Sliding Windows Succumbs to Big Mac Attack Colin D. Walter
CHES 2001C.D. Walter, UMIST2 Aims Re-think the power of DPA; Use it on a single exponentiation; Longer keys are more unsafe!
CHES 2001C.D. Walter, UMIST3 DPA Attack on RSA Summary: Differential Power Analysis (DPA) is used to determine the secret exponent in an embedded RSA cryptosystem. Assumption: The implementation uses a small multiplier whose power consumption is data dependent and measurable.
CHES 2001C.D. Walter, UMIST4 History P. Kocher, J. Jaffe & B. Jun Introduction to Differential Power Analysis and Related Attacks Crypto 99 T. S. Messerges, E.A. Dabbish & R.H. Sloan Power Analysis Attacks of Modular Exponentiation in Smartcards CHES 99
CHES 2001C.D. Walter, UMIST5 Multipliers Switching a gate in the H/W requires more power than not doing so; On average, a Mult-Acc op n a×b+c has data dependent contributions roughly linear in the Hamming weights of a and b; Variation occurs because of the initial state set up by the previous mult-acc op n.
CHES 2001C.D. Walter, UMIST6 First Results This theory was checked by simulation and found to be broadly correct; Refinements were made to this model (which will be reported elsewhere); These give a more precise & detailed partial ordering.
CHES 2001C.D. Walter, UMIST7 Combining Traces I The long integer product A×B in an exponentiation contains a large number of small digit multiply-accumulates: a i ×b j +c k Identify the power subtraces of each a i ×b j +c k from the power trace of A×B; Average the power traces for fixed i as j varies: this gives a trace tr i which depends on a i but only the average of the digits of B.
CHES 2001C.D. Walter, UMIST8 Combining Traces a0b0a0b0 a0b1a0b1 a0b2a0b2 a0b3a0b3
CHES 2001C.D. Walter, UMIST9 Combining Traces a0b0a0b0
CHES 2001C.D. Walter, UMIST10 Combining Traces a0b0a0b0 a0b1a0b1
CHES 2001C.D. Walter, UMIST11 Combining Traces a0b0a0b0 a0b1a0b1 a0b2a0b2
CHES 2001C.D. Walter, UMIST12 Combining Traces a0b0a0b0 a0b1a0b1 a0b2a0b2 a0b3a0b3
CHES 2001C.D. Walter, UMIST13 Combining Traces
CHES 2001C.D. Walter, UMIST14 Combining Traces a 0 (b 0 +b 1 +b 2 +b 3 )/4 Average the traces:
CHES 2001C.D. Walter, UMIST15 b is effectively an average random digit; So trace is characteristic of a 0 only, not B. tr 0 Combining Traces a0ba0b _ _
CHES 2001C.D. Walter, UMIST16 Combining Traces II The dependence of tr i on B is minimal if B has enough digits; Concatenate the average traces tr i for each a i to obtain a trace tr A which reflects properties of A much more strongly than those of B; The smaller the multiplier or the larger the number of digits (or both) then the more characteristic tr A will be.
CHES 2001C.D. Walter, UMIST17 Combining Traces tr 0
CHES 2001C.D. Walter, UMIST18 Combining Traces tr 0 tr 1
CHES 2001C.D. Walter, UMIST19 Combining Traces tr 0 tr 1 tr 2
CHES 2001C.D. Walter, UMIST20 Combining Traces tr 0 tr 1 tr 2 tr 3
CHES 2001C.D. Walter, UMIST21 Question: Is the trace tr A sufficiently characteristic to determine repeated use of a multiplier A in an exponentiation routine? Combining Traces tr A
CHES 2001C.D. Walter, UMIST22 Distinguish Digits? Averaging over the digits of B has reduced the noise level; In m-ary exponentiation we only need to distinguish: –squares from multiplies –the multipliers A (1), A (2), A (3), …, A (m–1) For small enough m and large enough number of digits they can be distinguished in a simulation of clean data.
CHES 2001C.D. Walter, UMIST23 Distances between Traces tr 0 tr 1 d(0,1) = ( i=0 ( tr 0 (i) tr 1 (i) ) 2 ) ½ n i n0 power
CHES 2001C.D. Walter, UMIST24 Simulation tr 0 tr 1 d(0,1) = ( i=0 ( tr 0 (i) tr 1 (i) ) 2 ) ½ n i n0 gate switch count
CHES 2001C.D. Walter, UMIST25 Simulation Results 16-bit multiplier, 4-ary exp n, 512-bit modulus. d(i,j) = distance between traces for ith and jth multiplications of exp n. Av d for same multipliers 2428 gates SD for same multipliers 1183 Av d for different multipliers23475 gates SD for different multipliers 481
CHES 2001C.D. Walter, UMIST26 Simulation Results Equal exponent digits can be identified – their traces are close; Unequal exponent digit traces are not close; Squares can be distinguished from mult ns : their traces are not close to any other traces; There are very few errors for typical cases.
CHES 2001C.D. Walter, UMIST27 Exp nt Digit Values Pre-computations A (i+1) A A (i) mod M provide traces for known multipliers. So: We can determine which mult ive op ns are squares; We can determine the exp digit for each mult n ; Minor extra detail for i = 0, 1 and m–1; This can be done independently for each op n.
CHES 2001C.D. Walter, UMIST28 Some Conclusions The independence means attack time proportional to secret key length; Longer modulus means better discrimination between traces; No greater safety against this attack from longer keys.
CHES 2001C.D. Walter, UMIST29 Warning single exponentiationWith the usual DPA averaging already done, it may be possible to use a single exponentiation to obtain the secret key; So using exp nt d+rφ(M) with random r may be no defence.So using exp nt d+rφ(M) with random r may be no defence.
CHES 2001C.D. Walter, UMIST30 Final Conclusions Sliding Windows exp n method may be broken in this way; Like a Big Mac, you can nibble away at each secret exponent digit in turn and enjoy finding out its value.