Horizontal Correlation Analysis on Exponentiation
| hal.structure.identifier | DMI | |
| dc.contributor.author | CLAVIER, Christophe | |
| hal.structure.identifier | INSIDE CONTACTLESS | |
| dc.contributor.author | FEIX, Benoit | |
| hal.structure.identifier | DMI | |
| dc.contributor.author | GAGNEROT, Georges | |
| hal.structure.identifier | INSIDE CONTACTLESS | |
| dc.contributor.author | ROUSSELLET, Mylène | |
| hal.structure.identifier | Lithe and fast algorithmic number theory [LFANT] | |
| dc.contributor.author | VERNEUIL, Vincent | |
| dc.date.accessioned | 2024-04-04T02:56:30Z | |
| dc.date.available | 2024-04-04T02:56:30Z | |
| dc.date.issued | 2010-07-12 | |
| dc.identifier.uri | https://oskar-bordeaux.fr/handle/20.500.12278/192469 | |
| dc.description.abstractEn | Power Analysis has been widely studied since Kocher et al. presented in 1998 the initial Simple and Differential Power Analysis (SPA and DPA). Correlation Power Analysis (CPA) is nowadays one of the most powerful techniques which requires, as classical DPA, many execution curves for recovering secrets. We introduce in this paper a technique in which we apply correlation analysis using only one execution power curve during an exponentiation to recover the whole secret exponent manipulated by the chip. As in the Big Mac attack from Walter, longer keys may facilitate this analysis and success will depend on the arithmetic coprocessor characteristics. We present the theory of the attack with some practical successful results on an embedded device and analyze the efficiency of classical countermeasures with respect to our attack. Our technique, which uses a single exponentiation curve, cannot be prevented by exponent blinding. Also, contrarily to the Big Mac attack, it applies even in the case of regular implementations such as the square and multiply always or the Montgomery ladder. We also point out that DSA and Diffie-Hellman exponentiations are no longer immune against CPA. Then we discuss the efficiency of known countermeasures, and we finally present some new ones. | |
| dc.language.iso | en | |
| dc.subject.en | Public Key Cryptography | |
| dc.subject.en | Side-Channel Analysis | |
| dc.subject.en | Horizontal and Vertical Power Analysis | |
| dc.subject.en | Exponentiation | |
| dc.subject.en | Arithmetic Coprocessors | |
| dc.title.en | Horizontal Correlation Analysis on Exponentiation | |
| dc.type | Rapport | |
| dc.subject.hal | Informatique [cs]/Cryptographie et sécurité [cs.CR] | |
| bordeaux.hal.laboratories | Institut de Mathématiques de Bordeaux (IMB) - UMR 5251 | * |
| bordeaux.institution | Université de Bordeaux | |
| bordeaux.institution | Bordeaux INP | |
| bordeaux.institution | CNRS | |
| bordeaux.type.institution | IACR Cryptology ePrint Archive | |
| bordeaux.type.report | rr | |
| hal.identifier | hal-02486982 | |
| hal.version | 1 | |
| hal.origin.link | https://hal.archives-ouvertes.fr//hal-02486982v1 | |
| bordeaux.COinS | ctx_ver=Z39.88-2004&rft_val_fmt=info:ofi/fmt:kev:mtx:journal&rft.date=2010-07-12&rft.au=CLAVIER,%20Christophe&FEIX,%20Benoit&GAGNEROT,%20Georges&ROUSSELLET,%20Myl%C3%A8ne&VERNEUIL,%20Vincent&rft.genre=unknown |
Files in this item
| Files | Size | Format | View |
|---|---|---|---|
|
There are no files associated with this item. |
|||