Universal Exponentiation Algorithm A First Step towards Provable SPA-Resistance
Very few countermeasures are known to protect an exponentiation against simple side-channel analyses. Moreover, all of them are heuristic.
This paper presents a universal exponentiation algorithm. By tying the exponent to a corresponding addition chain, our algorithm can virtually execute any exponentiation method.
Our aim is to transfer the security of the exponentiation method being implemented to the exponent itself. As a result, we hopefully tend to reconcile the provable security notions of modern cryptography with real-world implementations of exponentiation-based cryptosystems.
KeywordsImplementation exponentiation RSA cryptosystem discrete logarithm side-channel attacks simple power analysis (SPA) addition chains provable security smart-cards
- 1.Mihir Bellare, Anand Desai, David Pointcheval, and Phillip Rogaway. Relations among notions of security for public-key encryption schemes. Full paper (30 pages), February 1999. An extended abstract appears in H. Krawczyk, ed., Advances in Cryptology-CRYPTO’ 98, volume 1462 of Lecture Notes in Computer Science, pages 26–45, Springer-Verlag, 1998.CrossRefGoogle Scholar
- 2.Mihir Bellare and Phillip Rogaway. Random oracles are practical: A paradigm for designing efficient protocols. In First ACM Conference on Computer and Communications Security, pages 62–73. ACM Press, 1993.Google Scholar
- 4.F. Bergeron, J. Berstel, S. Brlek, and C. Duboc. Addition chains using continued fractions. Journal of Algorithms, 10(3):403–412, September 1989.Google Scholar
- 5.Suresh Chari, Charanjit S. Jutla, Josyula R. Rao, and Pankaj Rohatgi. Towards sound approaches to counteract power-analysis attacks. In M. Wiener, editor, Advances in Cryptology-CRYPTO’ 99, volume 1666 of Lecture Notes in Computer Science, pages 398–412. Springer-Verlag, 1999.Google Scholar
- 8.Donald E. Knuth. The art of computer programming/Seminumerical algorithms, volume 2. Addison-Wesley, 2nd edition, 1981.Google Scholar
- 9.Paul Kocher. Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In N. Koblitz, editor, Advances in Cryptology-CRYPTO’ 96, volume 1109 of Lecture Notes in Computer Science, pages 104–113. Springer-Verlag, 1996.Google Scholar
- 10.Paul Kocher. Secure modular exponentiation with leak minimization for smart cards and other cryptosystems. International patent WO 99/67909, March 1998.Google Scholar
- 11.Paul Kocher, Joshua Jaffe, and Benjamin Jun. Differential power analysis. In M. Wiener, editor, Advances in Cryptology-CRYPTO’ 99, volume 1666 of Lecture Notes in Computer Science, pages 388–397. Springer-Verlag, 1999.Google Scholar
- 12.Colin D. Walter. Exponentiation using division chains. IEEE Transactions on Computers, 47(7):757–765, July 1998.Google Scholar
- 13.Yacov Yacobi. Exponentiating faster with addition chains. In Advances in Cryptology — EUROCRYPT’ 90, volume 473 of Lecture Notes in Computer Science, pages 222–229. Springer-Verlag, 1991.Google Scholar