Issue No. 06 - June (2010 vol. 59)
DOI Bookmark: http://doi.ieeecomputersociety.org/10.1109/TC.2009.176
Naofumi Homma , Tohoku University, Sendai
Atsushi Miyamoto , Tohoku University, Sendai
Takafumi Aoki , Tohoku University, Sendai
Akashi Satoh , National Institute of Advanced Industrial Science and Technology, Tokyo
Adi Shamir , Weizmann Institute of Science, Rehovot
This paper proposes new chosen-message power-analysis attacks for public-key cryptosystems based on modular exponentiation, where specific input pairs are used to generate collisions between squaring operations at different locations in the two power traces. Unlike previous attacks of this kind, the new attack can be applied to all standard implementations of the exponentiation process, namely binary (left-to-right and right-to-left), m-ary, and sliding window methods. The proposed attack can also circumvent typical countermeasures, such as the Montgomery powering ladder and the double-add algorithm. The effectiveness of the attack is demonstrated in experiments with hardware and software implementations of RSA on an FPGA and a PowerPC processor, respectively. In addition to the new collision generation methods, a highly accurate waveform matching technique is introduced for detecting the collisions even when the recorded signals are noisy and there is a certain amount of clock jitter.
Side-channel attacks, power-analysis attacks, RSA, modular exponentiation, waveform matching.
A. Shamir, T. Aoki, A. Miyamoto, N. Homma and A. Satoh, "Comparative Power Analysis of Modular Exponentiation Algorithms," in IEEE Transactions on Computers, vol. 59, no. , pp. 795-807, 2009.