Sliding Windows Succumbs to Big Mac Attack

  • C. D. Walter
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2162)

Abstract

Sliding Windows is a general technique for obtaining an efficient exponentiation scheme. Big Mac is a specific form of attack on a cryptosystem in which bits of a secret key can be deduced independently, or almost so, of the others. Here such an attack on an implementation of the RSA cryptosystem is described. It assumes digit-by-digit computations are performed sequentially on a single k-bit multiplier and uses information which leaks through differential power analysis (DPA). With sufficiently powerful monitoring equipment, only a small number of exponentiations, independent of the key length, is enough to reveal the secret exponent from unknown plaintext inputs. Since the technique may work for a single exponentiation, many blinding techniques currently under consideration may be rendered useless. This is particularly relevant to implementations with single processors where a digit multiplication cannot be masked by other simultaneous processing. Moreover, the longer the key length, the easier the attacks becomes.

Keywords

Cryptography RSA differential power analysis blinding DPA smart card exponentiation sliding windows 

References

  1. 1.
    D. Boneh, Twenty Years of Attacks on the RSA Cryptosystem, Notices of the AMS, 46, no. 2, Feb 1999, pp 203–213.MathSciNetMATHGoogle Scholar
  2. 2.
    D. Boneh, R. De Millo & R. Lipton, On the Importance of Checking Cryptographic Protocols for Faults, Eurocrypt’ 97, Lecture Notes in Computer Science 1233, Springer-Verlag, 1997, pp. 37–51.Google Scholar
  3. 3.
    D. Chaum, Blind Signatures for Untraceable Payments, Proc. Advances in Cryptology (Crypto’ 82), Plenum Press, 1983, pp. 199–203.Google Scholar
  4. 4.
    J.-S. Coron, Resistance against Differential Power Analysis for Elliptic Curve Crypto systems, Cryptographic Hardware and Embedded Systems (Proc CHES 99), C. Paar & Ç. Koç editors, Lecture Notes in Computer Science 1717, Springer-Verlag, 1999, pp. 292–302.Google Scholar
  5. 5.
    K. Gandolfi, C. Mourtel & F. Olivier, Electromagnetic Analysis: Concrete Results, Cryptographic Hardware and Embedded Systems (Proc CHES 2001), Ç. Koç, D. Naccache & C. Paar editors, Lecture Notes in Computer Science (this volume), Springer-Verlag, 2001.Google Scholar
  6. 6.
    D. E. Knuth, The Art of Computer Programming, vol. 2, Seminumerical Algorithms, 2nd Edition, Addison-Wesley, 1981, pp. 441–466.Google Scholar
  7. 7.
    Ç. K. Koç, Analysis of Sliding Window Techniques for Exponentiation, Computers and Mathematics with Applications, 30, no. 10, 1995, pp. 17–24.MathSciNetMATHCrossRefGoogle Scholar
  8. 8.
    P. Kocher, Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems, Advances in Cryptology, Proc Crypto 96, Lecture Notes in Computer Science 1109, N. Koblitz editor, Springer-Verlag, 1996, pp 104–113.Google Scholar
  9. 9.
    P. Kocher, J. Jaffe & B. Jun, Differential Power Analysis, Advances in Cryptology–Crypto’ 99, Lecture Notes in Computer Science 1666, M. Wiener (editor), Springer-Verlag, 1999, pp 388–397.CrossRefGoogle Scholar
  10. 10.
    T. S. Messerges, E. A. Dabbish, R. H. Sloan, Power Analysis Attacks of Modular Exponentiation in Smartcards, Cryptographic Hardware and Embedded Systems (Proc CHES 99), C. Paar & Ç. Koç editors, Lecture Notes in Computer Science 1717, Springer-Verlag, 1999, pp. 144–157.Google Scholar
  11. 11.
    P. L. Montgomery, Modular Multiplication without Trial Division, Math. Computation, 44, 1985, pp. 519–521.MATHCrossRefGoogle Scholar
  12. 12.
    R. Mayer-Sommer, Smartly Analyzing the Simplicity and the Power of Simple Power Analysis on Smartcards, Cryptographic Hardware and Embedded Systems (Proc CHES 2000), C. Paar & Ç. Koç editors, Lecture Notes in Computer Science 1965, Springer-Verlag, 2000, pp. 78–92.Google Scholar
  13. 13.
    R. L. Rivest, A. Shamir & L. Adleman, A Method for obtaining Digital Signatures and Public-Key Cryptosystems, Comm. ACM, 21, 1978, pp. 120–126.MathSciNetMATHCrossRefGoogle Scholar
  14. 14.
    W. Schindler, A Timing Attack against RSA with Chinese Remainder Theorem, Cryptographic Hardware and Embedded Systems (Proc CHES 2000), C. Paar & Ç. Koç editors, Lecture Notes in Computer Science 1965, Springer-Verlag, 2000, pp. 109–124.Google Scholar
  15. 15.
    C. D. Walter, Systolic Modular Multiplication, IEEE Transactions on Computers, 42, no. 3, March 1993, pp. 376–378.CrossRefGoogle Scholar
  16. 16.
    C. D. Walter & S. Thompson, Distinguishing Exponent Digits by Observing Modular Subtractions, Topics in Cryptology-CT-RSA 2001, D. Naccache (editor), Lecture Notes in Computer Science 2020, Springer-Verlag, 2001, pp. 192–207.CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2001

Authors and Affiliations

  • C. D. Walter
    • 1
  1. 1.Department of ComputationUMISTManchesterUK

Personalised recommendations