Abstract
Exponent blinding is known as a secure countermeasure against side-channel attacks. If single power traces reveal some exponent bits, an attack by Fouque et al. applies that recovers the exponent. However, this attack becomes infeasible if some of the guessed bits are incorrect. Thus, the attack was not assumed to be a realistic threat. In this paper we present two variants of a novel generic attack, which works for considerable error rates at each bit position, disproving the hypothesis that mere exponent blinding is always sufficient. We confirmed experimentally that our attack permits up to 28% (RSA case) or 23% (ECC case) error bits.
Chapter PDF
Similar content being viewed by others
Keywords
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.
References
Acıiçmez, O., Schindler, W.: A Vulnerability in RSA Implementations due to Instruction Cache Analysis and Its Demonstration on OpenSSL. In: Malkin, T. (ed.) CT-RSA 2008. LNCS, vol. 4964, pp. 256–273. Springer, Heidelberg (2008)
Fouque, P., Kunz-Jacques, S., Martinet, G., Muller, F., Valette, F.: Power Attack on Small RSA Public Exponent. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 339–353. Springer, Heidelberg (2006)
Henecka, W., May, A., Meurer, A.: Correcting Errors in RSA Private Keys. In: Rabin, T. (ed.) CRYPTO 2010. LNCS, vol. 6223, pp. 351–369. Springer, Heidelberg (2010)
Coron, J.S.: Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)
Courrège, J.C., Feix, B., Roussellet, M.: Simple Power Analysis on Exponentiation Revisited. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) CARDIS 2010. LNCS, vol. 6035, pp. 65–79. Springer, Heidelberg (2010)
Itoh, K., Izu, T., Takenaka, M.: Address-bit Differential Power Analysis of Cryptographic Schemes OK-ECDH and OK-ECDSA. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 129–143. Springer, Heidelberg (2003)
Itoh, K., Yamamoto, D., Yajima, J., Ogata, W.: Collision-Based Power Attack for RSA with Small Public Exponent. IEICE Transactions on Information and Systems E92-D5, #5, 897–908 (2009)
Kocher, P.: Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996)
Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
Lang, S.: Algebra, 3rd edn. Addison-Wesley, Reading (1993)
Schindler, W.: A Combined Timing and Power Attack. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 263–279. Springer, Heidelberg (2002)
Yen, S., Lien, W., Moon, S., Ha, J.: Power Analysis by Exploiting Chosen Message and Internal Collisions - Vulnerability of Checking Mechanism for RSA-Decryption. In: Dawson, E., Vaudenay, S. (eds.) Mycrypt 2005. LNCS, vol. 3715, pp. 183–195. Springer, Heidelberg (2005)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2011 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Schindler, W., Itoh, K. (2011). Exponent Blinding Does Not Always Lift (Partial) Spa Resistance to Higher-Level Security. In: Lopez, J., Tsudik, G. (eds) Applied Cryptography and Network Security. ACNS 2011. Lecture Notes in Computer Science, vol 6715. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-21554-4_5
Download citation
DOI: https://doi.org/10.1007/978-3-642-21554-4_5
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-21553-7
Online ISBN: 978-3-642-21554-4
eBook Packages: Computer ScienceComputer Science (R0)