Zhijie Jerry Shi,Fan Zhang

2006-01-01

Abstract:Elliptic curve cryptography (ECC) has attracted a lot of attention because it can provide similar levels of security with much shorter keys than the arithmetic of multiple-precision integers in finite fields, which has been widely used in many public-key and key-exchange algorithms. Small key sizes are especially important to resource constrained devices as shorter keys require less storage space and consume less power to transmit and compute. However, ECC algorithms are vulnerable to power analysis attacks, which exploit the instantaneous power consumptions of computing devices to retrieve secret data. Many countermeasures have been proposed to make ECC implementations secure against power analysis. One of the approaches is randomized algorithms that generate different power traces even if the input of the algorithm is the same. For example, the randomized scalar point multiplication algorithm proposed by Oswald et al. combines two algorithms and uses random variables to decide which algorithm to follow at different stages of the execution. The randomized algorithm can thwart traditional power analysis attacks. However, in this paper, we propose an effective attack on the randomized algorithms. Our attack does not require a large number of power traces and has a very high success rate.

Fan Zhang,Zhijie Jerry Shi

DOI: https://doi.org/10.1109/ITNG.2008.183

2008-01-01

Abstract:Elliptic curve cryptography (ECC) has been adopted in many systems because it requires shorter keys than traditional public-key algorithms in primary fields. However, power analysis attacks can exploit the power consumption of ECC devices to retrieve secret keys. In this paper, we propose an efficient window-based countermeasure that is secure against existing power analysis attacks. Compared to previous counter- measures, our method has low memory overhead, requiring only a table of w+1 entries when the window size is w bits. It also has better performance than many algorithms that perform one point addition or subtraction for every bit in the scalar.

谢满德,沈海斌,竺红卫

DOI: https://doi.org/10.3969/j.issn.1004-3365.2004.06.003

2004-01-01

Abstract:The fundamental principle of differential power analysis (DPA) attacks against universal cryptosystems and a particular theory of DPA attacks against data encryption standard (DES) algorithm are described in detail. An improved algorithm is proposed for DPA. Based on the analysis of noise characteristics of the power signals, an approach to modeling the signal-to-noise ratio (SNR) is proposed and corresponding theory is demonstrated. Finally, experimental results of the algorithm are presented.

Lihui Wang,Qing Li,Zhimin Zhang,Weijun Shan,David Wei Zhang

DOI: https://doi.org/10.2991/iset-15.2015.29

2015-01-01

Abstract:Elliptic Curve Cryptography (ECC) is becoming widely deployed in embedded cryptographic devices. However, simple power analysis (SPA) attacks may retrieve secret keys by exploiting the power consumption of ECC devices. To resist the SPA attack there appear a number of countermeasures and the most widely used methods are Montgomery ladder and double-and-add-always algorithm. This paper proposes a refined simple power analysis attack to these countermeasures. Experimental results on smart cards demonstrate that this attack method can retrieve secret keys by distinguishing the power consumption of different jump instructions if the implementation of ECC's countermeasure is not carefully designed. The experiments also demonstrate that the proposed countermeasure in this paper can resist this kind of SPA attack

Dongmei Xue,Xiaole Cui,Chung-Len Lee,Lifei Liu,Shijie Zhang

DOI: https://doi.org/10.1109/icsict.2014.7021566

2014-01-01

Abstract:Elliptic Curve Cryptography is a popular algorithm since it can achieve good security level with a small key size. However, the ECC hardware is suffering from some side channel attacks, such as Differential power-analysis (DPA), which can retrieve secret keys by analyzing power consumption of the attacked devices. In this paper, a countermeasure to secure the modular multiplication, an important operation of Elliptic Curve Cryptography, with randomization method is studied. The experiment results show that unprotected device reveal the secret key within 1000 power traces, while the protected one can defend DPA attack with 105 power traces, with only 8% additional area cost.

Xiaofei Dong,Fan Zhang,Samiya Queshi,Yiran Zhang,Ziyuan Liang,Bolin Yang,Feng Gao

DOI: https://doi.org/10.1109/asianhost.2018.8607162

2018-01-01

Abstract:Random delay insertion is a simple yet rather effective technique to increase the difficulty for traditional power analysis. However as compared to the random masking technique, it is uncommonly used as a countermeasure considering the frequency analysis. In this paper, it is investigated that the frequency analysis may not work as efficiently as expected when facing to advanced random delay countermeasures. Hence, a novel attack is proposed which is in the wavelet domain. After preprocessing the wavelet coefficients of power traces with wavelet decomposition, the effects of multiple random delays can be removed. Two attack strategies are proposed to recover the secret key: either indirectly from the reconstructed power traces without random delays or directly from the processed wavelet coefficients. Our experimental results show that the wavelet-based power analysis attack can perform much better than those frequency-based ones, which is evaluated through several standard metrics to show the efficiency and robustness.

DENG Qiu-cheng,BAI Xue-fei,GUO Li,WANG Yao

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2011.02.034

2011-01-01

Abstract:In this paper,we described a differential power analysis attack on the Montgomery Ladder algorithm based on the finite field GF(2m).We first implemented the algorithm with Verilog HDL,and then synthesized it to the netlist using the Charted 0.35μm CMOS technology,thus we can get the power information accurately.We performed a ZEMD differential power analysis attack on this algorithm subsequently,and use the abscissa of P2,a variable of the Montgomery Ladder algorithm,as the intermediate variable to classify the power curves,the result shows that the Montgomery Ladder algorithm couldn′t resist the ZEMD differential power analysis attack.So the algorithm is not secure enough,we need to take some more protective measures in practice.

Liu Lifei,Cui Xiaole,Ran Yalin,Cui Xiaoxin

DOI: https://doi.org/10.1109/ASICON.2015.7517206

2015-01-01

Abstract:Elliptic Curve Cryptosystem (ECC) is one of the most advantageous cryptosystems because of the shortened number of key bits when compared with RSA at the same security level. However, just as the other cryptosystems, ECC hardware is vulnerable to the side-channel analysis attacks which have been proposed. Power Analysis Attack (PA), as one of the most popular side-channel analysis attacks, is implemented easily, so more and more works concentrate on it. This work proposes a countermeasure to resist against Power Analysis. Then we design a unified hardware architecture which is multi-purpose and implementation to verify the effectiveness of the proposed method. The experiment results of FPGA verification platform show that the protected hardware can defend DPA with up to 105 measured power traces.

Zhao Yanguang,Bai Guoqiang,Chen Hongyi,Liu Ming

DOI: https://doi.org/10.3321/j.issn:1002-8331.2006.16.009

2006-01-01

Abstract:The paper introduces simple power analysis to an ASIC chip in which elliptic curve cryptography is implemented.With simple power analysis,the 192-bit secret key of the chip is explored in 20 minutes.At the end,the countermeasure is proposed based on the original algorithm in the chip and the simulation shows that the countermeasure is secure enough.

Wei Ge,Shenghua Chen,Benyu Liu,Min Zhu,Bo Liu

DOI: https://doi.org/10.1587/transinf.2019edp7308

2020-01-01

IEICE Transactions on Information and Systems

Abstract:Side-channel Attack, such as simple power analysis and differential power analysis (DPA), is an efficient method to gather the key, which challenges the security of crypto chips. Side-channel Attack logs the power trace of the crypto chip and speculates the key by statistical analysis. To reduce the threat of power analysis attack, an innovative method based on random execution and register randomization is proposed in this paper. In order to enhance ability against DPA, the method disorders the correspondence between power trace and operands by scrambling the data execution sequence randomly and dynamically and randomize the data operation path to randomize the registers that store intermediate data. Experiments and verification are done on the Sakura-G FPGA platform. The results show that the key is not revealed after even 2 million power traces by adopting the proposed method and only 7.23% slices overhead and 3.4% throughput rate cost is introduced. Compared to unprotected chip, it increases more than 4000x measure to disclosure.

Lihui Wang,Qing Li,Gang Zhang,Jun Yu,Zhimin Zhang,Limin Guo,David Wei Zhang

DOI: https://doi.org/10.1109/CIS.2015.85

2015-01-01

Abstract:Elliptic Curve Cryptography (ECC) is becoming widely deployed in embedded cryptographic devices because of the reduced number of key bits. However, the side-channel attacks especially simple side-channel analysis (SPA) can obtain secret keys by measuring power consumption. To resist this attack there appear a number of countermeasures such as Montgomery ladder and double-and-add-always algorithm. This paper proposes a new simple power analysis attack to these countermeasures by distinguishing the conditional subtraction of Montgomery modular multiplication (MMM). Experimental results on smart cards demonstrate that this attack method can retrieve secret keys easily in several seconds using one power trace. Several countermeasures that can resist this kind of SPA attack are also demonstrated in this paper.

ZHAO Yan-guang,BAI Guo-qiang,CHEN Hong-yi

DOI: https://doi.org/10.3969/j.issn.1000-7180.2006.12.023

2006-01-01

Abstract:This paper describes a differential power analysis(DPA)against an implementation of elliptic curve cryptosystem(ECC)on an ASIC chip.In the chip,the method used for scalar multiplication of ECC is Montgomery Ladder which is a basic algorithm used to resist DPA.We perform a detailed MESD differential power analysis attack the ECC chip,the result shows that Montgomery Ladder is vulnerable to MESD.So,K.Itoh is wrong and the ECC chip with Montgomery Ladder is not secure enough,some other countermeasures must be adopted to enhance the ECC chip.

Souhir Gabsi,Yassin Kortli,Vincent Beroulle,Yann Kieffer,Belgacem Hamdi

DOI: https://doi.org/10.1007/s11042-024-18368-9

IF: 2.577

2024-02-18

Multimedia Tools and Applications

Abstract:Elliptical curves are dedicated for several security applications including Radio Frequency Identification (RFID) devices, smart cards, bankcards, etc. To guarantee effective security of such applications, these cryptographic systems require effective resistance to various types of physical attack. Differential Power-Analysis (DPA) attacks were considered the most efficient attacks against scalar multiplication calculation algorithms. In this paper, we propose a countermeasure method against the DPA attacks, for a scalar multiplication algorithm that is basically secure against Simple Power Analysis (SPA) and safe-error attacks. Our proposal is intended for Elliptic Curves Cryptosystems (ECC) algorithms dedicated to low cost applications. We first introduce the different types of side-channel attacks that ECC-based cryptographic algorithms can suffer, as well as their countermeasure methods existing in the literature. We then present an optimized hardware implementation of the most effective scalar multiplication algorithm against SPA and safe-error attacks. Finally, we present our proposed DPA countermeasure method and its effectiveness against other extensions of DPA attacks. Our proposed method is similar to the Basic Random Initial Point (BRIP) method except that the latter is only applicable for the left-to-right algorithm. The proposed method is based on the randomization of processed data during the computation of the scalar multiplication algorithm and prevents vulnerability to Zero-value Point Attack (ZPA), Refined Power analysis (RPA) attack and double attack. In the last part of our paper, we present comparative analysis in terms of computational cost between our proposed method and other countermeasure algorithms presented in the literature, such as Montgomery-ladder, the BRIP algorithm, the left-to-right algorithm and the Co-Z Mont-Ladder algorithm.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

HAN Jun,ZENG Xiaoyang,TANG Tingao

DOI: https://doi.org/10.3969/j.issn.1000-3428.2007.02.003

2007-01-01

Abstract:Differential power analysis attack(DPA) is a powerful tool for retrieving secrets embedded in cryptographic devices and it has been a considerable threat to the information security system.As an attractive countermeasure,inserting random time delay into device’s running process is a straightforward and effective method.This paper presents the theoretical modeling on timing randomization against power analysis attacks,and gives the threshold condition to resist DPA.In order to obtain the minimal amount of overhead,it investigates different probability distributions of random delay.The optimized probability distributions are proposed,when random delays are inserted one or two times.

Shuo Wang,Fan Zhang,Jianwei Dai,Lei Wang,Zhijie Jerry Shi

DOI: https://doi.org/10.1109/iccd.2008.4751919

2008-01-01

Abstract:Power analysis attacks are a type of side-channel attacks that exploits the power consumption of computing devices to retrieve secret information. They are very effective in breaking many cryptographic algorithms, especially those running in low-end processors in embedded systems, sensor nodes, and smart cards. Although many countermeasures to power analysis attacks have been proposed, most of them are software based and designed for a specific algorithm. Many of them are also found vulnerable to more advanced attacks. Looking for a low-cost, algorithm-independent solution that can be implemented in many processors and makes all cryptographic algorithms secure against power analysis attacks, we start with register file, where the operands and results of most instructions are stored. In this paper, we propose RFRF, a register file that stores data with a redundant flipped copy. With the redundant copy and a new precharge phase in write operations, RFRF provides data-independent power consumption on read and write for cryptographic algorithms. Although RFRF has large energy overhead, it is only enabled in the security mode. We validate our method with simulations. The results show that the power consumption of RFRF is independent of the values read out from or written to registers. Thus RFRF can help mitigate power analysis attacks.

Jean-Sébastien Coron

DOI: https://doi.org/10.1007/3-540-48059-5_25

1999-01-01

Abstract:Differential Power Analysis, first introduced by Kocher et al. in [14], is a powerful technique allowing to recover secret smart card information by monitoring power signals. In [14] a specific DPA attack against smart-cards running the DES algorithm was described. As few as 1000 encryptions were sufficient to recover the secret key. In this paper we generalize DPA attack to elliptic curve (EC) cryptosystems and describe a DPA on EC Diffie-Hellman key exchange and EC El-Gamal type encryption. Those attacks enable to recover the private key stored inside the smart-card. Moreover, we suggest countermeasures that thwart our attack.

Jianwei Yang,Jun Han,Fan Dai,Weizhen Wang,Xiaoyang Zeng

DOI: https://doi.org/10.1109/tvlsi.2020.2971636

2020-01-01

IEEE Transactions on Very Large Scale Integration (VLSI) Systems

Abstract:Aimed at improving the resistance against power analysis attacks, a systematic and architectural design approach for multicore processors is proposed in this article and is demonstrated in an eight-core prototype platform with low performance overhead and hardware cost. In order to introduce randomness in both the time dimension and the amplitude dimension and make realignment extremely difficult, the proposed multicore platform leverages several methods together, such as random task scheduling (RTS), random insertion of operations (RIO), and frequency and phase randomization (FPR). Moreover, a power state monitoring and control (PSMC) scheme is proposed to defend against power analysis attacks by keeping enough background noises. A test chip of the proposed multicore processor is fabricated in Taiwan Semiconductor Manufacturing Company (TSMC) 65-nm CMOS LP technology and can operate at up to 800 MHz with a 1.2-V supply. The Advanced Encryption Standard (AES) algorithm with these randomization methods is implemented on the processor. Measurement results show that the correlation power analysis (CPA) attacks and the power analysis attacks based on convolutional neural networks (CNNs) are unsuccessful even with 2 000 000 power traces when all the countermeasures are used.

lihui wang,qing li,zhimin zhang,weijun shan,davidwei zhang

DOI: https://doi.org/10.2991/iset-15.2015.33

2015-01-01

Abstract:Elliptic curve cryptosystems (ECCs) are becoming more popular because of the reduced number of key bits required in comparison to other cryptosystems such as RSA. They are especially suited to smartcards because of the limited memory and computational power available on these devices. However, the side-channel attacks especially simple side-channel analysis (SPA) can obtain information about the cryptosystem by measuring power consumption and processing time. To resist this attack there appear a number of countermeasures and the most widely used methods are Montgomery ladder and double-and-add-always algorithm. This paper proposes a novel simple power analysis attack to these countermeasures. Experimental results on smart cards demonstrate that this attack method can retrieve secret keys by distinguishing the conditional subtraction of Montgomery modular multiplication (MMM). Several countermeasures that can resist this kind of SPA attack are also demonstrated in this paper.

Jianwei Yang,Fan Dai,Jielin Wang,Jianmin Zeng,Zhang,Jun Han,Xiaoyang Zeng

DOI: https://doi.org/10.1587/elex.15.20180084

2018-01-01

IEICE Electronics Express

Abstract:Power analysis attacks are major concerns among all kinds of side channel attacks. This paper proposes three kinds of countermeasures for Differential Power Analysis (DPA) attacks by fully exploiting characteristics of a many-core processor: (1) Data-level parallelism, (2) Random Dynamic Task Scheduling (RDTS), and (3) Random Dynamic Adjustment (RDA), which combines RDTS, Random Dynamic Frequency Scaling (RDFS) and Random Dynamic Phase Adjustment (RDPA). For the first time these techniques are applied to a multicore processor from the perspective of secure system design. AES algorithm with mentioned countermeasures is implemented on an 8-core processor. Simulation results show that these countermeasures considerably improve the system security with little performance overhead.

Liping Wang,Weike Wang,Rang Zhang,Xiang Wang

DOI: https://doi.org/10.1109/icsict.2014.7021344

2014-01-01

Abstract:Scalar multiplication algorithm is the core of the elliptic curve cryptosystem, and it plays a crucial role of the efficiency and security in the process operation of the encryption and decryption. Based on comprehensive analysis of NAF scalar multiplication algorithm and power analysis, this paper proposes a new NAF scalar multiplication algorithm, ensuring the same Hamming-weight with the NAF code and introducing the M-sequence into the random replacement process to achieve power randomization. It not only enhances the ability to work against SPA and DPA attacks, but also improves the storage efficiency, speed and security.