M IST : An Efficient, Randomized Exponentiation Algorithm for Resisting Power Analysis Colin D. Walter (Manchester, UK)

RSA 2002C.D. Walter, Computation Dept. UMIST2 Power Analysis Attacks With no counter-measures and the binary exp n alg m, averaging power traces at the same instants during several exp ns enables one to differentiate squares and multiplies and hence deduce the exponent bits. Averaging power traces over individual digit-by-digit products in a single exp n enables one to differentiate mutliplicands in m-ary exp n and hence deduce the exponent. Smartcards have limited scope for including expensive, tamper-resistant, hardware measures. Good software counter-measures are required: new algorithms as well as modifying arguments e.g. E to E+r  (M).

RSA 2002C.D. Walter, Computation Dept. UMIST3 Requirements for Exponentiation New algorithm, not new inputs, as single exp n may be attacked. Different pattern of Squares and Multiplies to frustrate averaging. No re-use of multiplicands (same reason) No fully determined tie between Square or Multiply and known process. Good time and space efficiency

RSA 2002C.D. Walter, Computation Dept. UMIST4 History T. S. Messerges, E.A. Dabbish & R.H. Sloan Power Analysis Attacks of Modular Exponentiation in SmartcardsCHES 99, LNCS 1717 E. Oswald & M. Aigner Randomized Addition-Subtraction Chains as a Countermeasure against Power Attacks CHES 2001, LNCS 2162 C. D. Walter Exponentiation using Division Chains IEEE TC 47, 1998, pp 757–765

RSA 2002C.D. Walter, Computation Dept. UMIST5 Binary Exp n Algorithm { To compute: ResultM = M E } StartM  M ; ResultM  1; While E > 0 do Begin If (E mod 2) = 1 then ResultM  StartM×ResultM ; StartM  StartM 2 ; E  E div 2 ; End ;

RSA 2002C.D. Walter, Computation Dept. UMIST6 The M IST Exp n Algorithm { To compute: ResultM = M E } StartM  M ; ResultM  1; While E > 0 do Begin Choose a random “divisor”D ; R  E mod D ; If R  0 then ResultM  StartM R × ResultM ; StartM  StartM D ; E  E div D ; { Invariant: M E.Init = StartM E × ResultM } End ;

RSA 2002C.D. Walter, Computation Dept. UMIST7 Addition Chains The main computational part of the loop is: If R  0 then ResultM  StartM R × ResultM ; StartM  StartM D ; To provide the required efficiency, a set of possible values for D are chosen so that an efficient addition chain for D contains R, e.g. 1+1=2, 2+1=3, 2+3=5 is an addition chain for D=5 suitable for when R = 0, 1, 2 or 3. Comparable to the m-ary method regarding time complexity

RSA 2002C.D. Walter, Computation Dept. UMIST8 Example Choose the set of divisors {2, 3, 5}. Consider E = 257 ED, RStartM StartM/TempM ResultM 2575, = = = = 5 513, = = , = = 30 82, = 60 42, = , = = 257

RSA 2002C.D. Walter, Computation Dept. UMIST9 Choice of Divisor Set Security: Divisors must be chosen so that sequences of squares and multiplies do not reveal D. Efficiency: –Divisors must be chosen so that raising to the power D is (time) efficient enough. –Space is required to store addition chains. –As few registers as possible should be used for the exponentiation. Solution: Take the set of divisors {2,3,5}.

RSA 2002C.D. Walter, Computation Dept. UMIST10 Choice of Divisor Example choice: D := 0 ; If Random(x) < 7/8 then If (E mod 2) = 0 then D  2 else If (E mod 5) = 0 then D  5 else If (E mod 3) = 0 then D  3 ; If D = 0 then Begin p := Random(x) ; If p < 6/8 then D  2 else If p < 7/8 then D  3 else D  5 End ;

RSA 2002C.D. Walter, Computation Dept. UMIST11 Choice of Divisor –Choosing D when E  0 mod D is efficient because it avoids a multiplication by StartM R. –Choosing such D deterministically is unsafe, so they should not be chosen always. –Some pairs (D,R) require fewer multiplications than others per bit of reduction in the size of E. We should choose the more efficient ones more frequently. –The published paper gives some details on ordering them.

RSA 2002C.D. Walter, Computation Dept. UMIST12 A Markov Process Divisors affect the frequencies of residues E mod 30 (30 = LCM of divisor set): –Choice of divisors 3, 5 when E is odd multiple of 3 or 5 reduces frequency of even residues. –With the exceptions of 14 and 25, odd & even residues occur with probability > 1 / 30 and < 1 / 30 resp. –After several iterations, 3, 9, 11, 21, 29 are all three times more likely to occur than the least likely residue 16. We need to model this as a Markov process, looking at the limit probabilities of each residue mod 30.

RSA 2002C.D. Walter, Computation Dept. UMIST13 Probability of each (D,R) The matrix of probabilities of each output residue mod 30 for each input residue enables the limit probability of each residue to be computed. This gives the probabilities: –p D,R for each pair (D,R) –p D for each divisor D: p 2 = p 3 = p 5 = 0.145

RSA 2002C.D. Walter, Computation Dept. UMIST14 Av age Add n Chain Properties The probabilities of addition sub-chain lengths are: –length 1 is p 2,0 = –length 2 is p 3,0 + p 2,1 = –length 3 is p 5,0 + p 3,1 + p 3,2 = –length 4 is p 5,1 + p 5,2 + p 5,3 + p 5,4 = So average divisor sub-chain has length mult s Av decrease in E is 2 p 2 3 p 3 5 p 5 = per subchain So 0.75 log 2 E subchains & 1.42 log 2 E mult s This is faster than the binary exp n algorithm and marginally slower than 4-ary exp n

RSA 2002C.D. Walter, Computation Dept. UMIST15 Space Requirements There are 3 long integer registers: StartM, TempM, ResultM rather than the two for binary exp n. E can be fully processed before each exp n, giving 2 bits per divisor, about 1.5n bits for n bit E. If mult n instructions are determined in advance, 5 bits are needed for each, so about 7n bits to store (but these may be generated as required). The addition sub-chains for each pair (D,R) must be stored in ROM: under 256 bits for the table in the proceedings.

RSA 2002C.D. Walter, Computation Dept. UMIST16 Other Processing Apart from the long integer multiplicative operations, processing includes: Generation of random numbers: 3 3 / 5 bits per divisor, or 3n bits for exponents of n bits. Divisions of E by D: equivalent to a few long integer multiplications overall. With three registers rather than the two for the binary alg m, data movement is greater but still insignificant overall: at most one new value needs to be fetched from/ written to memory for each multiplication.

RSA 2002C.D. Walter, Computation Dept. UMIST17 Data Leakage M IST prevents the usual power trace averaging associated with power analysis attacks, but: The sequence of Squares and Mult s parses in too many ways to enable pairs (D,R) to be recovered: (2,1) & (3,0) are the same. Making deterministic choices for D is poor practice: they may provide a handle to distinguish between correct and incorrect keys. Processing of E and choosing of divisors must be well hidden: computing E div D may leak. It is much shorter than a long integer multiplication, so should leak much less. Don’t do it after processing the long integer mult s of the previous divisor.

RSA 2002C.D. Walter, Computation Dept. UMIST18 Conclusion A novel exponentiation algorithm has been presented for which random choices make averaging for DPA impossible. The speed is comparable to 4-ary exp n. The space requirements comparable. Areas of security concern have been narrowed.