WISA 2008: Information Security Applications pp 1-13 | Cite as
Using Templates to Attack Masked Montgomery Ladder Implementations of Modular Exponentiation
Abstract
Since side-channel attacks turned out to be a major threat against implementations of cryptographic algorithms, many countermeasures have been proposed. Amongst them, multiplicative blinding is believed to provide a reasonable amount of security for public-key algorithms. In this article we show how template attacks can be used to extract sufficient information to recover the mask. Our practical experiments verify that one power trace suffices in order to remove such a blinding factor. In the course of our work we attacked a protected Montgomery Powering Ladder implementation on a widely used microcontroller. As a result we can state that the described attack could be a serious threat for public key algorithms implemented on devices with small word size.
Keywords
RSA Montgomery Ladder Base Point Blinding Side- Channel Attacks Power Analysis Template Attacks Microcontroller Smart CardsPreview
Unable to display preview. Download preview PDF.
References
- 1.Biham, E., Shamir, A.: Differential fault analysis of secret key cryptosystems. In: Kaliski Jr., B.S. (ed.) CRYPTO 1997. LNCS, vol. 1294, pp. 513–525. Springer, Heidelberg (1997)CrossRefGoogle Scholar
- 2.Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults. In: Fumy, W. (ed.) EUROCRYPT 1997. LNCS, vol. 1233, pp. 37–51. Springer, Heidelberg (1997)CrossRefGoogle Scholar
- 3.Kocher, P.C.: Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
- 4.Rivest, R.L., Shamir, A., Adleman, L.: A Method for Obtaining Digital Signatures and Public-Key Cryptosystems. Communications of the ACM 21(2), 120–126 (1978)MathSciNetCrossRefMATHGoogle Scholar
- 5.Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)CrossRefGoogle Scholar
- 6.Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Power analysis attacks of modular exponentiation in smartcards. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 144–157. Springer, Heidelberg (1999)CrossRefGoogle Scholar
- 7.Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)CrossRefGoogle Scholar
- 8.Rechberger, C., Oswald, E.: Practical template attacks. In: Lim, C.H., Yung, M. (eds.) WISA 2004. LNCS, vol. 3325, pp. 443–457. Springer, Heidelberg (2005)CrossRefGoogle Scholar
- 9.Medwed, M., Oswald, E.: Template Attacks on ECDSA. Cryptology ePrint Archive, Report 2008/081 (2008), http://eprint.iacr.org/
- 10.Mangard, S., Oswald, E., Popp, T.: Power Analysis Attacks- Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)MATHGoogle Scholar
- 11.Kim, C., Ha, J., Moon, S., Yen, S.-M., Lien, W.-C., Kim, S.-H.: An Improved and Effcient Countermeasure against Power Analysis Attacks. Cryptology ePrint Archive, Report 2005/022 (2005), http://eprint.iacr.org/
- 12.Fumaroli, G., Vigilant, D.: Blinded fault resistant exponentiation. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.-P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 62–70. Springer, Heidelberg (2006)CrossRefGoogle Scholar
- 13.Montgomery, P.L.: Speeding the Pollard and Elliptic Curve Methods of Factorization. Mathematics of Computation 48(177), 243–264 (1987)MathSciNetCrossRefMATHGoogle Scholar
- 14.Joye, M., Yen, S.-M.: The montgomery powering ladder. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003)CrossRefGoogle Scholar