论文信息 - A Novel Template Attack on wNAF Algorithm of ECC

A Novel Template Attack on wNAF Algorithm of ECC

Template attack is more powerful than SPA and CPA in some situations. In this paper, a novel template attack named DTTA is proposed to attack the wNAF algorithm of ECC. SM2 is the Chinese public key cryptosystem standard issued in 2010. Few results of side channel attack on SM2 have been found so far. We exploit the Riscure platform to analyze decryption of SM2 in a smart IC card. We also compare 3 kinds of method which used in template matching phase. Experiment results show that template matching method of multivariate normal distribution is superior to correlation method or LSM. The maximum success rate of template matching can be 88%. That means a 256-bit private key of SM2 can be recovered 225 bits by only acquiring one measurement of SM2 decryption in average. Some general countermeasures is not safe enough for DTTA. Defensive strategy should exploit the combination of multiple countermeasures to resist DTTA.

Zhenbin Zhang | Xiangmin Zhang | Liji Wu | Zhaoli Mu

[1] Stefan Mangard,et al. Power analysis attacks - revealing the secrets of smart cards , 2007 .

[2] Alfred Menezes,et al. Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[3] Pankaj Rohatgi,et al. Template Attacks , 2002, CHES.

[4] Paul C. Kocher,et al. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[5] Dakshi Agrawal,et al. Templates as Master Keys , 2005, CHES.

[6] Elisabeth Oswald,et al. Template Attacks on ECDSA , 2009, WISA.

[7] Tsuyoshi Takagi,et al. SCA-Resistant and Fast Elliptic Scalar Multiplication Based on wNAF , 2004, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[8] Elisabeth Oswald,et al. Practical Template Attacks , 2004, WISA.

[9] Christophe Clavier,et al. Correlation Power Analysis with a Leakage Model , 2004, CHES.

[10] Jiazhe Chen,et al. Partially Known Nonces and Fault Injection Attacks on SM2 Signature Algorithm , 2013, Inscrypt.