Power Analysis Attacks of Modular Exponentiation in Smartcards
Three new types of power analysis attacks against smartcard implementations of modular exponentiation algorithms are described. The first attack requires an adversary to exponentiate many random messages with a known and a secret exponent. The second attack assumes that the adversary can make the smartcard exponentiate using exponents of his own choosing. The last attack assumes the adversary knows the modulus and the exponentiation algorithm being used in the hardware. Experiments show that these attacks are successful. Potential countermeasures are suggested.
KeywordsPower Signal Advance Encryption Standard Modular Multiplication Modular Exponentiation Power Bias
- 1.P. Kocher, J. Jaffe, and B. Jun, “Introduction to Differential Power Analysis and Related Attacks,” http://www.cryptography.com/dpa/technical, 1998.
- 2.T. S. Messerges, E. A. Dabbish and R. H. Sloan, “Investigations of Power Analysis Attacks on Smartcards,” Proceedings of USENIX Workshop on Smartcard Technology, May 1999, pp. 151–61.Google Scholar
- 3.P. Kocher, “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems,” in Proceedings of Advances in Cryptology-CRYPTO ’96, Springer-Verlag, 1996, pp. 104–13.Google Scholar
- 4.J. F. Dhem, F. Koeune, P. A. Leroux, P. Mestré, J. J. Quisquater and J.L. Willems,“APractical Implementation of the Timing Attack,” in Proceedings of CARDIS 1998, Sept. 1998.Google Scholar
- 5.D. Boneh and R. A. Demillo and R. J. Lipton, “On the Importance of Checking Cryptographic Protocols for Faults,” in Proceedings of Advances in Cryptology-Eurocrypt ’97, Springer-Verlag, 1997, pp. 37–51.Google Scholar
- 6.E. Biham and A. Shamir, “Differential Fault Analysis of Secret Key Cryptosystems,” in Proceedings of Advances in Cryptology-CRYPTO ’97, Springer-Verlag, 1997, pp. 513–25.Google Scholar
- 8.J. Kelsey, B. Schneier, D. Wagner, and C. Hall, “Side Channel Cryptanalysis of Product Ciphers,” in Proceedings of ESORICS ’98, Springer-Verlag, September 1998, pp. 97–110.Google Scholar
- 9.ANSI X. 392, “American National Standard for Data Encryption Algorithm (DEA),” American Standards Institute, 1981.Google Scholar
- 10.J. Daemen, V. Rijmen, “Resistance Against Implementation Attacks: A Comparative Study of the AES Proposals,” Second Advanced Encryption Standard (AES) Candidate Conference, http://csrc.nist.gov/encryption/aes/round1/conf2/aes2conf.htm, March 1999.
- 11.E. Biham, A. Shamir, “Power Analysis of the Key Scheduling of the AES Candidates,” Second Advanced Encryption Standard (AES) Candidate Conference,http://csrc.nist.gov/ encryption/aes/round1/conf2/aes2conf.htm, March 1999.
- 12.S. Chari, C. Jutla, J.R. Rao, P. Rohatgi, “A Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards,” Second Advanced Encryption Standard (AES) Candidate Conference, http://csrc.nist.gov/encryption/aes/round1/conf2/aes2conf.htm, March 1999.
- 15.V. S. Miller, “Uses of Elliptic Curves in Cryptography,” in Proceedings of Advances in Cryptology-CRYPTO ’85, Springer-Verlag, 1986, pp. 417–26.Google Scholar
- 16.E. F. Brickel, “A Survey of Hardware Implementations of RSA,” in Proceedings of Advances in Cryptology-CRYPTO ’89, Springer-Verlag, 1990, pp. 368–70.Google Scholar
- 17.A. Selby and C. Mitchel, “Algorithms for Software Implementations of RSA,” IEE Proceedings, vol. 136E, 1989, pp. 166–70.Google Scholar
- 19.S. R. Dussé and B. S. Kaliski Jr., “A Cryptographic Library for the Motorola 56000,”in Proceedings of Advances in Cryptology-Eurocrypt ’90, Springer-Verlag, 1991, pp. 230–44.Google Scholar
- 20.G. Monier, “Method for the Implementation of Modular Multiplication According to the Montgomery Method,” United States Patent, No. 5,745, 398, April 28, 1998.Google Scholar
- 21.C. D. Gressel, D. Hendel, I. Dror, I. Hadad and B. Arazi, “Compact Microelectronic Device for Performing Modular Multiplication and Exponentiation over Large Numbers,” United States Patent, No. 5,742,530, April 21, 1998.Google Scholar
- 23.ISO7816, “Identification Cards-Integrated Circuit(s) Cards with Contacts,” International Organization for Standardization.Google Scholar
- 24.D. Chaum, “Blind Signatures for Untraceable Payments,” in Proceedings of Advances in Cryptology-CRYPTO ’82, Plenum Press, 1983, pp. 199–203.Google Scholar