances in Cryptology — CRYPTO’ 99 , 1999 .

[3]  Francis Olivier,et al.  Electromagnetic Analysis: Concrete Results , 2001, CHES.

[4]  C. D. Walter,et al.  Distinguishing Exponent Digits by Observing Modular Subtractions , 2001, CT-RSA.

[5]  Jean-Jacques Quisquater,et al.  A Practical Implementation of the Timing Attack , 1998, CARDIS.

[6]  Werner Schindler,et al.  A Timing Attack against RSA with the Chinese Remainder Theorem , 2000, CHES.

[7]  David Naccache,et al.  Topics in Cryptology — CT-RSA 2001 , 2001, Lecture Notes in Computer Science.

[8]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[9]  David Naccache,et al.  Cryptographic Hardware and Embedded Systems — CHES 2001 , 2001 .

[10]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[11]  Neal Koblitz,et al.  Advances in Cryptology — CRYPTO ’96 , 2001, Lecture Notes in Computer Science.

[12]  Bruce Schneier,et al.  Smart Card Research and Applications , 1998, Lecture Notes in Computer Science.

[13]  Schindler Werner OPTIMIZED TIMING ATTACKS AGAINST PUBLIC KEY CRYPTOSYSTEMS , 2002 .

[14]  Christof Paar,et al.  Cryptographic Hardware and Embedded Systems - CHES 2006, 8th International Workshop, Yokohama, Japan, October 10-13, 2006, Proceedings , 2006, CHES.

[15]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .