Presentation is loading. Please wait.

Presentation is loading. Please wait.

Kouichi Itoh, Tetsuya Izu and Masahiko Takenaka Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) August, 2002 Address-bit Differential.

Published byCuthbert Barker Modified over 8 years ago

Similar presentations

Presentation on theme: "Kouichi Itoh, Tetsuya Izu and Masahiko Takenaka Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) August, 2002 Address-bit Differential."— Presentation transcript:

1 Kouichi Itoh, Tetsuya Izu and Masahiko Takenaka Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) August, 2002 Address-bit Differential Power Analysis of Cryptographic Schemes OK-ECDH and OK-ECDSA Fujitsu Laboratories LTD.

2 All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Contents What is DPA(Differential Power Analysis)? Data-bit DPA and Address-bit DPA Our Address-bit DPA Attack against OK- Schemes(OKS) SE-attack ZE-attack Our Experimental Result Countermeasures

3 All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) What is DPA? (Kocher, CRYPTO’99) Analyze a secret key stored in the cryptographic device by monitoring its power consumption. スマートカード 秘密情報 Make a differential t V t V  Smartcard Secret key K Plaintext P i (i=1,2,...,N) Analyze Secret key K Monitor a power consumption

4 All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Differential Data-bit DPA (Kocher, Crypto’99) V t m i (i=1,2,3,....) k(secret key)  S[x] S[m 1  k’]=0001 attacker guesses k’=k, then makes the differential for output value of Sbox V t Schema (DES) k’=k k’  k S[m 4  k’]=0111 S[m 999  k’]=1101.... S[m 2  k’]=0000 S[m 3  k’]=0110 S[m 1000  k’]=1100.... LSB=1 LSB=0 S[m i  k]

5 All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Differential Address-bit DPA (Messerges, USENIX’99) V t &S[0]+m 1  k’=01010101 V t Schema (DES) k’=k k’  k &S[0]+m 3  k’=01111001 &S[0]+m 999  k’=01011101.... LSB=1LSB=0 &S[0]+m 2  k’=01001100 &S[0]+m 4  k’=01100110 &S[0]+m 1000  k’=01110100.... m i (i=1,2,3,....) k(secret key)  S[x] attacker guesses k’=k, then makes the differential for address value of Sbox &S[0]+m i  k(address value)

6 All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Masking Method on DES (Messerges, FSE 2000) m i (i=1,2,3,...) k(secret key)  S[x  r in ]  r out Data are blinded by the random number Countermeasure against DPA  r in (random) m 1 m 2 m 3.... ****.... ****.... ****.... DPA attack is prevented

7 All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Data-bit DPA: Address-bit DPA: Data-bit DPA: Address-bit DPA: Data-bit DPA vs Address-bit DPA in attacking DES 00110011 11011001 01011000 address 01101000 01101001 01101010 data Normal ******** address ******** data Masking Method Sbox data S[x] ******** Sbox data S’[x]=S[x  r in ]  r out Address-bit DPA is not more effective than data-bit DPA

8 All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) OKS (OK-ECDH/OK-ECDSA) Cryptographic Schemes OKS Proposed by HITACHI Candidates of the CRYPTREC project in Japan Elliptic curve based schemes on Montgomery-form curves Recommended Technology Montgomery ladder Randomized Projective Coordinate (RPC)

9 All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Q[0] = P, Q[1] = ECDBL(P) for i = n-2 downto 0 { Q[2] = ECDBL(Q[d i ]) Q[1] = ECADD(Q[0], Q[1]) Q[0] = Q[2  d i ], Q[1] = Q[1+d i ] } return Q[0] Scalar Multiplication in OKS(1) Developer’s claim : Add-and-double-always chain  Simple Power Analysis (SPA) protection Data are randomized by RPC  DPA protection “Secure against side channel attacks”

10 All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Q[0] = P, Q[1] = ECDBL(P) for i = n-2 downto 0 { Q[2] = ECDBL(Q[d i ]) Q[1] = ECADD(Q[0], Q[1]) Q[0] = Q[2  d i ], Q[1] = Q[1+d i ] } return Q[0] Scalar Multiplication in OKS(2) data When d i =0 When d i =1 Data are randomized by RPC ******** Q[0] Q[1] Q[2] ******** data ******** Q[0] Q[1] Q[2] ********

11 All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Q[0] = P, Q[1] = ECDBL(P) for i = n-2 downto 0 { Q[2] = ECDBL(Q[d i ]) Q[1] = ECADD(Q[0], Q[1]) Q[0] = Q[2  d i ], Q[1] = Q[1+d i ] } return Q[0] Scalar Multiplication in OKS(2) data When d i =0 When d i =1 Data are randomized by RPC... but addresses are still correlated to the key bit d i ! ******** Q[0] Q[1] Q[2] ******** data ******** Q[0] Q[1] Q[2] ******** ECDBL copy

12 All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Basic Idea of Our Attack Analyze the correlation between address value and key bit d i Address-bit DPA is effective! ******** addressdata read when d i =0 Data-bit DPA: Address-bit DPA: ******** Q[0] Q[1] Q[2] read when d i =1

13 All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Q[2] = ECDBL(Q[d A ]) Q[1] = ECADD(Q[0], Q[1]) Q[0] = Q[2  d A ], Q[1] = Q[1+d A ] Our Attack against OKS Scalar Multiplication Q[2] = ECDBL(Q[d B ]) Q[1] = ECADD(Q[0], Q[1]) Q[0] = Q[2  d B ], Q[1] = Q[1+d B ] Differential Basic strategy If d A = d B If d A  d B V t V t

14 All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Fundamental Experiment Validity of the attack Average of loading 500 random data st [addr A], (random data).... ld A, [addr A].... st [addr B], (random data).... ld A, [addr B].... Differential Same address (A = B) Different address (A  B)

15 All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Our attack Single-Exponent attack (SE-attack) Attacker has an averaged power trace for a known exponent, and collects that for an unknown exponent Zero-Exponent attack (ZE-attack) Attacker collects an averaged power trace for an unknown exponent Power trace should be segmented by each key bit operation

16 All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Known: Unknown: Differential d k [i]d k [i-1]d k [i-2]d k [i-3]d k [i-4] d u [i]d u [i-1]d u [i-2]d u [i-3]d u [i-4] d u = Attack (1): SE-attack Schema Using an difference between a averaged power trace with known exponent and that with unknown exponent. 11111 ????? 101 01

17 All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Experimental Result of SE-attack We know d k =1111 …  We obtain d u = 1010… d k : known exponent, d u : unknown exponent

18 All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Unknown: Differential d u [i]d u [i-1]d u [i-2]d u [i-3]d u [i-4] d u [i]  d u [i-1]   d u [i]  d u [i-2] Attack (2): ZE-attack Schema Dividing an averaged power trace with unknown exponent at each processing of d u [i], and using a difference the divided traces. ????? d U = 1 0 1 0 1... d u [i]  d u [i-3] : d u [i]  d u [i-4] :

19 All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Experimental Result of ZE-attack du[n] du[n1]du[n] du[n1] d u [n]=d u [n  2] du[n] du[n3]du[n] du[n3] We obtain d u =1010...

20 All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) for i = n-2 downto 0 { Q[2] = ECDBL(Q[d i ]) Q[1] = ECADD(Q[0], Q[1]) Swap(&Q[0], &Q[2  d i ]), Swap(&Q[1], &Q[1+d i ]) } for i = n-2 downto 0 { Q[1  d i ] = ECADD(Q[0], Q[1]) Q[d i ] = ECDBL(Q[d i ]) } Other Implementation Address Swapping  Enable (See our paper) Two Variables  Easier (More spikes will appear)

21 All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Countermeasures Countermeasures against Proposed Attack Randomized Scalar Scalar Blinding, Coron (CHES’99) Scalar Splitting, Clavier-Joye (CHES’01) Overlapping Window, Itoh et al. (CHES’02) d 1 101 01101110 010 011 w0w0 w1w1 w2w2 0 0 0 1

22 All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Conclusion We proposed new address-bit DPA, and attacked against OKS We proved the validity of our attacks with experimental results OKS is not secure against address-bit DPA For securing against DPA, not only data value, but also data access procedure must be irrelevant to secret key value

23 All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002)

24 All Rights Reserved. Copyright (C) Fujitsu Laboratories LTD.Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) Questions & Comments

Download ppt "Kouichi Itoh, Tetsuya Izu and Masahiko Takenaka Workshop on Cryptographic Hardware and Embedded Systems (CHES 2002) August, 2002 Address-bit Differential."

Similar presentations

Side-Channel Attacks on RSA with CRT Weakness of RSA Alexander Kozak Jared Vanderbeck.

Side-Channel Attacks on RSA with CRT Weakness of RSA Alexander Kozak Jared Vanderbeck.
CRT RSA Algorithm Protected Against Fault Attacks WISTP - 5/10/07 Arnaud BOSCHER Spansion EMEA Robert NACIRI Oberthur Card Systems Emmanuel PROUFF Oberthur.

CRT RSA Algorithm Protected Against Fault Attacks WISTP - 5/10/07 Arnaud BOSCHER Spansion EMEA Robert NACIRI Oberthur Card Systems Emmanuel PROUFF Oberthur.
Randomized Signed-Scalar Multiplication of ECC to Resist Power Attacks JaeCheol Ha * and SangJae Moon ** * Korea Nazarene University **

Randomized Signed-Scalar Multiplication of ECC to Resist Power Attacks JaeCheol Ha * and SangJae Moon ** * Korea Nazarene University **
Differential Fault Analysis on AES Variants Kazuo Sakiyama, Yang Li The University of Electro-Communications Nagoya, Japan.

Differential Fault Analysis on AES Variants Kazuo Sakiyama, Yang Li The University of Electro-Communications Nagoya, Japan.
Information Security – Theory vs. Reality 0368-4474-01, Winter 2011 Guest Lecturer: Yossi Oren 1.

Information Security – Theory vs. Reality , Winter 2011 Guest Lecturer: Yossi Oren 1.
Side Channel Attacks on CBC Encrypted Messages in the PKCS#7 Format

Side Channel Attacks on CBC Encrypted Messages in the PKCS#7 Format
Statistical Tools Flavor Side-Channel Collision Attacks

Statistical Tools Flavor Side-Channel Collision Attacks
Is there Safety in Numbers against Side Channel Leakage? Colin D. Walter UMIST, Manchester, UK www.co.umist.ac.uk.

Is there Safety in Numbers against Side Channel Leakage? Colin D. Walter UMIST, Manchester, UK
October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee1 Activity of Tamper-resistance Standardization Research Committee (TSRC) Shinichi.

October 2006JSA/INSTAC/Tamper-resistance Standardization Research Committee1 Activity of Tamper-resistance Standardization Research Committee (TSRC) Shinichi.
White-Box Cryptography

White-Box Cryptography
Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.

Differential Power Analysis of Smartcards How secure is your private information? Author: Ryan Junee Supervisor: Matt Barrie.
Software Certification and Attestation Rajat Moona Director General, C-DAC.

Software Certification and Attestation Rajat Moona Director General, C-DAC.
1 Authors: MILENA STANOJLOVIĆ PREDRAG PETKOVIĆ LABORATORY FOR ELECTRONIC DESIGN AUTOMATION Faculty of Electronic Engineering University of Nis.

1 Authors: MILENA STANOJLOVIĆ PREDRAG PETKOVIĆ LABORATORY FOR ELECTRONIC DESIGN AUTOMATION Faculty of Electronic Engineering University of Nis.
C ● O ● M ● O ● D ● O RESEARCH LAB Longer Keys may Facilitate Side Channel Attacks (Bradford, UK) Colin.

C ● O ● M ● O ● D ● O RESEARCH LAB Longer Keys may Facilitate Side Channel Attacks (Bradford, UK) Colin.
Wide Collisions in Practice Xin Ye, Thomas Eisenbarth Florida Atlantic University, USA 10 th ACNS 2012- Singapore.

Wide Collisions in Practice Xin Ye, Thomas Eisenbarth Florida Atlantic University, USA 10 th ACNS Singapore.
N-Secure Fingerprinting for Copyright Protection of Multimedia

N-Secure Fingerprinting for Copyright Protection of Multimedia
Hidden Markov Model Cryptanalysis Chris Karlof and David Wagner.

Hidden Markov Model Cryptanalysis Chris Karlof and David Wagner.
Exploring timing based side channel attacks against 802.11i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction

Exploring timing based side channel attacks against i CCMP Suman Jana, Sneha K. Kasera University of Utah Introduction
Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.

Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.
Multimedia Security Digital Video Watermarking Supervised by Prof. LYU, Rung Tsong Michael Presented by Chan Pik Wah, Pat Nov 20, 2002 Department of Computer.

Multimedia Security Digital Video Watermarking Supervised by Prof. LYU, Rung Tsong Michael Presented by Chan Pik Wah, Pat Nov 20, 2002 Department of Computer.

Similar presentations

Ads by Google