On the Importance of Protecting ∆ in SFLASH against Side Channel Attacks

	This Article
	Subscribers, please Login Purchase article: $19 PDF IEEE Xplore Subscribers RSS feed
	Share
	Email this Article to a friend
	Bibliographic References
	ASCII Text BibTex RefWorks Procite/RefMan/Endnote
	Add to:
	Digg Furl Spurl Blink Simpy Google Del.icio.us Y!MyWeb
	Search
	Similar Articles Articles by Katsuyuki Okeya Articles by Tsuyoshi Takagi Articles by Camille Vuillaume

International Conference on Information Technology: Coding and Computing (ITCC'04) Volume 2

Las Vegas, Nevada

April 05-April 07

ISBN: 0-7695-2108-8

	ASCII Text	x
	Katsuyuki Okeya, Tsuyoshi Takagi, Camille Vuillaume, "On the Importance of Protecting ∆ in SFLASH against Side Channel Attacks," Information Technology: Coding and Computing, International Conference on, vol. 2, pp. 560, International Conference on Information Technology: Coding and Computing (ITCC'04) Volume 2, 2004.

	BibTex	x
	@article{ 10.1109/ITCC.2004.1286713, author = {Katsuyuki Okeya and Tsuyoshi Takagi and Camille Vuillaume}, title = {On the Importance of Protecting ∆ in SFLASH against Side Channel Attacks}, journal ={Information Technology: Coding and Computing, International Conference on}, volume = {2}, year = {2004}, isbn = {0-7695-2108-8}, pages = {560}, doi = {http://doi.ieeecomputersociety.org/10.1109/ITCC.2004.1286713}, publisher = {IEEE Computer Society}, address = {Los Alamitos, CA, USA}, }

	RefWorks Procite/RefMan/Endnote	x
	TY - CONF JO - Information Technology: Coding and Computing, International Conference on TI - On the Importance of Protecting ∆ in SFLASH against Side Channel Attacks SN - 0-7695-2108-8 SP EP A1 - Katsuyuki Okeya, A1 - Tsuyoshi Takagi, A1 - Camille Vuillaume, PY - 2004 KW - Asymmetric Signature KW - SFLASH KW - Side Channel Attacks KW - SHA-1 KW - C * KW - C *-- KW - Hidden Monomial Problem VL - 2 JA - Information Technology: Coding and Computing, International Conference on ER -

Katsuyuki Okeya, Hitachi, Ltd., Yokohama, Japan

Tsuyoshi Takagi, Technische Universit?t Darmstadt, Germany

Camille Vuillaume, Technische Universit?t Darmstadt, Germany

DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/ITCC.2004.1286713

SFLASH was chosen as one of the final selection of the NESSIE project in 2003. It is one of the most efficient digital signature scheme and is suitable for implementation on memory-constrained devices such as smartcards. Side channel attacks (SCA) are a serious threat to memory-constrained devices. If the implementation on them is careless, we are able to break the secret key. In this paper, we experimentally analyze the effectiveness of a side channel attack on SFLASH. There are two different secret keys for SFLASH, namely the proper secret key (s, t) and the random seed ∆ used for the has function SHA-1. Whereas many papers discussed the security of (s, t), little is known about that of ∆. Steinwandt et al. proposed a theoretical DPA on finding ∆ by observing the XOR operations. We propose another DPA on ∆ using the addition operation modulo 2³², and present an experimental result of the DPA. After obtaining the secret key ∆, the underlying problem of SFLASH can be reduced to the C* problem broken by Patarin. From our simulation, about 1408 pairs of messages and signatures are needed to break SFLASH. Consequently, we have to carefully implement SHA-1 in order to resist SCA on SFLASH.

Index Terms:

Asymmetric Signature, SFLASH, Side Channel Attacks, SHA-1, C *, C *--, Hidden Monomial Problem

Citation:

Katsuyuki Okeya, Tsuyoshi Takagi, Camille Vuillaume, "On the Importance of Protecting ∆ in SFLASH against Side Channel Attacks," itcc, vol. 2, pp.560, International Conference on Information Technology: Coding and Computing (ITCC'04) Volume 2, 2004

Peer Review Notice | Give Us Feedback

Usage of this product signifies your acceptance of the Terms of Use.