论文信息 - Resistance of Randomized Projective Coordinates Against Power Analysis

Resistance of Randomized Projective Coordinates Against Power Analysis

Embedded devices implementing cryptographic services are the result of a trade-off between cost, performance and security. Aside from flaws in the protocols and the algorithms used, one of the most serious threats against secret data stored in such devices is Side Channel Analysis. Implementing Public Key Cryptography in low-profile devices such as smart cards is particularly challenging given the computational complexity of the operations involved. In the area of elliptic curve cryptography, some choices of curves and coefficient fields are known to speed up computations, like scalar multiplication. From a theoretical standpoint, the use of optimized structures does not seem to weaken the cryptosystems which use them. Therefore several standardization bodies, such as the NIST, recommend such choices of parameters. However, the study of their impact on practical security of implementations may have been underestimated. In this paper, we present a new chosen-ciphertext Side-Channel Attack on scalar multiplication that applies when optimized parameters, like NIST curves, are used together with some classical anti-SPA and anti-DPA techniques. For a typical exponent size, the attack allows to recover a secret exponent by performing only a few hundred adaptive power measurements.

William Dupuy | Sébastien Kunz-Jacques

[1] Paul C. Kocher,et al. Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[2] Alfred Menezes,et al. The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[3] Feller William,et al. An Introduction To Probability Theory And Its Applications , 1950 .

[4] Serge Vaudenay,et al. How Far Can We Go Beyond Linear Cryptanalysis? , 2004, ASIACRYPT.

[5] Siva Sai Yerubandi,et al. Differential Power Analysis , 2002 .

[6] Louis Goubin,et al. A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems , 2003, Public Key Cryptography.

[7] Victor S. Miller,et al. Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[8] Kouichi Itoh,et al. Efficient Countermeasures against Power Analysis for Elliptic Curve Cryptosystems , 2004, CARDIS.

[9] P. L. Montgomery. Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[10] William Feller,et al. An Introduction to Probability Theory and Its Applications , 1967 .

[11] Jean-Sébastien Coron,et al. Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[12] N. Koblitz. Elliptic curve cryptosystems , 1987 .