• PDF / 1,725,317 Bytes
• 14 Pages / 430 x 659.996 pts Page_size
• 18 Downloads / 204 Views

DOWNLOAD

REPORT

AMESYS, 1030, Avenue Guillibert de la Lauzire, 13794 Aix-en-Provence, Cedex 3, France [email protected] 2 INSIDE CONTACTLESS 41 Parc Club du Golf 13856 Aix-en-Provence, Cedex 3, France [email protected]

Abstract. Power Analysis has been intensively studied since the first publications in 1996 and many related attacks on naive implementations have been proposed. Nowadays algorithms in tamper resistant devices are protected by different countermeasures most often based on data randomization such as the BRIP algorithm on ECC and its RSA derivative. However not all of them are really secure or in the best case proven to be secure. In 2005, Yen, Lien, Moon and Ha introduced theoretical power attacks on some classical and BRIP exponentiation implementations, characterized by the use of a chosen input message value ±1. The first part of our article presents an optimized implementation for BRIP that takes advantage of the Montgomery modular arithmetic to speed up the mask inversion operation. An extension of the Yen et al. attack, based on collision detection through power analysis, is also presented. Based on this analysis we give security advice on this countermeasure implementation and determine the minimal random length to reach an appropriate level of security. Keywords: Power analysis, collision attacks, RSA, BRIP, modular multiplication and exponentiation.

1

Introduction

Asymmetric cryptography was introduced by Diffie and Hellman [DH76] in 1976. The most widely used algorithms today are: RSA [RSA78] invented in 1978 by Rivest, Shamir, and Adleman, and elliptic curve cryptosystems (ECC) independently introduced by Koblitz [Kob87] and Miller [Mil86]. Compared with symmetric cryptography, public key algorithms are computationally very intensive. In practice long integer arithmetic is most often handled by specific coprocessors designed for efficient computation in GF (p). This is the case for embedded solutions with strict power consumption and/or timing constraints. Initially smart cards were considered inherently tamper resistant because any private data was embedded and thus physically inaccessible to an unauthorized J.A. Onieva et al. (Eds.): WISTP 2008, LNCS 5019, pp. 136–149, 2008. c IFIP International Federation for Information Processing 2008 

On the BRIP Algorithms Security for RSA

137

user. However in 1996 timing attacks were publicly introduced by Kocher in [Koc96]. Two years later he also introduced power analysis attacks with Jaffe and Jun [KJJ99]. Side Channel Analysis (SCA) is a group of techniques including simple power analysis (SPA) and differential power analysis (DPA). SCA threatens any naive cryptographic algorithm implementation. Since these first articles were published, power analysis has been widely investigated, some publications have focused on countermeasures and their drawbacks [FV03, MPO05, YLMH05] whereas others have focused on improving the efficiency of the attacks [ABDM00, BK03, BCO04]. One such countermeasure is the Binary with Random Initial Point (BRIP) algorithm(s) by Mamiya, Miyaji, M

Recommend Documents

Comparative Study of RSA with Optimized RSA to Enhance Security

201 6 57MB

Data Security in Cloud Using RSA and GNFs Algorithms an Integrated Approach

211 19 52MB

A Review on the Effectiveness of Machine Learning and Deep Learning Algorithms for Cyber Security

227 85 1MB

SoK: Comparison of the Security of Real World RSA Hash-and-Sign Signatures

164 99 5MB

An Enhance Security of the Color Image Using Asymmetric RSA Algorithm

186 103 772KB

A New Attack on Three Variants of the RSA Cryptosystem

185 61 188KB

Algorithms and values in justice and security

141 20 1MB

The RSA Public-Key Encryption Algorithm

173 110 2MB

Royal Scottish Academy (RSA)

152 64 23MB

Machine learning algorithms for improving security on touch screen devices: a survey, challenges and new perspectives

154 24 1MB

New Methods and Abstractions for RSA-Based Forward Secure Signatures

168 53 10MB

Simple algorithms for creating random-element stereograms on the Macintosh

138 59 1MB