Advertisement

Journal of Cryptographic Engineering

, Volume 9, Issue 1, pp 37–52 | Cite as

From theory to practice: horizontal attacks on protected implementations of modular exponentiations

  • Ibrahima DiopEmail author
  • Yanis Linge
  • Thomas Ordas
  • Pierre-Yvan Liardet
  • Philippe Maurine
Regular Paper
  • 91 Downloads

Abstract

Nowadays, horizontal or single-shot side-channel attacks against protected implementations of RSA and similar algorithms constitute a theoretic threat against secure devices. Nevertheless, in practice their application remains very difficult not only because of their complexity, but also because of environmental countermeasures integrated by designers that render their application even more difficult. Horizontal side-channel attacks take place in multiple steps. Among them, the most important are the acquisition of a complete trace with a sufficiently high sampling rate, its cutting into regular patterns, the realignment of the obtained patterns, the reduction as far as possible of noise in the acquired trace, the identification of the points of interest and the application of an effective distinguisher. Each of these steps is crucial and leads, if performed without enough attention, to an unsuccessful attack. In this context, this paper introduces effective solutions to efficiently perform all these steps, i.e., practicable means for implementing efficient horizontal attacks.

Keywords

Side-channel analysis Horizontal attacks Collision attacks 

References

  1. 1.
    Archambeau, C., Peeters, E., Standaert, X.F., Quisquater, J.-J.: Template attacks in principal subspaces. In: Cryptographic Hardware and Embedded Systems—CHES 2006, 8th International Workshop, volume 4249 of Lecture Notes in Computer Science, pp. 1–14. Springer (2006)Google Scholar
  2. 2.
    Bajard, J.-C., Imbert, L., Liardet, P.-Y., Teglia, Y.: Leak resistant arithmetic. In: Cryptographic Hardware and Embedded Systems—CHES 2004: 6th International Workshop Cambridge, MA, USA, August 11–13, 2004. Proceedings, volume 3156 of Lecture Notes in Computer Science, pp. 62–75. Springer (2004)Google Scholar
  3. 3.
    Bhasin, S., Danger, J.-L., Guilley, S., Najm, Z.: NICV: normalized inter-class variance for detection of side-channel leakage. In: 2014 International Symposium on Electromagnetic Compatibility, Tokyo (EMC’14/Tokyo), pp. 310–313. IEEE (2014)Google Scholar
  4. 4.
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Cryptographic Hardware and Embedded Systems—CHES 2004: 6th International Workshop Cambridge, MA, USA, August 11–13, 2004. Proceedings, volume 3156 of Lecture Notes in Computer Science, pp. 16–29. Springer (2004)Google Scholar
  5. 5.
    Chari, S., Rao, J. R., Rohatgi, P.: Template attacks. In: Cryptographic Hardware and Embedded Systems—CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, August 13–15, 2002, Revised Papers, volume 2523 of Lecture Notes in Computer Science, pp. 13–28. Springer (2002)Google Scholar
  6. 6.
    Chevallier-Mames, B., Ciet, M., Joye, M.: Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity. IEEE Trans. Comput. 53(6), 760–768 (2004)CrossRefzbMATHGoogle Scholar
  7. 7.
    Clavier, C., Feix, B., Gagnerot, G., Giraud, C., Roussellet, M., Verneuil, V.: Rosetta for single trace analysis. In: Progress in Cryptology—INDOCRYPT 2012, pp. 140–155. Springer (2012)Google Scholar
  8. 8.
    Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Horizontal correlation analysis on exponentiation. Inf. Commun. Secur. 6476, 46–61 (2010)CrossRefzbMATHGoogle Scholar
  9. 9.
    Cooper, J., De Mulder, E., Goodwill, G., Jaffe, J., Kenworthy, G., Rohatgi, P., et al.: Test vector leakage assessment (TVLA) methodology in practice. In: International Cryptographic Module Conference (2013)Google Scholar
  10. 10.
    Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Cryptographic Hardware and Embedded Systems, First International Workshop, CHES’99, Worcester, MA, USA, August 12–13, 1999, Proceedings, volume 1717 of Lecture Notes in Computer Science, pp. 292–302. Springer (1999)Google Scholar
  11. 11.
    Diop, I., Carbone, M., Ordas, S., Linge, Y., Liardet, P., Maurine, P.: Collision for estimating SCA measurement quality and related applications. In: Smart Card Research and Advanced Applications—14th International Conference, CARDIS 2015, Bochum, Germany, November 4–6, 2015. Revised Selected Papers, pp. 143–157 (2015)Google Scholar
  12. 12.
    Diop, I., Liardet, P.-Y., Linge, Y., Maurine, P.: Collision based attacks in practice. In: 2015 Euromicro Conference on Digital System Design (DSD), pp. 367–374. IEEE (2015)Google Scholar
  13. 13.
    Duda, R., Hart, P., Stork, D.: Pattern Classification. Wiley Interscience, New York (2001)zbMATHGoogle Scholar
  14. 14.
    Durvaux, F., Standaert, F.-X.: From improved leakage detection to the detection of points of interests in leakage traces. In: Technical Report, Cryptology ePrint Archive, Report 2015/536, (2015)Google Scholar
  15. 15.
    Fouque, P.-A., Valette, F.: The doubling attack–why upwards is better than downwards. In: Cryptographic Hardware and Embedded Systems—CHES 2003, pp. 269–280. Springer (2003)Google Scholar
  16. 16.
    Gamal, T. E.: On computing logarithms over finite fields. In: Advances in Cryptology—CRYPTO ’85, Santa Barbara, California, USA, August 18–22, 1985, Proceedings, volume 218 of Lecture Notes in Computer Science, pp. 396–402. Springer (1985)Google Scholar
  17. 17.
    Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: Cryptographic Hardware and Embedded Systems—CHES 2001, Third International Workshop, Paris, France, May 14–16, 2001, Proceedings, volume 2162 of Lecture Notes in Computer Science, pp. 251–261. Springer (2001)Google Scholar
  18. 18.
    Hanley, N., Kim, H., Tunstall, M.: Exploiting collisions in addition chain-based exponentiation algorithms using a single trace. Technical Report, Cryptology ePrint Archive, Report 2012/485, (2012)Google Scholar
  19. 19.
    Heyszl, J., Ibing, A., Mangard, S., De Santis, F., Sigl, G.: Clustering algorithms for non-profiled single-execution attacks on exponentiations. In: Smart Card Research and Advanced Applications, pp. 79–93. Springer (2014)Google Scholar
  20. 20.
    Homma, N., Nagashima, S., Imai, Y., Aoki, T., Satoh, A.: High-resolution side-channel attack using phase-based waveform matching. In Cryptographic Hardware and Embedded Systems—CHES 2006, 8th International Workshop, volume 4249 of Lecture Notes in Computer Science, pp. 187–200. Springer (2006)Google Scholar
  21. 21.
    Itoh, K., Izu, T., Takenaka, M.: Address-bit differential power analysis of cryptographic schemes OK-ECDH and OK-ECDSA. In: Cryptographic Hardware and Embedded Systems—CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, August 13–15, 2002, Revised Papers, volume 2523 of Lecture Notes in Computer Science, pp. 129–143. Springer (2002)Google Scholar
  22. 22.
    Jaffe, J., Rohatgi, P., Riscure, M.W.: Efficient Sidechannel Testing for Public Key Algorithms: RSA Case Study. Citeseer, New York (2011)Google Scholar
  23. 23.
    Joye, M., Yen, S.-M.: The montgomery powering ladder. In: Cryptographic Hardware and Embedded Systems—CHES 2002, 4th International Workshop, Redwood Shores, CA, USA, August 13–15, 2002, Revised Papers, volume 2523 of Lecture Notes in Computer Science, pp. 291–302. Springer (2002)Google Scholar
  24. 24.
    Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Advances in Cryptology—CRYPTO ’96, 16th Annual International Cryptology Conference, Santa Barbara, California, USA, August 18–22, 1996, Proceedings, volume 1109 of Lecture Notes in Computer Science, pp. 104–113. Springer 1996Google Scholar
  25. 25.
    Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Advances in Cryptology—CRYPTO ’99, 19th Annual International Cryptology Conference, Santa Barbara, California, USA, August 15–19, 1999, Proceedings, volume 1666 of Lecture Notes in Computer Science, pp. 388–397. Springer (1999)Google Scholar
  26. 26.
    Mangard, S.: Hardware countermeasures against DPA—a statistical analysis of their effectiveness. In: Topics in Cryptology–CT-RSA 2004: The Cryptographers’ Track at the RSA Conference 2004, San Francisco, CA, USA, February 23–27, 2004, Proceedings, volume 2964, p. 222. Springer Science & Business Media (2004)Google Scholar
  27. 27.
    Mangard, S., Oswald, E., Popp, T.: Power analysis attacks: revealing the secrets of smart cards, vol. 31. Springer Science & Business Media, New York (2008)Google Scholar
  28. 28.
    Mateos, E., Gebotys, C.H.: A new correlation frequency analysis of the side channel. In: Proceedings of the 5th Workshop on Embedded Systems Security, p. 4. ACM, 2010Google Scholar
  29. 29.
    Montgomery, P.L.: Speeding the pollard and elliptic curve methods of factorization. Math. Comput. 48(177), 243–264 (1987)MathSciNetCrossRefzbMATHGoogle Scholar
  30. 30.
    Perin, G., Imbert, L., Torres, L., Maurine, P.: Attacking randomized exponentiations using unsupervised learning. In: Constructive Side-Channel Analysis and Secure Design, pp. 144–160. Springer (2014)Google Scholar
  31. 31.
    Rivest, R.L., Shamir, A., Adleman, L.: A method for obtaining digital signatures and public-key cryptosystems. Commun. ACM 21(2), 120–126 (1978)MathSciNetCrossRefzbMATHGoogle Scholar
  32. 32.
    Schramm, K., Wollinger, T.J., Paar, C.: A new class of collision attacks and its application to des. In: Fast Software Encryption, 10th International Workshop, FSE 2003, Lund, Sweden, February 24–26, 2003, Revised Papers, volume 2887 of Lecture Notes in Computer Science, pp. 206–222. Springer (2003)Google Scholar
  33. 33.
    Tiran, S., Ordas, S., Teglia, Y., Agoyan, M., Maurine, P.: A model of the leakage in the frequency domain and its application to CPA and DPA. J. Cryptogr. Eng. 4(3), 197–212 (2014)CrossRefGoogle Scholar
  34. 34.
    van Woudenberg, J.G., Witteman, M. F., Bakker, B.: Improving differential power analysis by elastic alignment. In: Topics in Cryptology–CT-RSA 2011, pp. 104–119. Springer (2011)Google Scholar
  35. 35.
    Walter, C.D.: Sliding windows succumbs to big MAC attack. In: Cryptographic Hardware and Embedded Systems—CHES 2001, Third International Workshop, Paris, France, May 14–16, 2001, Proceedings, volume 2162 of Lecture Notes in Computer Science, pp. 286–299. Springer (2001)Google Scholar
  36. 36.
    Yen, S.-M., Joye, M.: Checking before output may not be enough against fault-based cryptanalysis. IEEE Trans. Comput. 49(9), 967–970 (2000)CrossRefzbMATHGoogle Scholar
  37. 37.
    Yen, S.-M., Lien, W.-C., Moon, S., Ha, J.: Power analysis by exploiting chosen message and internal collisions–vulnerability of checking mechanism for rsa-decryption. In: Progress in Cryptology–Mycrypt 2005, pages 183–195. Springer, (2005)Google Scholar

Copyright information

© Springer-Verlag GmbH Germany, part of Springer Nature 2018

Authors and Affiliations

  • Ibrahima Diop
    • 1
    • 2
    Email author
  • Yanis Linge
    • 1
  • Thomas Ordas
    • 1
  • Pierre-Yvan Liardet
    • 1
  • Philippe Maurine
    • 3
    • 4
  1. 1.STMicroelectronicsRoussetFrance
  2. 2.Ecole Nationale Superieure des Mines de Saint-ÉtienneGardanneFrance
  3. 3.LIRMMUniversité Montpellier IIRoussetFrance
  4. 4.CEA Commissariat à l’Énergie Atomique et aux Énergies AlternativesGardanneFrance

Personalised recommendations