Future Cryptography: Standards Are Not Enough Tomáš Rosa Decros-ICZ, CTU FEE

Abstract Description Versus the Reality Attacker Cryptographic device Keys and other sensitive values Input data Output data Inner cryptosystem

Abstract Description Versus the Reality Attacker Cryptographic device Keys and other sensitive values Input data Output data Inner cryptosystem Side channels

Side Channels  Definition (side channel)  The unplanned way which allows a cryptographic device to exchange some information with its neighborhood.

Side Channels  Analysis of the side channel  The process of extracting the useful information from the particular side channel.  Attack based on the side channel  The process of using the analysis of the particular side channel against a given cryptographic device.

Side Channels  Types of side channels (SC)  Time SC  Power SC  Electromagnetic SC  Fault SC  Kleptographic SC

Side Channels  The effectiveness of attacks based on side channels usually comes from the „cooperation paradox“:  Cryptologists know, that the information coming from the side channel would be dangerous, but they never expected that such side channel would exist.  Technical designers know that such side channel exists, but they never expected that its existence would be dangerous.

Oracle Based Analysis (OBA)  It is important to discuss this technique, because:  It stays behind all major types of Power and Time Analysis.  It allows us to develop the OBA- Fundamental Hypothesis, which can be used to derive useful general countermeasures.

Oracle Based Analysis (OBA)  Proposition 1. Let I be the input set and let S be the particular side channel, giving for each input message the n-dimensional real information as S: I  R n.  Definition 2. The oracle will be represented by the transformation O: I  B, where B = {0, 1}.

Oracle Based Analysis (OBA)  Proposition 2. Let I m be a subset I m  I, such that for each x  I m we know the appropriate value of S(x).

Oracle Based Analysis (OBA)  Proposition 3. The value of oracle O splits the set I m into the two disjunctive subsets I 1, I 2, such that for each x  I m we have: x  I 1 iff O(x) = 1 and x  I 2 iff O(x) = 0.  Next we define the transformations S 1, S 2, such that S 1 : I 1  R n, S 2 : I 2  R n, S 1 (x) = S(x), S 2 (x) = S(x).  By the notation S 1 or S 2 we mean the random variables taking randomly the values from the domain R n.

Oracle Based Analysis (OBA)  Proposition 3 (cont.). (cond = false)  d((S 1 ), (S 2 ))   (cond = true)  d((S 1 ), (S 2 )) >> , for some   R,   0.  Here  denotes the selected characteristic of n- dimensional random variable (: R n  R n ), and d denotes appropriate metric on the field R n (d: R n  R).

OBA Fundamental Hypothesis  Possibility of OBA-based attack implies the existence of some intermediate variable, which value:  is a function of the input data and the secret key.  can be predicted (based on the knowledge of the input data and some part of the key).

OBA Fundamental Hypothesis  Sketch of the proof  The oracle itself can represent such a variable.  Corollary  Avoiding the existence of such a variable is an efficient countermeasure against OBA- based attacks.

Fault Analysis  Message sent from the attacker to the device opens up the side channel from the device to the attacker.  The most dangerous techniques are often based on simple (but smart) mathematical observations.  Discussion of the particular FA-based attacks for RSA follows.

Fault Analysis RSA  Lemma 1. Let us have x, y, n  Z, such that n = p*q, where p, q are both primes, x  y (mod p) and x  y (mod q). Then it is easy to compute p as p = gcd((x-y), n).  Question remains: How to find such a pair (x,y)?  Computation of the RSA signature based on the Chinese Remainder Theorem (CRT) is a good place for the inspiration…

Fault Analysis RSA  Let the quintuple (p, q, d p, d q, pInv) be the RSA private key and let m be the formatted message to sign, m  Z n.  Then signature s can be computed in the following steps: 1.s p = m dp mod p 2.s q = m dq mod q 3.h = pInv*(s q – s p ) mod q 4.s = s p + p*h

Fault Analysis RSA  By affecting the computation of the particular signature, we can get the value s faulty, such that: s faulty  m d (mod p) s faulty  m d (mod q)

Fault Analysis RSA  Now we can do:  Signature-Signature attack: we exploit the known value of the correct signature s good. It holds that: s faulty  s good (mod p) s faulty  s good (mod q)  Known Message-Signature attack: if we know the value of m, we can use the easily derived congruencies: s e  m (mod p) s e  m (mod q)

Fault Analysis RSA  Importance of checking the integrity of private keys  FA-based attacks can be easily carried out when the attacker is able to force the device to work with the corrupted private key or public parameters.  Recent results (includes similar attacks on DSA) – attack on the OpenPGP format and compatible applications ([2]).

Side Channels Basic Countermeasures  Blinding the data being processed  Randomizing the cryptographic transformation  Checking the integrity of keys  Checking the outputs for faults

Side Channels Future Trends  Technicians shall Try to minimize the power of the signal leaking from the particular side channels Inform cryptologists about all remaining side channels  Cryptologists shall Design their cryptosystems with the respect to the known side channels  According to the actual technology, the defense against attacks based on various side channels is mainly a cryptological problem

References [1]Rosa, T.: Future Cryptography: Standards Are Not Enough, in Proc. of CATE 2001, [2]Klíma, V. and Rosa, T.: Attack on Private Signature Keys of the OpenPGP Format, PGP(tm) Programs and Other Applications Compatible with OpenPGP, ICZ - Technical Report, available at