Presentation is loading. Please wait.

Presentation is loading. Please wait.

Simple Power Analysis of

Published byRosamond Sims Modified over 6 years ago

Similar presentations

Presentation on theme: "Simple Power Analysis of"— Presentation transcript:

1 Simple Power Analysis of
Unified Code for ECC Double and Add Colin D. Walter

2 Overview Aims History A Leaky Mod Mult Algorithm
Unified Code for Add/Double Choosing “good” Initial Points Simulation Results: Example Counter-Measures Conclusion

3 Aims I The aim is to question possible mis-conceptions about:
the strength of SPA/DPA counter-measures the uniformity of leakage over the input space Investigate which combinations of the following counter- measures do not guarantee a high degree of tamper resistance? Unified code for ECC Add and Double Coron’s 3 standard Blinding Counter-measures Constant-time code Double and always add point multiplication etc

4 Aims II Here we assume the following counter-measures:
Brier-Joye Unified code for ECC Add and Double Coron’s 3 standard Blinding Counter-measures and we assume the following set-up: Leaky Modular Multiplication with reasonable probability of detecting if two given products have identical arguments. Standard square-and-multiply exponentiation algorithm We will conclude that secret keys may sometimes be recovered. It may not be sufficient to upgrade SW on old HW Some inputs leak more than others A single use of a key (as in ECDSA) may be unsafe.

5 History Occasional refs in patents: Kocher et al (CRYPTO 1996, 1999):
To ensure that the data carrier consumes the same amount of current whether the requested operation is authorized or unauthorized, a bit is stored in the memory in either event. [Abstract, US Patent , filed Aug 1978] Kocher et al (CRYPTO 1996, 1999): Timing and Power Attacks on smart cards – the concepts. Coron (CHES 1999): Lists three standard randomising counter-measures for ECC. Brier & Joye (PKC 2002): Unified code for Double & Add. Here: The above counter-measures are sometimes insufficient.

6 Leaky HW Modr Multn (here: Montgomery)
Notation: r = base of representation; R = rn = Montgomery factor. { Pre-condition: 0 £ A < R = rn } P ¬ 0 ; For i ¬ 0 to n-1 do Begin q ¬ (p0+aib0)(–m0–1) mod r ; P ¬ (P + aiB + qM) div r ; End ; If P ≥ M then P ¬ P–M ; (Leaky!) { Post-condition: Prn º A×B mod M }

7 Main Assumptions There is a side channel “oracle” which says when the conditional subtraction occurs. Standard l-to-r “Square-and-Multiply” expn is used. The correctness of secret key d can be checked. (Knowledge of I/O to the expn routine is not assumed.) Use of the Brier-Joye Unified Code for ECC Double and Add:

8 Brier-Joye Formulae Suppose Pi = (xi,yi,zi) and P3 = P1 + P2 for ECC over Fp. P3 is given by (same code for Add and Double): x3 = ... y3 = ... z3 = ... where u1 = x1z2 ; u2 = x2z1 ; s1 = y1z2 ; s2 = y2z1 ; ... If P1 = P2 then the same formula applies, and: u1 = x1z2 and u2 = x2z1 are the same computation, s1 = y1z2 and s2 = y2z1 are the same computation. So Mod Mult will produce two pairs of identical leakage.

9 Attack Idea Choose a signing where there are fewest undetermined ops.
Different behaviour in one or both pairs → Pt Add Identical behaviour in both pairs → probably Pt Double An operation next to an Add must be a Double. Choose a signing where there are fewest undetermined ops. Try all possibilities for the key, the most likely first.

10 Some Probabilities Montgomery Mod Mult (MMM) was picked for illustration because it is well-understood. Prob of final conditional subtraction mod P : Multiplication by const C: pC = ½ Cr–n General Multiplication: pM = ¼ Pr–n ≈ ¼ (for EC-DSA, characteristic = gend Mersenne prime P ≈ r–n) For square and multiply to compute kP1, the same pt P is re-used every time. So use pC = ½ Cr–n.

11 Optimal Initial Points
For randomly blinded inputs, some P1 = (x1,y1,z1) will have small x1 & y1, and large z1. So, for random P2, u1 = x1z2 and s1 = y1z2 have condl subn with pr ≈ 0 u2 = x2z1 and s2 = y2z1 have condl subn with pr ≈ ½ This maximises the proby of distinguishing u1 from u2 or s1 from s2 This maximises the proby of deducing a Point Add (≈ ¾) This maximises the number of pt ops we can determine for a given secret key.

12 Optimal Keys For randomly blinded keys k, there are cases where more set bits means fewer undetermined ops. For some keys, the spacing of undetermined ops leads to a smaller search space, e.g. 3 undetermined ops might lead to 8 choices; but neighbouring ops must have a pattern: DDD, ADD, DAD, DDA or ADA – only 5 choices.

13 Example – Simulation Results
Key … Pt Opn DA DA D D DA D D DA D DDADDDADADADDDA… u1 subn … u2 subn … s1 subn … s2 subn … Diffnce Y Y Y Y Y Y Y Y… Known YY YY Y N YY Y N NN N NYYYNYYYYYYYNYY…

14 Computational Feasibility
EC-DSA curve P-192, sample of 512 signings: Lowest #unknown adds: (on average) Search Space: keys Effort (including key test): 1 minute on Pentium IV (less if I/O data is collected during side channel attack) This, and hence the attack, is computationally feasible. With 10n times the effort, 2n keys can be extracted (for small n at least)

15 Counter-Measures The attack depends on:
Leaky Modular Multiplier to help distinguish Add from Double; Exponentiation algorithm that reveals key from distinguishing Add from Double; Good randomisation / blinding – as in Coron’s counter-measures! So: Choose a more robust expn algorithm. If possible, choose less leaky HW

16 Conclusion Many essential and first-class SW counter-measures can be inadequate on their own. In particular, improving SW is probably not enough to fix existing leaky HW. Some keys can leak more than others. Keys used just once may be attacked. Randomisation may improve the chances of a successful attack.

Download ppt "Simple Power Analysis of"

Similar presentations

Side-Channel Attacks on RSA with CRT Weakness of RSA Alexander Kozak Jared Vanderbeck.

Side-Channel Attacks on RSA with CRT Weakness of RSA Alexander Kozak Jared Vanderbeck.
Randomized Signed-Scalar Multiplication of ECC to Resist Power Attacks JaeCheol Ha * and SangJae Moon ** * Korea Nazarene University **

Randomized Signed-Scalar Multiplication of ECC to Resist Power Attacks JaeCheol Ha * and SangJae Moon ** * Korea Nazarene University **
Is there Safety in Numbers against Side Channel Leakage? Colin D. Walter UMIST, Manchester, UK www.co.umist.ac.uk.

Is there Safety in Numbers against Side Channel Leakage? Colin D. Walter UMIST, Manchester, UK
C ● O ● M ● O ● D ● O RESEARCH LAB Longer Keys may Facilitate Side Channel Attacks (Bradford, UK) Colin.

C ● O ● M ● O ● D ● O RESEARCH LAB Longer Keys may Facilitate Side Channel Attacks (Bradford, UK) Colin.
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000 CHES 2000 Data Integrity in Hardware for Modular Arithmetic Colin Walter Computation Department,

C. Walter, Data Integrity for Modular Arithmetic, CHES 2000 CHES 2000 Data Integrity in Hardware for Modular Arithmetic Colin Walter Computation Department,
11 -1 Chapter 11 Randomized Algorithms. 11 -2 Randomized algorithms In a randomized algorithm (probabilistic algorithm), we make some random choices.

11 -1 Chapter 11 Randomized Algorithms Randomized algorithms In a randomized algorithm (probabilistic algorithm), we make some random choices.
Long Modular Multiplication for Cryptographic Applications Laszlo Hars Seagate Research Workshop on Cryptographic Hardware and Embedded Systems, CHES 2004.

Long Modular Multiplication for Cryptographic Applications Laszlo Hars Seagate Research Workshop on Cryptographic Hardware and Embedded Systems, CHES 2004.
Data Structures and Algorithm Analysis Hashing Lecturer: Jing Liu Homepage:

Data Structures and Algorithm Analysis Hashing Lecturer: Jing Liu Homepage:
Issues of Security with the Oswald-Aigner Exponentiation Algorithm Colin D Walter Comodo Research Lab, Bradford, UK www.comodogroup.com Colin D Walter.

Issues of Security with the Oswald-Aigner Exponentiation Algorithm Colin D Walter Comodo Research Lab, Bradford, UK Colin D Walter.
9th IMA Conference on Cryptography & Coding Dec 2003 More Detail for a Combined Timing and Power Attack against Implementations of RSA Werner Schindler.

9th IMA Conference on Cryptography & Coding Dec 2003 More Detail for a Combined Timing and Power Attack against Implementations of RSA Werner Schindler.
Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.

Digital Signatures A primer 1. Why public key cryptography? With secret key algorithms Number of key pairs to be generated is extremely large If there.
11 -1 Chapter 11 Randomized Algorithms. 11 -2 Randomized Algorithms In a randomized algorithm (probabilistic algorithm), we make some random choices.

11 -1 Chapter 11 Randomized Algorithms Randomized Algorithms In a randomized algorithm (probabilistic algorithm), we make some random choices.
Hashing Sections 10.2 – 10.3 CS 302 Dr. George Bebis.

Hashing Sections 10.2 – 10.3 CS 302 Dr. George Bebis.
Some Security Aspects of the Randomized Exponentiation Algorithm (Bradford, UK) Colin D. Walter M IST.

Some Security Aspects of the Randomized Exponentiation Algorithm (Bradford, UK) Colin D. Walter M IST.
Sliding Windows Succumbs to Big Mac Attack Colin D. Walter www.co.umist.ac.uk.

Sliding Windows Succumbs to Big Mac Attack Colin D. Walter
Precise Bounds for Montgomery Modular Multiplication and Some Potentially Insecure RSA Moduli Colin D. Walter formerly: www.co.umist.ac.uk (Manchester,

Precise Bounds for Montgomery Modular Multiplication and Some Potentially Insecure RSA Moduli Colin D. Walter formerly: (Manchester,
M IST : An Efficient, Randomized Exponentiation Algorithm for Resisting Power Analysis Colin D. Walter formerly: (Manchester, UK)

M IST : An Efficient, Randomized Exponentiation Algorithm for Resisting Power Analysis Colin D. Walter formerly: (Manchester, UK)
IEEE ARITH 17 Cape Cod, 27th – 29th June 2005 Data Dependent Power Use in Multipliers Colin D. Walter David Samyde

IEEE ARITH 17 Cape Cod, 27th – 29th June 2005 Data Dependent Power Use in Multipliers Colin D. Walter David Samyde
M IST : An Efficient, Randomized Exponentiation Algorithm for Resisting Power Analysis Colin D. Walter (Manchester, UK)

M IST : An Efficient, Randomized Exponentiation Algorithm for Resisting Power Analysis Colin D. Walter (Manchester, UK)
Precise Bounds for Montgomery Modular Multiplication and Some Potentially Insecure RSA Moduli Colin D. Walter formerly: www.co.umist.ac.uk (Manchester,

Precise Bounds for Montgomery Modular Multiplication and Some Potentially Insecure RSA Moduli Colin D. Walter formerly: (Manchester,

Similar presentations

Ads by Google