谢满德,沈海斌,竺红卫

DOI: https://doi.org/10.3969/j.issn.1004-3365.2004.06.003

2004-01-01

Abstract:The fundamental principle of differential power analysis (DPA) attacks against universal cryptosystems and a particular theory of DPA attacks against data encryption standard (DES) algorithm are described in detail. An improved algorithm is proposed for DPA. Based on the analysis of noise characteristics of the power signals, an approach to modeling the signal-to-noise ratio (SNR) is proposed and corresponding theory is demonstrated. Finally, experimental results of the algorithm are presented.

CHENG Wei,GU Da-wu,GUO Zheng,ZHANG Lei

DOI: https://doi.org/10.3969/j.issn.1002-0802.2011.06.043

2011-01-01

Abstract:As a fast RSA implementation,RSA-CRT is widely applied to computing-limited devices,such as smart cards.This paper describes a side channel attack against RSA-CRT implementation.By properly choosing input data,the power consumption of the intermediate value after the modular reduction is analyzed.This attack first determines the size of one of the primes,then based on it,takes another DPA attack and gets the byte-by-byte prime.The simulation experiment shows that this attack is effective,and relative to MRED,could reduce the number of needed power traces and raise the attack efficiency.

蒋惠萍,毛志刚

DOI: https://doi.org/10.3321/j.issn:0367-6234.2004.12.031

2004-01-01

Abstract:Side channel information could be used to analysis the key information according to leakage information depending on the operation of cryptography algorithm and its hardware. Fault analysis (Bellcore-Lenstra) and power analysis are the chief attack methods. Because of high effectiveness with low cost, the problem of side channel information attacks during the design of RSA-CRT cryptography coprocessor should be think better. In order to maximize the cost perforance, MASK and removing intermediate value technique are introduced into RSA-CRT, which cost only more 30% timing to realize secure RSA-CRT algorithm. Contemporary the effectiveness of advanced RSA-CRT is illuminated briefly.

Chao Cui,Yun Zhao,Yong Xiao,Weibin Lin,Di Xu

DOI: https://doi.org/10.1007/978-3-030-70665-4_180

2021-01-01

Abstract:As an asymmetric encryption algorithm, RSA is currently known as the ripest and most widely used one. However, it is showed in many documents in recent years that RSA algorithm is lack of security, due to its weakness in defending side channel attacks, especially power analysis attacks. This paper proposes an RSA coprocessor resistant to power analysis attack, which adds pseudo operation and exponential randomization masking to defend SPA and DPA. Then, this paper improves the speed of RSA by using 256-base subtracted-free Montgomery multiplier combining with two-layer Karatsuba multiplier and CSA adder. This design is able to be implemented on both FPGA and ASIC. With a technology of 100 MHz clock frequency and SMIC 130 nm process, DC synthesis is implemented as well. The experiment result shows that our 1024-bit RSA design costs an area of 310 K gates and has a throughput of 110 Kbps.

REN Yanting,WU Liji,LI Xiangyu,WANG An,ZHANG Xiangmin

DOI: https://doi.org/10.16511/j.cnki.qhdxxb.2016.23.012

2016-01-01

Abstract:RSA is the most widely used public-key algorithm,and is specified as the signature algorithm in bank IC cards.The unprotected RSA implementation is vulnerable to side-channel attacks as pointed out in several works.Due to the complexity of the algorithm,the power consumption of an RSA module is usually high.A side channel resistant,efficient and low-power RSA processor was designed using countermeasures against side-channel attacks based on the Montgomery ladder with a modified Montgomery algorithm then proposed,which combines CIOS and Karatsuba algorithms.The computation time of modular multiplication can be reduced by 25％ with the length of RSA being configurable and up to 2 048 bits.The proposed RSA module was verified with C * Core C0 in FPGA board.With SMIC 0.13μm CMOS process,the EDA synthesis result indicates that the area is about 24 000 gates,and the throughput of 1024-bit RSA is 8.3 kb/s under the frequency of 30 MHz with the power consumption of 1.15 mW.

Shourong Hou,Yujie Zhou,Hongming Liu,Nianhao Zhu

DOI: https://doi.org/10.1109/iccsn.2017.8230283

2017-01-01

Abstract:Power Analysis (PA) is a powerful method to extract leakage information from theoretically secure cryptographic devices. In general, Differential Power Analysis (DPA) correlates the processed data with power consumption of devices through statistical analysis to reveal systems' secret key. A common approach to counteract DPA is a low-entropy lightweight masking strategy. This masking scheme, known as Rotating S-Boxes Masking (RSM), has inherent flaws in masks' hamming weights for software implementation. In this paper, an improved DPA (IDPA) for the RSM countermeasure is proposed in terms of smaller computational complexity and better success rate of recovering the secret key. Using the public power traces provided by the latest DPA Contest, we come to the conclusion that the IDPA method takes as low as 20 traces to retrieve the first 128-bits secret key when analyzing the first-order leakage information. Furthermore, our approach reduces significantly the number of traces, but still gets better attack effects compared with other DPA methods.

Fan Zhang,Zhijie Jerry Shi

DOI: https://doi.org/10.1109/itng.2007.152

2007-01-01

Abstract:Power analysis can exploit the instantaneous power consumptions of elliptic curve cryptography (ECC) devices and retrieve secret keys. Many countermeasures have been proposed to make ECC implementations secure. One of the approaches is the randomized algorithms proposed by Oswald et al., which combine two scalar point multiplication algorithms and use random variables to decide which algorithm to follow at different stages of the computation. In this paper, we describe a power analysis attack that can break randomized automata proposed by Oswald et al. effectively, even with a small number of power traces

Fan Zhang,Zhijie Jerry Shi

DOI: https://doi.org/10.1109/ITNG.2008.183

2008-01-01

Abstract:Elliptic curve cryptography (ECC) has been adopted in many systems because it requires shorter keys than traditional public-key algorithms in primary fields. However, power analysis attacks can exploit the power consumption of ECC devices to retrieve secret keys. In this paper, we propose an efficient window-based countermeasure that is secure against existing power analysis attacks. Compared to previous counter- measures, our method has low memory overhead, requiring only a table of w+1 entries when the window size is w bits. It also has better performance than many algorithms that perform one point addition or subtraction for every bit in the scalar.

Shuo Wang,Fan Zhang,Jianwei Dai,Lei Wang,Zhijie Jerry Shi

DOI: https://doi.org/10.1109/iccd.2008.4751919

2008-01-01

Abstract:Power analysis attacks are a type of side-channel attacks that exploits the power consumption of computing devices to retrieve secret information. They are very effective in breaking many cryptographic algorithms, especially those running in low-end processors in embedded systems, sensor nodes, and smart cards. Although many countermeasures to power analysis attacks have been proposed, most of them are software based and designed for a specific algorithm. Many of them are also found vulnerable to more advanced attacks. Looking for a low-cost, algorithm-independent solution that can be implemented in many processors and makes all cryptographic algorithms secure against power analysis attacks, we start with register file, where the operands and results of most instructions are stored. In this paper, we propose RFRF, a register file that stores data with a redundant flipped copy. With the redundant copy and a new precharge phase in write operations, RFRF provides data-independent power consumption on read and write for cryptographic algorithms. Although RFRF has large energy overhead, it is only enabled in the security mode. We validate our method with simulations. The results show that the power consumption of RFRF is independent of the values read out from or written to registers. Thus RFRF can help mitigate power analysis attacks.

Dongmei Xue,Xiaole Cui,Chung-Len Lee,Lifei Liu,Shijie Zhang

DOI: https://doi.org/10.1109/icsict.2014.7021566

2014-01-01

Abstract:Elliptic Curve Cryptography is a popular algorithm since it can achieve good security level with a small key size. However, the ECC hardware is suffering from some side channel attacks, such as Differential power-analysis (DPA), which can retrieve secret keys by analyzing power consumption of the attacked devices. In this paper, a countermeasure to secure the modular multiplication, an important operation of Elliptic Curve Cryptography, with randomization method is studied. The experiment results show that unprotected device reveal the secret key within 1000 power traces, while the protected one can defend DPA attack with 105 power traces, with only 8% additional area cost.

LI Zhi-yuan,BAI Xue-fei,GUO Li

DOI: https://doi.org/10.19304/j.cnki.issn1000-7180.2010.02.032

2010-01-01

Abstract:In this paper,the defense mechanism of differential power analysis attacks on the RSA cipher algorithm is discussed.Based on analyses of self-randomized modular exponentiation algorithm,a new side-channel atomic strict self-randomized modular exponentiation algorithm is proposed in which a BBS random number generator and the side-channel atomic technology are applied to improve the original algorithm.The results of simulation experiments indicate that this method is effective and practical to prevent differential power analysis attacks.

yijie ge,zheng guo,zhigang mao,junrong liu,jiachao chen

DOI: https://doi.org/10.2991/csic-15.2015.14

2015-01-01

Abstract:Security of cryptographic embedded devices has become a prevalent concern, especially since the introduction of Differential Power Analysis (DPA) by Paul Kocher et al. In the past years, many efforts have been made to improve the resistance against Side Channel Attack (SCA) of cryptographic devices. Among the countermeasures, masking is a typical and efficient strategy. However, a number of effective attacks on masked cryptographic devices have been developed in recent years, and this paper continues this line of research. On theory, a DES with a masking scheme is secure under first order SCA, but we dig out a new leakage problem which makes it possible to attack a masked DES without using higher-order power analysis. Concretely, we perform a first-order correlation power analysis based on the leakage relationship between two different arithmetic components of DES. And the reason for this leakage is analyzed and verified by us through simulation and real card attacks.

Xiaowei Han,Beibei Wang,An Wang,Liji Wu,Woogeun Rhee

DOI: https://doi.org/10.1109/CIS.2014.116

2014-01-01

Abstract:SM2 is a public-key cryptography algorithm which is based on elliptic curves. Since the side channel leakage of devices can be used to deduce the information of secret keys, algorithms to implement SM2 need to be improved. In this paper, we propose an initialized masking scalar multiplication algorithm (IMSM), a modified atomic point doubling and point addition algorithm (MADA), and a transformed formula countermeasure (TFCS). Analysis shows they can resist Simple Power Analysis (SPA), Differential Power Analysis and Template Attacks. IMSM and MADA have been verified to resist SPA on FPGA board successfully. Compared to Binary Expansion with RIP algorithm, 28.6% calculations can be saved when the scalar is divided into four parts, which is rather fast.

Thomas Roche,Cédric Tavernier

DOI: https://doi.org/10.48550/arXiv.0906.0237

2009-06-01

Cryptography and Security

Abstract:Power analysis attacks against embedded secret key cryptosystems are widely studied since the seminal paper of Paul Kocher, Joshua Ja, and Benjamin Jun in 1998 where has been introduced the powerful Differential Power Analysis. The strength of DPA is such that it became necessary to develop sound and efficient countermeasures. Nowadays embedded cryptographic primitives usually integrate one or several of these countermeasures (e.g. masking techniques, asynchronous designs, balanced dynamic dual-rail gates designs, noise adding, power consumption smoothing, etc. ...). This document presents a simple, yet interesting, countermeasure to DPA and HO-DPA attacks, called brutal countermeasure and new power analysis attacks using multi-linear approximations (MLPA attacks) based on very recent and still unpublished results of Tavernier et al..

Yezhen Liang,Guoqiang Bai

DOI: https://doi.org/10.1109/ICIS.2014.6912137

2014-01-01

Abstract:An effective randomized window-scanning RSA scheme resistant to power analysis is presented in this paper. Unlike the traditional countermeasures such as message blinding or the multiply-always exponentiation scheme, our proposal focuses on randomizing the position information of the exponentiation bits which is a brand new direction for anti-power analysis research. Experimental results show that it works effectively against power analysis with a minimum overhead compared with other countermeasures.

Cong Chen,Xiangyu Li,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/ICSICT.2010.5667831

2010-01-01

Abstract:In this paper, an automatic general-purpose Differential Power Analysis (DPA) System for cryptographic devices is designed and implemented. This system aims at testing the security of cryptographic devices, e.g., Smart Card, FPGA and ASIC circuit against DPA attacks. To verify the effectiveness of the system, a DPA attack was successfully carried out by it on an AES cryptographic ASIC chip which had countermeasures implemented in it. The experimental results showed that the correct cipher key of this AES chip could be obtained during less than 3 hours of data processing time with at least 5000 power traces.

Jiajia Shao,Liji Wu,Xiangmin Zhang

DOI: https://doi.org/10.1109/asicon.2013.6811995

2013-01-01

Abstract:Bank IC card is widely used in financial industry and its demands on low power and security are urgent. RSA used for digital signature is the most energy-consuming part in bank IC card and threatened by side-channel attacks. In this paper, a low-power 1024/2048-bit RSA module is proposed and it's verified with C*Core C0 in FPGA board. Design Compiler synthesis result indicates that RSA occupies 30k gates and the throughput is 9.23 Kbps under the frequency of 30MHz with SMIC 0.18um process. The highest frequency of RSA can reach 161MHz. Primetime estimation report shows that power consumption of simulation is 7.09 mw. This design adopts Montgomery algorithm, improves FIPS algorithm with combination of modular multiplication and modular square. The efficiency of modular square is improved by 23.78%. Adder and multiplier are reused in both pre-process and FIPS parts. This leads to calculation acceleration and smaller area. Clock-gating and operand isolation are applied to reduce the unnecessary flip-flops of registers and lower the power dissipation. In addition, Montgomery powering ladder is used to resist side-channel attacks from algorithm level. Therefore this design is feasible for bank IC card.

Zhibo Wang,Wei Ma,Bei Gong

DOI: https://doi.org/10.1109/smartblock52591.2020.00023

2020-01-01

Abstract:RSA encryption algorithm is widely used in information and communication systems to protect the security of information. But the protocol failure would bring a lot of risks to RSA encryption systems. In this paper, the security of RSA encryption system and detailed risks brought by protocol failure which is result of improper choices of parameters discussed. Furthermore, an at-tack scheme of these risks and corresponding pseudo-code are proposed in this paper. This attack scheme would provide warnings for designers and users of RSA encryption systems.

Souhir Gabsi,Yassin Kortli,Vincent Beroulle,Yann Kieffer,Belgacem Hamdi

DOI: https://doi.org/10.1007/s11042-024-18368-9

IF: 2.577

2024-02-18

Multimedia Tools and Applications

Abstract:Elliptical curves are dedicated for several security applications including Radio Frequency Identification (RFID) devices, smart cards, bankcards, etc. To guarantee effective security of such applications, these cryptographic systems require effective resistance to various types of physical attack. Differential Power-Analysis (DPA) attacks were considered the most efficient attacks against scalar multiplication calculation algorithms. In this paper, we propose a countermeasure method against the DPA attacks, for a scalar multiplication algorithm that is basically secure against Simple Power Analysis (SPA) and safe-error attacks. Our proposal is intended for Elliptic Curves Cryptosystems (ECC) algorithms dedicated to low cost applications. We first introduce the different types of side-channel attacks that ECC-based cryptographic algorithms can suffer, as well as their countermeasure methods existing in the literature. We then present an optimized hardware implementation of the most effective scalar multiplication algorithm against SPA and safe-error attacks. Finally, we present our proposed DPA countermeasure method and its effectiveness against other extensions of DPA attacks. Our proposed method is similar to the Basic Random Initial Point (BRIP) method except that the latter is only applicable for the left-to-right algorithm. The proposed method is based on the randomization of processed data during the computation of the scalar multiplication algorithm and prevents vulnerability to Zero-value Point Attack (ZPA), Refined Power analysis (RPA) attack and double attack. In the last part of our paper, we present comparative analysis in terms of computational cost between our proposed method and other countermeasure algorithms presented in the literature, such as Montgomery-ladder, the BRIP algorithm, the left-to-right algorithm and the Co-Z Mont-Ladder algorithm.

computer science, information systems, theory & methods,engineering, electrical & electronic, software engineering

Lihui Wang,Qing Li,Zhimin Zhang,Weijun Shan,David Wei Zhang

DOI: https://doi.org/10.2991/iset-15.2015.29

2015-01-01

Abstract:Elliptic Curve Cryptography (ECC) is becoming widely deployed in embedded cryptographic devices. However, simple power analysis (SPA) attacks may retrieve secret keys by exploiting the power consumption of ECC devices. To resist the SPA attack there appear a number of countermeasures and the most widely used methods are Montgomery ladder and double-and-add-always algorithm. This paper proposes a refined simple power analysis attack to these countermeasures. Experimental results on smart cards demonstrate that this attack method can retrieve secret keys by distinguishing the power consumption of different jump instructions if the implementation of ECC's countermeasure is not carefully designed. The experiments also demonstrate that the proposed countermeasure in this paper can resist this kind of SPA attack