SPA vulnerabilities of the binary extended Euclidean algorithm

The execution flow of the binary extended Euclidean algorithm (BEEA) is heavily dependent on its inputs. Taking advantage of that fact, this work presents a novel simple power analysis (SPA) of this algorithm that reveals some exploitable power consumption-related leakages. The exposed leakages make...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:Journal of cryptographic engineering Ročník 7; číslo 4; s. 273 - 285
Hlavní autoři: Aldaya, Alejandro Cabrera, Sarmiento, Alejandro J. Cabrera, Sánchez-Solano, Santiago
Médium: Journal Article
Jazyk:angličtina
Vydáno: Berlin/Heidelberg Springer Berlin Heidelberg 01.11.2017
Springer Nature B.V
Témata:
Algorithms
Circuits and Systems
Communications Engineering
Computer Communication Networks
Computer Science
Cryptography
Cryptology
Data encryption
Data Structures and Information Theory
Networks
Operating Systems
Power consumption
Regular Paper
Target recognition
Lattice attack
Side-channel analysis
Binary Euclidean algorithm
SPA
ECDSA
ISSN:2190-8508, 2190-8516
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:The execution flow of the binary extended Euclidean algorithm (BEEA) is heavily dependent on its inputs. Taking advantage of that fact, this work presents a novel simple power analysis (SPA) of this algorithm that reveals some exploitable power consumption-related leakages. The exposed leakages make it possible to retrieve some bits of the algorithm’s secret input without profiling the target device. The identified vulnerabilities can be exploited in many cryptographic protocols where the modular inversion operation is applied to a secret argument. In this work, the ECDSA protocol is used to exemplify how the presented SPA can be used to disclose in about 2 min all standardized private key sizes using less than 800 traces. In the context of ECDSA, a countermeasure previously proposed to mitigate a timing leakage during scalar multiplication is also analyzed, showing that, when it is improperly implemented, it enhances the proposed bit recovery method. Three countermeasures for removing SPA leakages from a BEEA implementation are also analyzed.
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2190-8508
2190-8516
DOI:10.1007/s13389-016-0135-4