Self-Randomized Exponentiation Algorithms
Exponentiation is a central process in many public-key cryptosystems such as RSA and DH. This paper introduces the concept of self-randomized exponentiation as an efficient means for preventing DPA-type attacks. Self-randomized exponentiation features several interesting properties:
it is fully generic in the sense that it is not restricted to a particular exponentiation algorithm;
it is parameterizable: a parameter allows to choose the best trade-off between security and performance;
it can be combined with most other counter-measures;
it is space-efficient as only an additional long-integer register is required;
it is flexible in the sense that it does not rely on certain group properties;
it does not require the prior knowledge of the order of the group in which the exponentiation is performed.
All these advantages make our method particularly well suited to secure implementations of the RSA cryptosystem in standard mode, on constrained devices like smart cards.
KeywordsExponentiation implementation attacks fault attacks side-channel attacks (DPA SPA) randomization exponent masking blinding RSA standard mode smart cards
Unable to display preview. Download preview PDF.
- [BR96]Bellare, M., Rogaway, P.: The exact security of digital signatures - How to sign with RSA and Rabin. In: Maurer, U.M. (ed.) EUROCRYPT 1996. LNCS, vol. 1070, pp. 399–416. Springer, Heidelberg (1996)Google Scholar
- [CJRR99]Chari, S., Jutla, C.S., Rao, J.R., Rohatgi, P.: Towards sound approaches to counteract power-analysis attacks. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 398–412. Springer, Heidelberg (1999)Google Scholar
- [CCJ]Chevallier-Mames, B., Ciet, M., Joye, M.: Low cost solutions for preventing simple side-channel power analysis: Side-channel atomicity. Preprint available on IACR ePrint (to appear)Google Scholar
- [KJJ99]Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)Google Scholar
- [Koc96]Kocher, P.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)Google Scholar
- [Mil86]Miller, V.S.: Use of elliptic curves in cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)Google Scholar
- [PKC02]PKCS #1 v2.1: RSA cryptography standard. RSA Laboratories, June 14 (2002)Google Scholar