Exploiting the Order of Multiplier Operands: A Low-Cost Approach for HCCA Resistance Poulami Das and Debapriya Basu Roy under the supervision of Dr. Debdeep.

Slides:



Advertisements
Similar presentations
Public Key Cryptography Nick Feamster CS 6262 Spring 2009.
Advertisements

Public Key Cryptography INFSCI 1075: Network Security – Spring 2013 Amir Masoumzadeh.
Cryptography and Network Security Chapter 9
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Public Key Algorithms …….. RAIT M. Chatterjee.
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
Cryptography and Network Security Chapter 9 Fourth Edition by William Stallings.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Cryptography and Network Security Chapter 9. Chapter 9 – Public Key Cryptography and RSA Every Egyptian received two names, which were known respectively.
Public Key Cryptography and the RSA Algorithm
Cryptography1 CPSC 3730 Cryptography Chapter 9 Public Key Cryptography and RSA.
Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender and receiver if this key is disclosed communications.
Fall 2010/Lecture 311 CS 426 (Fall 2010) Public Key Encryption and Digital Signatures.
Dr.Saleem Al_Zoubi1 Cryptography and Network Security Third Edition by William Stallings Public Key Cryptography and RSA.
1 Pertemuan 08 Public Key Cryptography Matakuliah: H0242 / Keamanan Jaringan Tahun: 2006 Versi: 1.
Chapter 9 – Public Key Cryptography and RSA Private-Key Cryptography  traditional private/secret/single key cryptography uses one key  shared by both.
Cryptography and Network Security Chapter 9 5th Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 10. Chapter 10 – Key Management; Other Public Key Cryptosystems No Singhalese, whether man or woman, would venture.
The RSA Algorithm JooSeok Song Tue.
Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Introduction to Public Key Cryptography
Public Key Model 8. Cryptography part 2.
Lecture slides prepared for “Computer Security: Principles and Practice”, 2/e, by William Stallings and Lawrie Brown, Chapter 21 “Public-Key Cryptography.
Prime Numbers Prime numbers only have divisors of 1 and self
Problems with symmetric (private-key) encryption 1) secure distribution of keys 2) large number of keys Solution to both problems: Public-key (asymmetric)
Public Key Cryptography and the RSA Algorithm Cryptography and Network Security by William Stallings Lecture slides by Lawrie Brown Edited by Dick Steflik.
Applied Cryptography (Public Key) RSA. Public Key Cryptography Every Egyptian received two names, which were known respectively as the true name and the.
Application of Elliptic Curves to Cryptography
Information Security Principles & Applications
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Chapter 21 Public-Key Cryptography and Message Authentication.
Private-Key Cryptography  traditional private/secret/single key cryptography uses one key  shared by both sender and receiver  if this key is disclosed.
Public Key Cryptography and RSA” Dr. Monther Aldwairi New York Institute of Technology- Amman Campus 11/9/2009 INCS 741: Cryptography 11/9/20091Dr. Monther.
Private-Key Cryptography  traditional private/secret/single key cryptography uses one key  shared by both sender and receiver  if this key is disclosed.
Cryptography and Network Security (CS435) Part Eight (Key Management)
Public-Key Encryption
1 Public-Key Cryptography and Message Authentication.
Cryptography and Network Security Chapter 13 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Computer and Network Security Rabie A. Ramadan Lecture 6.
Cryptography and Network Security Chapter 9 - Public-Key Cryptography
PUBLIC-KEY CRYPTOGRAPH IT 352 : Lecture 2- part3 Najwa AlGhamdi, MSc – 2012 /1433.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Cryptography and Network Security Public Key Cryptography and RSA.
Cryptography and Network Security Chapter 9 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Chapter 3 – Public Key Cryptography and RSA (A). Private-Key Cryptography traditional private/secret/single-key cryptography uses one key shared by both.
Chapter 9 Public Key Cryptography and RSA. Private-Key Cryptography traditional private/secret/single key cryptography uses one key shared by both sender.
1 Chapter 10: Key Management in Public key cryptosystems Fourth Edition by William Stallings Lecture slides by Lawrie Brown (Modified by Prof. M. Singhal,
Fall 2002CS 395: Computer Security1 Chapter 9: Public Key Cryptography.
Cryptography and Network Security Chapter 9 Fourth Edition by William Stallings Lecture slides by Lawrie Brown.
Cryptography and Network Security Chapter 9 Fourth Edition by William Stallings.
Cryptography and Network Security Third Edition by William Stallings Lecture slides by Lawrie Brown.
By Marwan Al-Namari & Hafezah Ben Othman Author: William Stallings College of Computer Science at Al-Qunfudah Umm Al-Qura University, KSA, Makkah 1.
Chapter 9 – Public Key Cryptography and RSA Every Egyptian received two names, which were known respectively as the true name and the good name, or the.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
CSEN 1001 Computer and Network Security Amr El Mougy Mouaz ElAbsawi.
Cryptography and Network Security Chapter 9 Fifth Edition by William Stallings Lecture slides by Lawrie Brown.
Visit for more Learning Resources
G. Pullaiah College of Engineering and Technology
Advanced Information Security 6 Side Channel Attacks
Public Key Cryptography and the RSA Algorithm
RSA Algorithm Cryptography and Network Security by William Stallings
Public Key Encryption and the RSA Algorithm
The RSA Algorithm JooSeok Song Tue.
Public-Key Cryptography
Private-Key Cryptography
ICS 353: Design and Analysis of Algorithms
The RSA Algorithm JooSeok Song Tue.
NET 311 Information Security
Chapter -5 PUBLIC-KEY CRYPTOGRAPHY AND RSA
Presentation transcript:

Exploiting the Order of Multiplier Operands: A Low-Cost Approach for HCCA Resistance Poulami Das and Debapriya Basu Roy under the supervision of Dr. Debdeep Mukhopadhyay

Weekly Talk 15, SEAL, IIT Kharagpur Today’s talk  Introduction  ECC implementation vulnerabilities – power analysis  HCCA  Our Countermeasure  Conclusion

Weekly Talk 15, SEAL, IIT Kharagpur Private-Key Cryptography Key is shared by both sender and receiver if the key is disclosed communications are compromised also known as symmetric, both parties are equal ◦ hence does not protect sender from receiver forging a message & claiming is sent by sender

Weekly Talk 15, SEAL, IIT Kharagpur Public-Key Cryptography probably most significant advance in the 3000 year history of cryptography uses two keys – a public key and a private key asymmetric since parties are not equal uses clever application of number theory concepts to function complements rather than replaces private key cryptography

Weekly Talk 15, SEAL, IIT Kharagpur Public-Key Cryptography

Weekly Talk 15, SEAL, IIT Kharagpur Public-Key Cryptography developed to address two key issues: ◦ key distribution – how to have secure communications in general without having to trust a KDC with your key ◦ digital signatures – how to verify a message comes intact from the claimed sender public invention due to Whitfield Diffie & Martin Hellman at Stanford U. in 1976 ◦ known earlier in classified community

Weekly Talk 15, SEAL, IIT Kharagpur Public-Key Cryptography Public key schemes utilise problems that are easy (P type) one way but hard (NP type) the other way, e.g. exponentiation vs logs, multiplication vs factoring. 2 most popular public-key crypto-primitives are ◦ RSA ◦ ECC

Weekly Talk 15, SEAL, IIT Kharagpur ECC vs RSA

Weekly Talk 15, SEAL, IIT Kharagpur Elliptic Curve scalar multiplication k.P = (P + P P) k times Naïve Double-and-Add Algorithm

Weekly Talk 15, SEAL, IIT Kharagpur ECDLP security Theoretically secure against ECDLP ECDLP (Elliptic Curve Discrete Logarithm Problem): Suppose E is an elliptic curve over.. Given a multiple Q of P, the elliptic curve discrete logarithm problem is to find given Q = k.P

Weekly Talk 15, SEAL, IIT Kharagpur Vulnerabilities Simple power analysis of a naïve Double- and-Add algorithm. Power trace for key bit 5

Weekly Talk 15, SEAL, IIT Kharagpur Remedies for preventing SPA [CHES ‘99] SPA-resistant Double-and-Add algorithm

Weekly Talk 15, SEAL, IIT Kharagpur Disadvantages cost overhead of dummy operations prone to C-Safe Error Attack vulnerable to DPA (Differential Power Analysis)

Weekly Talk 15, SEAL, IIT Kharagpur Alternatives Atomic formula-based Algorithms applicable to NIST curves  [IEEE TC 2004] Chavelliar-Mames and others, Low-cost solutions for preventing simple side-channel analysis.  [IACR eprint 2008] Patrick Longa and others, Accelerating the elliptic curve cryptosystems over prime fields.  [CARDIS 2010] Giraud and others, Atomicity improvement for elliptic curve scalar multiplication.

Weekly Talk 15, SEAL, IIT Kharagpur More Alternatives … Unified Addition formula inherently secure against SPA – same formula for both addition and doubling operations.  [PKC 2002] Eric Brier and others,Weierstrass elliptic curves and side-channel attacks.  [ASIACRYPT 2007] Bernstein and others, Faster addition and doubling on elliptic curves. proposed use of Edward Curves in ECC

Weekly Talk 15, SEAL, IIT Kharagpur [PKC 2002] Brier-Joye Addition formula Y 2 Z = X 3 + aXZ 2 + bZ 3, (X, Y, Z) E(F p ), (a,b) ∈ F p ∈

Weekly Talk 15, SEAL, IIT Kharagpur [ASIACRYPT 2007] Edward Curve unified formula

Weekly Talk 15, SEAL, IIT Kharagpur [SAC 2013] Horizontal Collision Correlation Analysis Assumptions:  Underlying field multiplication uses school- book long integer multiplication algorithm  Adversary can detect whether a pair of field multiplications share any common operand  (AXB, CXD)  (AXB, CXB)  (AXB, AXB)

Weekly Talk 15, SEAL, IIT Kharagpur Horizontal Collision Correlation Analysis We define: property 1: when a pair of field multiplications (m i, m j ) share one/ two common operands among themselves. ◦ property 1a: when a pair of multiplications share exactly one common operand, e.g. – (AB, CB) ◦ property 1b: when a pair of multiplications share exactly two common operands e.g. – (AB, AB) property 2: when a pair of field multiplications (m i, m j ) share no common operand among themselves, e.g. – (AB, CD) property 3: Given two sets containing field multiplications, only one of the two sets satisfy property 1.

Weekly Talk 15, SEAL, IIT Kharagpur Horizontal Collision Correlation Analysis

Weekly Talk 15, SEAL, IIT Kharagpur Horizontal Collision Correlation Analysis

Weekly Talk 15, SEAL, IIT Kharagpur Horizontal Collision Correlation Analysis HCCA scenario 1: condition: Only one of addition and doubling should satisfy condition property 3 HCCA scenario 2: - can be launched unconditionally

Weekly Talk 15, SEAL, IIT Kharagpur Our Contribution  A zero-cost countermeasure that prevents scenario 1 of HCCA  A randomized countermeasure that requires minimal cost to prevent HCCA scenario 2  First practical results on HCCA, and our countermeasure validation

Weekly Talk 15, SEAL, IIT Kharagpur Asymmetric Leakage of Field Multipliers Long Integer Multiplication Algorithm

Weekly Talk 15, SEAL, IIT Kharagpur Asymmetric Leakage of Field Multipliers Information Leakage model to approximate the correlation between power consumptions of two field multiplications:

Weekly Talk 15, SEAL, IIT Kharagpur Asymmetric Leakage of Field Multipliers Let us define: Corr(AB,CB) Corr(AB,BC)

Weekly Talk 15, SEAL, IIT Kharagpur Asymmetric Leakage of Field Multipliers Corr(AB,CD)

Weekly Talk 15, SEAL, IIT Kharagpur Asymmetric Leakage of Field Multipliers Observation 1: Observation 2: Observation 3: for a multiplication pair with property 1b

Weekly Talk 15, SEAL, IIT Kharagpur Conversion of ECC algorithm to secure sequence - Example

Weekly Talk 15, SEAL, IIT Kharagpur Conversion for the Brier-Joye formula

Weekly Talk 15, SEAL, IIT Kharagpur Secure-sequence conversion Algorithm – Countermeasure 1 Create_Graph(); Find_Graphcomponents(); Find_Safeseq();

Weekly Talk 15, SEAL, IIT Kharagpur Countermeasure 2 – algorithm:

Weekly Talk 15, SEAL, IIT Kharagpur Countermeasure 1 – zero-cost Countermeasure 2 – minimal cost HCCA security achieved !!

Weekly Talk 15, SEAL, IIT Kharagpur Simulation results on HCCA and countermeasure validation Results on Curve1174 (Edward curve) using a 16-bit architecture model

Weekly Talk 15, SEAL, IIT Kharagpur Results on SASEBO-GII

Weekly Talk 15, SEAL, IIT Kharagpur Conclusion Currently focusing on experimental validations Future work – ◦ Can we apply our countermeasure to other ECC algorithms (atomic-formula based algorithms, pairing-based ECC algorithms) ?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.