Power analysis and countermeasure of RSA cryptosystem

Public-key cryptography such as RSA cryptography and elliptic curve cryptography are used in electronic transactions. Since the security of the cryptography depends on the cryptographic key which is stored on an IC chip, security was believed to have been established as long as we use smart cards. However, since the mid-1990s, one technique after another has been developed for extracting the secret key without unsealing the IC chip. In particular, the power analysis by Kocher's group is an attack that can be carried out by using practical resources, and various applications have been proposed. In this paper, we study the power analysis of modular exponentiation, which is a primitive of RSA cryptography, and its countermeasures. Specifically, starting with the countermeasures to single-exponent multiple-data (SEMD), multiple-exponent single-data (MESD), and zero-exponent multiple-data (ZEMD) attacks of Messerges's group, we illustrate feasible attacks such as the Big Mac attack of Walter and Thompson, the template attack of Chari's group, and an attack proposed by the authors. We propose a countermeasure and present an implementation in a smart card. If the proposed method is applied to 1024-bit modular exponentiation, adequate security can be obtained in a processing time less than twice the time without countermeasures. © 2006 Wiley Periodicals, Inc. Electron Comm Jpn Pt 3, 89(8): 10–20, 2006; Published online in Wiley InterScience (www.interscience.wiley.com). DOI 10.1002/ecjc.20213

[1]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[2]  Christophe Clavier,et al.  Universal Exponentiation Algorithm , 2001, CHES.

[3]  Louis Goubin,et al.  DES and Differential Power Analysis (The "Duplication" Method) , 1999, CHES.

[4]  C. D. Walter,et al.  Distinguishing Exponent Digits by Observing Modular Subtractions , 2001, CT-RSA.

[5]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[6]  David Chaum,et al.  Blind Signatures for Untraceable Payments , 1982, CRYPTO.

[7]  Werner Schindler,et al.  A Timing Attack against RSA with the Chinese Remainder Theorem , 2000, CHES.

[8]  Dan Boneh,et al.  An Attack on RSA Given a Small Fraction of the Private Key Bits , 1998, ASIACRYPT.

[9]  C. D. Walter,et al.  MIST: An Efficient, Randomized Exponentiation Algorithm for Resisting Power Analysis , 2002, CT-RSA.

[10]  Peter K. Pearson,et al.  IPA: A New Class of Power Attacks , 1999, CHES.

[11]  Wieland Fischer,et al.  Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures , 2002, CHES.

[12]  Robert H. Sloan,et al.  Power Analysis Attacks of Modular Exponentiation in Smartcards , 1999, CHES.

[13]  Bruce Schneier,et al.  Side channel cryptanalysis of product ciphers , 2000 .

[14]  Pankaj Rohatgi,et al.  Template Attacks , 2002, CHES.

[15]  C. D. Walter,et al.  Sliding Windows Succumbs to Big Mac Attack , 2001, CHES.

[16]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[17]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[18]  C. D. Walter,et al.  Some Security Aspects of the M IST Randomized Exponentiation Algorithm , 2002, CHES.