# Power Analysis Attacks of Modular Exponentiation in Smartcards

Conference paper

First Online:

## Abstract

Three new types of power analysis attacks against smartcard implementations of modular exponentiation algorithms are described. The first attack requires an adversary to exponentiate many random messages with a known and a secret exponent. The second attack assumes that the adversary can make the smartcard exponentiate using exponents of his own choosing. The last attack assumes the adversary knows the modulus and the exponentiation algorithm being used in the hardware. Experiments show that these attacks are successful. Potential countermeasures are suggested.

## Keywords

Power Signal Advance Encryption Standard Modular Multiplication Modular Exponentiation Power Bias
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.

Download
to read the full conference paper text

## References

- 1.P. Kocher, J. Jaffe, and B. Jun, “Introduction to Differential Power Analysis and Related Attacks,” http://www.cryptography.com/dpa/technical, 1998.
- 2.T. S. Messerges, E. A. Dabbish and R. H. Sloan, “Investigations of Power Analysis Attacks on Smartcards,”
*Proceedings of USENIX Workshop on Smartcard Technology*, May 1999, pp. 151–61.Google Scholar - 3.P. Kocher, “Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems,” in
*Proceedings of Advances in Cryptology-CRYPTO ’96*, Springer-Verlag, 1996, pp. 104–13.Google Scholar - 4.J. F. Dhem, F. Koeune, P. A. Leroux, P. Mestré, J. J. Quisquater and J.L. Willems,“APractical Implementation of the Timing Attack,” in
*Proceedings of CARDIS 1998*, Sept. 1998.Google Scholar - 5.D. Boneh and R. A. Demillo and R. J. Lipton, “On the Importance of Checking Cryptographic Protocols for Faults,” in
*Proceedings of Advances in Cryptology-Eurocrypt ’97*, Springer-Verlag, 1997, pp. 37–51.Google Scholar - 6.E. Biham and A. Shamir, “Differential Fault Analysis of Secret Key Cryptosystems,” in
*Proceedings of Advances in Cryptology-CRYPTO ’97*, Springer-Verlag, 1997, pp. 513–25.Google Scholar - 7.W. van Eck, “Electromagnetic Radiation from Video Display Units: An Eavesdropping Risk,”
*Computers and Security*, v. 4, 1985, pp. 269–86.CrossRefGoogle Scholar - 8.J. Kelsey, B. Schneier, D. Wagner, and C. Hall, “Side Channel Cryptanalysis of Product Ciphers,” in
*Proceedings of ESORICS ’98*, Springer-Verlag, September 1998, pp. 97–110.Google Scholar - 9.ANSI X. 392, “American National Standard for Data Encryption Algorithm (DEA),” American Standards Institute, 1981.Google Scholar
- 10.J. Daemen, V. Rijmen, “Resistance Against Implementation Attacks: A Comparative Study of the AES Proposals,”
*Second Advanced Encryption Standard (AES) Candidate Conference*, http://csrc.nist.gov/encryption/aes/round1/conf2/aes2conf.htm, March 1999. - 11.E. Biham, A. Shamir, “Power Analysis of the Key Scheduling of the AES Candidates,”
*Second Advanced Encryption Standard (AES) Candidate Conference*,http://csrc.nist.gov/ encryption/aes/round1/conf2/aes2conf.htm, March 1999. - 12.S. Chari, C. Jutla, J.R. Rao, P. Rohatgi, “A Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards,”
*Second Advanced Encryption Standard (AES) Candidate Conference*, http://csrc.nist.gov/encryption/aes/round1/conf2/aes2conf.htm, March 1999. - 13.R. L. Rivest, A. Shamir, and L. Adleman, “A Method for Obtaining Digital Signatures and Public-Key Cryptosystems,”
*Comm. ACM*, vol. 21, 1978, pp. 120–126.zbMATHCrossRefMathSciNetGoogle Scholar - 14.N. Koblitz, “Elliptic Curve Cryptosystems,”
*Mathematics of Computation*, vol.48, 1987, pp. 203–9.zbMATHCrossRefMathSciNetGoogle Scholar - 15.V. S. Miller, “Uses of Elliptic Curves in Cryptography,” in
*Proceedings of Advances in Cryptology-CRYPTO ’85*, Springer-Verlag, 1986, pp. 417–26.Google Scholar - 16.E. F. Brickel, “A Survey of Hardware Implementations of RSA,” in
*Proceedings of Advances in Cryptology-CRYPTO ’89*, Springer-Verlag, 1990, pp. 368–70.Google Scholar - 17.A. Selby and C. Mitchel, “Algorithms for Software Implementations of RSA,”
*IEE Proceedings*, vol. 136E, 1989, pp. 166–70.Google Scholar - 18.S. E. Eldridge and C. D. Walter, “Hardware Implementations of Montgomery’s Modular Multiplication Algorithm,”
*IEEE Transactions on Computers*, vol.42, No.6, June 1993, pp.693–9.CrossRefGoogle Scholar - 19.S. R. Dussé and B. S. Kaliski Jr., “A Cryptographic Library for the Motorola 56000,”in
*Proceedings of Advances in Cryptology-Eurocrypt ’90*, Springer-Verlag, 1991, pp. 230–44.Google Scholar - 20.G. Monier, “Method for the Implementation of Modular Multiplication According to the Montgomery Method,”
*United States Patent*, No. 5,745, 398, April 28, 1998.Google Scholar - 21.C. D. Gressel, D. Hendel, I. Dror, I. Hadad and B. Arazi, “Compact Microelectronic Device for Performing Modular Multiplication and Exponentiation over Large Numbers,”
*United States Patent*, No. 5,742,530, April 21, 1998.Google Scholar - 22.P. L. Montgomery, “Modular MultiplicationWithout Trial Division,”
*Mathematics of Computation*, vol. 44, 1985, pp. 519–21.zbMATHCrossRefMathSciNetGoogle Scholar - 23.ISO7816, “Identification Cards-Integrated Circuit(s) Cards with Contacts,” International Organization for Standardization.Google Scholar
- 24.D. Chaum, “Blind Signatures for Untraceable Payments,” in
*Proceedings of Advances in Cryptology-CRYPTO ’82*, Plenum Press, 1983, pp. 199–203.Google Scholar

## Copyright information

© Springer-Verlag Berlin Heidelberg 1999