Advertisement

Practical Analysis of RSA Countermeasures Against Side-Channel Electromagnetic Attacks

  • Guilherme Perin
  • Laurent Imbert
  • Lionel Torres
  • Philippe Maurine
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 8419)

Abstract

This paper analyzes the robustness of RSA countermeasures against electromagnetic analysis and collision attacks. The proposed RSA cryptosystem uses residue number systems (RNS) for fast executions of the modular calculi with large numbers. The parallel architecture is protected at arithmetic and algorithmic levels by using the Montgomery Ladder and the Leak Resistant Arithmetic countermeasures. Because the architecture can leak information through control and memory executions, the hardware RNS-RSA also relies on the randomization of RAM accesses. Experimental results, obtained with and without randomization of the RNS moduli sets, suggest that the RNS-based RSA with bases randomization and secured RAM accesses is protected.

Keywords

RSA RNS Montgomery exponentiation Countermeasures Electromagnetic analysis 

References

  1. 1.
    Rivest, R., Shamir, A., Adleman, L.: A method for obtaining digital signatures and PKC. Commun. ACM 21(2), 120–126 (1978)CrossRefzbMATHMathSciNetGoogle Scholar
  2. 2.
    Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999) CrossRefGoogle Scholar
  3. 3.
    Joye, M., Yen, S.-M.: The montgomery powering ladder. In: Kaliski Jr, B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  4. 4.
    Bauer, A., Jaulmes, E., Prouff, E., Wild, J.: Horizontal and vertical side-channel attacks against secure RSA implementations. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 1–17. Springer, Heidelberg (2013) CrossRefGoogle Scholar
  5. 5.
    Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  6. 6.
    Fouque, P.-A., Valette, F.: The doubling attack – why upwards is better than downwards. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 269–280. Springer, Heidelberg (2003) CrossRefGoogle Scholar
  7. 7.
    Yen, S.-M., Lien, W.-C., Moon, S.-J., Ha, C.J.: Power analysis by exploiting chosen message and internal collisions – vulnerability of checking mechanism for RSA-decryption. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 183–195. Springer, Heidelberg (2005) CrossRefGoogle Scholar
  8. 8.
    Homma, N., Miyamoto, A., Aoki, T., Satoh, A., Shamir, A.: Comparative power analysis of modular exponentiation algorithms. IEEE Trans. Comput. 59(6), 795–807 (2010)CrossRefMathSciNetGoogle Scholar
  9. 9.
    Bajard, J.-C., Imbert, L., Liardet, P.-Y., Teglia, Y.: Leak resistant arithmetic. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 62–75. Springer, Heidelberg (2004) CrossRefGoogle Scholar
  10. 10.
    Bajard, J.-C., Didier, L-S., Kornerup, P.: An RNS montgomery modular multiplication algorithm. IEEE Trans. Comput. 47(7), 766–776, 62–75 (1998)Google Scholar
  11. 11.
    Kawamura, S., Koike, M., Sano, F., Shimbo, A.: Cox-rower architecture for fast parallel montgomery multiplication. In: Preneel, B. (ed.) EUROCRYPT 2000. LNCS, vol. 1807, pp. 523–538. Springer, Heidelberg (2000) CrossRefGoogle Scholar
  12. 12.
    Omondi, A., Prekumar, B.: Reside Number Systems: Theory and Implementation. Imperial College Press, London (2007)Google Scholar
  13. 13.
    Gandino, F., Lamberti, F., Montuschi, P., Bajard, J.-C.: A general approach for improving RNS montgomery exponentiation using pre-processing. In: ARITH20, pp. 195–204. IEEE Computer Society (2011)Google Scholar
  14. 14.
    Posch, K., Posch, R.: Modulo reduction in residue number systems. IEEE Trans. Parallel Distrib. Syst. 6(5), 449–454 (1995)CrossRefMathSciNetGoogle Scholar
  15. 15.
    Bajard, J.-C., Meloni, N., Plantard, T.: Efficient RNS bases for cryptography. In: Proceedings 17th IMACS World Congress, Scientific Computation, Applied Mathematics and Simulation, pp. 113–119 (2005)Google Scholar
  16. 16.
    Guillermin, N.: A coprocessor for secure and high speed modular arithmetic. Cryptology ePrint Archive, Report 2011/354 (2011)Google Scholar
  17. 17.
    Koc, K.: A fast algorithm for mixed-radix conversion in residue arithmetic. In: IEEE International Conference on Computer Design: VLSI in Computers and Processors, pp. 18–21, 2–4 October 1989Google Scholar
  18. 18.
    Heyszl, J., Mangard, S., Heinz, B., Stumpf, F., Sigl, G.: Localized electromagnetic analysis of cryptographic implementations. In: Dunkelman, O. (ed.) CT-RSA 2012. LNCS, vol. 7178, pp. 231–244. Springer, Heidelberg (2012) CrossRefGoogle Scholar
  19. 19.
    Heyszl, J., Ibing, A., Mangard, S., Santis, F., Sigl, G.: Clustering algorithms for non-profiled single-execution attacks on exponentiations. IACR Cryptology ePrint Archive, vol. 2013, p. 438 (2013)Google Scholar
  20. 20.
    Perin, G., Torres, L., Benoit, P., Maurine, P.: Amplitude demodulation-based EM analysis of different RSA implementations. In: DATE, pp. 1167–1172 (2012)Google Scholar
  21. 21.
    Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Horizontal correlation analysis on exponentiation. In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 46–61. Springer, Heidelberg (2010) CrossRefGoogle Scholar
  22. 22.
    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski Jr, B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003) CrossRefGoogle Scholar

Copyright information

© Springer International Publishing Switzerland 2014

Authors and Affiliations

  1. 1.LIRMM/UM2MontpellierFrance

Personalised recommendations