Abstract
Three new types of power analysis attacks against smartcard implementations of modular exponentiation algorithms are described. The first attack requires an adversary to exponentiate many random messages with a known and a secret exponent. The second attack assumes that the adversary can make the smartcard exponentiate using exponents of his own choosing. The last attack assumes the adversary knows the modulus and the exponentiation algorithm being used in the hardware. Experiments show that these attacks are successful. Potential countermeasures are suggested.
Partially supported by NSF Grant CCR-9800070
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
P. Kocher, J. Jaffe, and B. Jun, “Introduction to Differential Power Analysis and Related Attacks,” http://www.cryptography.com/dpa/technical, 1998.
T. S. Messerges, E. A. Dabbish and R. H. Sloan, “Investigations of Power Analysis Attacks on Smartcards,” Proceedings of USENIX Workshop on Smartcard Technology, May 1999, pp. 151–61.
P. Kocher, “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems,” in Proceedings of Advances in Cryptology-CRYPTO ’96, Springer-Verlag, 1996, pp. 104–13.
J. F. Dhem, F. Koeune, P. A. Leroux, P. Mestré, J. J. Quisquater and J.L. Willems,“APractical Implementation of the Timing Attack,” in Proceedings of CARDIS 1998, Sept. 1998.
D. Boneh and R. A. Demillo and R. J. Lipton, “On the Importance of Checking Cryptographic Protocols for Faults,” in Proceedings of Advances in Cryptology-Eurocrypt ’97, Springer-Verlag, 1997, pp. 37–51.
E. Biham and A. Shamir, “Differential Fault Analysis of Secret Key Cryptosystems,” in Proceedings of Advances in Cryptology-CRYPTO ’97, Springer-Verlag, 1997, pp. 513–25.
W. van Eck, “Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk,” Computers and Security, v. 4, 1985, pp. 269–86.
J. Kelsey, B. Schneier, D. Wagner, and C. Hall, “Side Channel Cryptanalysis of Product Ciphers,” in Proceedings of ESORICS ’98, Springer-Verlag, September 1998, pp. 97–110.
ANSI X. 392, “American National Standard for Data Encryption Algorithm (DEA),” American Standards Institute, 1981.
J. Daemen, V. Rijmen, “Resistance Against Implementation Attacks: A Comparative Study of the AES Proposals,” Second Advanced Encryption Standard (AES) Candidate Conference, http://csrc.nist.gov/encryption/aes/round1/conf2/aes2conf.htm, March 1999.
E. Biham, A. Shamir, “Power Analysis of the Key Scheduling of the AES Candidates,” Second Advanced Encryption Standard (AES) Candidate Conference,http://csrc.nist.gov/encryption/aes/round1/conf2/aes2conf.htm, March 1999.
S. Chari, C. Jutla, J.R. Rao, P. Rohatgi, “A Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards,” Second Advanced Encryption Standard (AES) Candidate Conference, http://csrc.nist.gov/encryption/aes/round1/conf2/aes2conf.htm, March 1999.
R. L. Rivest, A. Shamir, and L. Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,” Comm. ACM, vol. 21, 1978, pp. 120–126.
N. Koblitz, “Elliptic Curve Cryptosystems,” Mathematics of Computation, vol.48, 1987, pp. 203–9.
V. S. Miller, “Uses of Elliptic Curves in Cryptography,” in Proceedings of Advances in Cryptology-CRYPTO ’85, Springer-Verlag, 1986, pp. 417–26.
E. F. Brickel, “A Survey of Hardware Implementations of RSA,” in Proceedings of Advances in Cryptology-CRYPTO ’89, Springer-Verlag, 1990, pp. 368–70.
A. Selby and C. Mitchel, “Algorithms for Software Implementations of RSA,” IEE Proceedings, vol. 136E, 1989, pp. 166–70.
S. E. Eldridge and C. D. Walter, “Hardware Implementations of Montgomery’s Modular Multiplication Algorithm,” IEEE Transactions on Computers, vol.42, No.6, June 1993, pp.693–9.
S. R. Dussé and B. S. Kaliski Jr., “A Cryptographic Library for the Motorola 56000,”in Proceedings of Advances in Cryptology-Eurocrypt ’90, Springer-Verlag, 1991, pp. 230–44.
G. Monier, “Method for the Implementation of Modular Multiplication According to the Montgomery Method,” United States Patent, No. 5,745, 398, April 28, 1998.
C. D. Gressel, D. Hendel, I. Dror, I. Hadad and B. Arazi, “Compact Microelectronic Device for Performing Modular Multiplication and Exponentiation over Large Numbers,” United States Patent, No. 5,742,530, April 21, 1998.
P. L. Montgomery, “Modular MultiplicationWithout Trial Division,” Mathematics of Computation, vol. 44, 1985, pp. 519–21.
ISO7816, “Identification Cards-Integrated Circuit(s) Cards with Contacts,” International Organization for Standardization.
D. Chaum, “Blind Signatures for Untraceable Payments,” in Proceedings of Advances in Cryptology-CRYPTO ’82, Plenum Press, 1983, pp. 199–203.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 1999 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Messerges, T.S., Dabbish, E.A., Sloan, R.H. (1999). Power Analysis Attacks of Modular Exponentiation in Smartcards. In: Koç, Ç.K., Paar, C. (eds) Cryptographic Hardware and Embedded Systems. CHES 1999. Lecture Notes in Computer Science, vol 1717. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-48059-5_14
Download citation
DOI: https://doi.org/10.1007/3-540-48059-5_14
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-66646-2
Online ISBN: 978-3-540-48059-4
eBook Packages: Springer Book Archive