Longer Keys May Facilitate Side Channel Attacks

  • Colin D. Walter
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3006)


Increasing key length is a standard counter-measure to cryptanalysis. However, longer key length generally means greater side channel leakage. For embedded RSA crypto-systems the increase in leaked data outstrips the increase in secret data so that, in contrast to the improved mathematical strength, longer keys may, in fact, lead to lower security. This is investigated for two types of implementation attack. The first is a timing attack in which squares and multiplications are differentiated from the relative frequencies of conditional subtractions over several exponentiations. Once keys are large enough, longer length seems to decrease security. The second case is a power analysis attack on a single m-ary exponentiation using a single k-bit hardware multiplier. For this, despite certain counter-measures such as exponent blinding, uncertainty in determining the secret bits decreases so quickly that longer keys appear to be noticeably less secure.


RSA Cryptosystem Key Length Side Channel Attacks Timing Attack Power Analysis DPA 


  1. 1.
    Best, R.M.: Crypto Microprocessor that Executes Enciphered Programs, U.S. Patent 4, 465,901, August 14 (1984)Google Scholar
  2. 2.
    Dhem, J.-F., Koeune, F., Leroux, P.-A., Mestré, P., Quisquater, J.-J., Willems, J.-L.: A practical implementation of the Timing Attack. In: Schneier, B., Quisquater, J.-J. (eds.) CARDIS 1998. LNCS, vol. 1820, pp. 175–190. Springer, Heidelberg (2000)Google Scholar
  3. 3.
    Diffie, W., Hellman, M.E.: New Directions in Cryptography. IEEE Trans. Info. Theory IT-22(6), 644–654 (1976)CrossRefMathSciNetGoogle Scholar
  4. 4.
    El-Gamal, T.: A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms. IEEE Trans. Info. Theory IT-31(4), 469–472 (1985)CrossRefMathSciNetGoogle Scholar
  5. 5.
    Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic Analysis: Concrete Results. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 251–261. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  6. 6.
    Hachez, G., Quisquater, J.-J.: Montgomery exponentiation with no final subtractions: improved results. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 293–301. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  7. 7.
    Knuth, D.E.: The Art of Computer Programming, 2nd edn. Seminumerical Algorithms, vol. 2, pp. 441–466. Addison-Wesley, Reading (1981)MATHGoogle Scholar
  8. 8.
    Koç, Ç.K.: Analysis of Sliding Window Techniques for Exponentiation. Computers and Mathematics with Applications 30(10), 17–24 (1995)MATHCrossRefMathSciNetGoogle Scholar
  9. 9.
    Kocher, P.: Timing attack on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
  10. 10.
    Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
  11. 11.
    Kuhn, M.G.: Cipher Instruction Search Attack on the Bus-Encryption Security Microcontroller DS5002FP. IEEE Transactions on Computers 47(10), 1153–1157 (1998)CrossRefGoogle Scholar
  12. 12.
    Mayer-Sommer, R.: Smartly Analyzing the Simplicity and the Power of Simple Power Analysis on Smartcards. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 78–92. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  13. 13.
    Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Power Analysis Attacks of Modular Exponentiation in Smartcards. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 144–157. Springer, Heidelberg (1999)CrossRefGoogle Scholar
  14. 14.
    Miller, V.: Use of Elliptic Curves in Cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
  15. 15.
    Möller, B.: Parallelizable Elliptic Curve Point Multiplication Method with Resistance against Side Channel Attacks. In: Chan, A.H., Gligor, V.D. (eds.) ISC 2002. LNCS, vol. 2433, pp. 402–413. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  16. 16.
    Montgomery, P.L.: Modular Multiplication without Trial Division. Mathematics of Computation 44(170), 519–521 (1985)MATHCrossRefMathSciNetGoogle Scholar
  17. 17.
    Rivest, R.L., Shamir, A., Adleman, L.: A Method for obtaining Digital Signatures and Public-Key Cryptosystems. Comm. ACM 21, 120–126 (1978)MATHCrossRefMathSciNetGoogle Scholar
  18. 18.
    Schindler, W.: A Timing Attack against RSA with Chinese Remainder Theorem. In: Paar, C., Koç, Ç.K. (eds.) CHES 2000. LNCS, vol. 1965, pp. 109–124. Springer, Heidelberg (2000)CrossRefGoogle Scholar
  19. 19.
    Walter, C.D.: Montgomery Exponentiation Needs No Final Subtractions. Electronics Letters 35(21), 1831–1832 (1999)CrossRefGoogle Scholar
  20. 20.
    Walter, C.D.: Sliding Windows succumbs to Big Mac Attack. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 286–299. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  21. 21.
    Walter, C.D., Thompson, S.: Distinguishing Exponent Digits by Observing Modular Subtractions. In: Naccache, D. (ed.) CT-RSA 2001. LNCS, vol. 2020, pp. 192–207. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  22. 22.
    Walter, C.D.: Precise Bounds for Montgomery Modular Multiplication and Some Potentially Insecure RSA Moduli. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 30–39. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  23. 23.
    Walter, C.D.: MIST: An Efficient, Randomized Exponentiation Algorithm for Resisting Power Analysis. In: Preneel, B. (ed.) CT-RSA 2002. LNCS, vol. 2271, pp. 53–66. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  24. 24.
    Digital Signature Standard (DSS), FIPS 186, http://csrc.nist.gov/publications/, US National Institute of Standards and Technology (May 1994) Google Scholar
  25. 25.
    Data Encryption Standard (DES), FIPS 46-3, http://csrc.nist.gov/publications/, US National Institute of Standards and Technology (October 1999) Google Scholar
  26. 26.
    Advanced Encryption Standard (AES), FIPS 197, http://csrc.nist.gov/publications/, US National Institute of Standards and Technology (November 2001) Google Scholar
  27. 27.
    Index of National Security Telecommunications Information Systems Security Issuances, NSTISSC Secretariat, US National Security Agency, January 9 (1998)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Colin D. Walter
    • 1
  1. 1.Comodo Research LabBradfordUK

Personalised recommendations