Presentation is loading. Please wait.

Presentation is loading. Please wait.

9th IMA Conference on Cryptography & Coding Dec 2003 More Detail for a Combined Timing and Power Attack against Implementations of RSA Werner Schindler.

Published byBeryl Jenkins Modified over 9 years ago

Similar presentations

Presentation on theme: "9th IMA Conference on Cryptography & Coding Dec 2003 More Detail for a Combined Timing and Power Attack against Implementations of RSA Werner Schindler."— Presentation transcript:

1 9th IMA Conference on Cryptography & Coding Dec 2003 More Detail for a Combined Timing and Power Attack against Implementations of RSA Werner Schindler Werner.Schindler@bsi.bund.de Colin D. Walter Colin.Walter@comodogroup.com

2 9th IMA Conference on Cryptography & Coding Dec 2003 2/20 Overview History Montgomery’s Mod Mult Algorithm Assumptions Output Distributions Distinguishing Secret Exponent Digits Simulation Results Counter-Measures Conclusion

3 9th IMA Conference on Cryptography & Coding Dec 2003 3/20 History Kocher et al (1996,1997): Timing and Power Attacks on smart cards – the concepts. Dhem et al (1998): Initial stats on observed data. Walter & Thompson (2001): Theoretical explanation. Schindler (2002): Statistical detail when distributions can be computed. Here: Treating mod mult n and exp n algorithms which may be used in practice.

4 9th IMA Conference on Cryptography & Coding Dec 2003 4/20 Timing and power attacks – basic ideas yiyi y i d (mod M) Timing attacks exploit time differences needed for various input values. t i (measured running time) Power attacks exploit the power consumption. t I(t) Visa 4527 6604 9152 4560 WALTER SCHINDLER Expires 12/2003

5 9th IMA Conference on Cryptography & Coding Dec 2003 5/20 Montgomery Modular Multiplication Notation: r = base of representation; R = r n = Montgomery factor. { Pre-condition: 0  A < R = r n } P  0 ; For i  0 to n  1 do Begin q  (p 0 +a i b 0 )(–m 0 –1 ) mod r ; P  (P + a i B + qM) div r ; End ; { Post-conditions: Pr n  A×B mod M, ABr –n  P < M + ABr –n } If P ≥ M then P  P–M ; ________________________ If P ≥ R then P  P–M ; { for better efficiency }

6 9th IMA Conference on Cryptography & Coding Dec 2003 6/20 Main Assumptions There is a side channel “oracle” which says when the conditional subtraction occurs (given by power measurement of mod mult times). The same secret exponent d is re-used without blinding for a number of decryptions. m-ary or sliding windows exponentiation. The correctness of d can be checked. (Knowledge of M and I/O is not assumed.)

7 9th IMA Conference on Cryptography & Coding Dec 2003 7/20 Case: Condition P ≥ M MMM output equi-distributed on [0..M). MMM inputs either: –pre-computed C (i) ≡ C i R mod M (typically i = 1,3) –from previous equi-distributed output. C (i) / 2R is probability of conditional subtraction for input C (i) and a previous MMM output. Exponent digits are deduced by computing and comparing the conditional probabilities of the observed extra reductions given those for each C (i) using a few hundred ciphertexts C.

8 9th IMA Conference on Cryptography & Coding Dec 2003 8/20 Case: Condition P ≥ R Output not uniform on [0..R), not the same from one multiplication to the next – they are history dependent. If  n+1 is the distribution given by MMM-squaring an input from  n then  n converges uniformly to a numerically computable limit . (There are monotonicity properties.) Similar distribution properties hold when  n+1 is derived using MMM with an input from  n and the fixed pre-computed constant C (i). They are very dependent on the ratio C (i) /M. Also of interest:  n+1 derived by using MMM with two independent inputs from  n.

9 9th IMA Conference on Cryptography & Coding Dec 2003 9/20 Limit Distributions M –1 0 0 R–M MR Squaring Mult by 3M/2 Indep mults Case of M = 0.525R Always 3 sub-intervals of interest: [0,R–M), [R–M,M) and [M,R).

10 9th IMA Conference on Cryptography & Coding Dec 2003 10/20 2 4 -ary Exponentiation S = squaring; M j = multiplication by the jth table entry C (j) from pre-computation phase. Example: b = 4 bits in exp rep n (16-ary exponentiation). Secret Exp d = 1001 00110000 1011 init SSSSM 3 SSSS SSSSM 11 Table Entries: C (9) C (3) C (11)

11 9th IMA Conference on Cryptography & Coding Dec 2003 11/20 Deducing the Exponent If we have deduced the first n digits of exponent d then: – we can deduce the approximate distribution for inputs to the next mult or square in the exp scheme; and – use the observed prob of the extra reduction (conditional subtraction) to deduce what operation it was, and which digit of d if it is a mult. For sliding windows of b bits, we expect sequences of b or more squarings followed by a multiplication. – this enables us to check some deductions.

12 9th IMA Conference on Cryptography & Coding Dec 2003 12/20 Digit Deduction: (1 denotes extra reduction) sample init. phase comp. phase 1 2.... i...... 1 3............ 2 b –1 1 1 0...... 1 0 0.... 1...... N–1 0 0...... 0 1 0.... 0...... 2 0 1...... 1 0 0.... 0...... N 0 0...... 1 0 1.... 1........... guess op type T(i)

13 9th IMA Conference on Cryptography & Coding Dec 2003 13/20 Error Detection and Correction M 3 S M 3 Correct op types: S S S M 1 S S S M 1 S Type “a” error: S S S M 1 S M 3 S M 1 S Type “b” error: S S S S S S S M 1 S Type “c” error: S S S M 3 S S S M 1 S Type a: usually obvious. The sequence of squarings is often impossible, so there must be an error. (“Local” if clear from context; else “global”.) Type b: the location is usually clear for m-ary. For sliding windows, this may be correct, but total number of these errors is ~known (since #S’s is fixed). Type c: the most difficult errors to locate because the sequence of op types T(i) is consistent. Note the differences between m-ary & sliding windows.

14 9th IMA Conference on Cryptography & Coding Dec 2003 14/20 Attack Efficiency – Simulation Results 4-ary Exp n Errors per 100 op guesses M/R Ntype atype btype c 0.99350 0.53 0.11 0.29 0.67 0.99400 0.37 0.07 0.21 0.04 0.85400 0.74 1.58 0.12 0.06 0.85450 0.54 0.11 0.62 0.03 0.85500 0.44 0.08 0.03 0.25 0.70700 1.24 0.19 0.22 0.35 N = sample size global type a

15 9th IMA Conference on Cryptography & Coding Dec 2003 15/20 Number of Global Errors 4-ary Exp n #Errors (except local type a) M/R N 0 ≤ 1 ≤ 2 ≤ 3 0.99 35010%31%49% 64% 0.9940016% 46% 62% 78% 0.8540019% 43% 60% 71% 0.8545033% 62% 80% 90% 0.8550046% 76% 90% 97% 0.7070035% 60% 71% 76% N = sample size

16 9th IMA Conference on Cryptography & Coding Dec 2003 16/20 Optimal Decision Strategy Optimal strategy: minimise the expected loss. Example: – Assign loss according to expected cost of correcting errors, e.g. cost 1 for type a error; cost 1.5 for type b error; cost 2.5 for type c error. – (Simplification: forget previous history.) Estimate distribution purely using a linear combination of limit cases, where weights correspond to expected frequency of op type. – Determine the conditional prob y of each op type T(i). – Compute expected loss for each guess (hypothesis) of op type. – Create list of hypotheses for each op type, ranked by expected loss. – Work through most likely alternatives till correct d is found.

17 9th IMA Conference on Cryptography & Coding Dec 2003 17/20 Rank of last correct but rejected Guess 512-bit d # Global Errors M/R N 1 2 3 0.993503166 63 0.9940030 25 57 0.8540039 57 55 0.8545022 37 59 0.8550024 57 70 0.7070063 132 271 N = sample size

18 9th IMA Conference on Cryptography & Coding Dec 2003 18/20 Computational Feasibility For modulus M/R = 0.99, n = 512 bits, N = 400 samples, the tables say: – 78% of cases have ≤ 3 errors; – 57 is the average rank of the last correct but rejected hypothesis. So usually it will suffice to: – check the first 100 rejected cases; – select up to 3 rejected hypotheses. 100 3 This requires ~ ( ) = 161700 evaluations of the reference property to establish the correct key d. This, and hence the attack, is computationally feasible.

19 9th IMA Conference on Cryptography & Coding Dec 2003 19/20 Counter-Measures The attack depends on using the same unblinded key many times: instead, add a random multiple of  (M) for each decryption; or Perform the subtraction every time, and select the new or previous value as appropriate (so no timing difference); or Modify MMM: never perform the subtraction (again no timing difference) but, instead, work entirely with values bounded by 2M.

20 9th IMA Conference on Cryptography & Coding Dec 2003 20/20 Conclusion We have illuminated some of the difficulties in recovering a secret key using a timing+power attack on a typical implementation of RSA. – The MMM distributions are not identical or uniform, but depend on previous operations and M/R. – Sliding windows has been treated, not just m-ary exp. –Error correction is computationally feasible. So standard length secret keys can be recovered before the life of the key expires. –CRT implementations can be attacked similarly. There are standard counter-measures which should always be applied.

Download ppt "9th IMA Conference on Cryptography & Coding Dec 2003 More Detail for a Combined Timing and Power Attack against Implementations of RSA Werner Schindler."

Similar presentations

Side-Channel Attacks on RSA with CRT Weakness of RSA Alexander Kozak Jared Vanderbeck.

Side-Channel Attacks on RSA with CRT Weakness of RSA Alexander Kozak Jared Vanderbeck.
CRT RSA Algorithm Protected Against Fault Attacks WISTP - 5/10/07 Arnaud BOSCHER Spansion EMEA Robert NACIRI Oberthur Card Systems Emmanuel PROUFF Oberthur.

CRT RSA Algorithm Protected Against Fault Attacks WISTP - 5/10/07 Arnaud BOSCHER Spansion EMEA Robert NACIRI Oberthur Card Systems Emmanuel PROUFF Oberthur.
On-line learning and Boosting

On-line learning and Boosting
1 COMM 301: Empirical Research in Communication Lecture 15 – Hypothesis Testing Kwan M Lee.

1 COMM 301: Empirical Research in Communication Lecture 15 – Hypothesis Testing Kwan M Lee.
Is there Safety in Numbers against Side Channel Leakage? Colin D. Walter UMIST, Manchester, UK www.co.umist.ac.uk.

Is there Safety in Numbers against Side Channel Leakage? Colin D. Walter UMIST, Manchester, UK
1 Chapter 4 Experiments with Blocking Factors. 2 4.1 The Randomized Complete Block Design Nuisance factor: a design factor that probably has an effect.

1 Chapter 4 Experiments with Blocking Factors The Randomized Complete Block Design Nuisance factor: a design factor that probably has an effect.
4.3 Confidence Intervals -Using our CLM assumptions, we can construct CONFIDENCE INTERVALS or CONFIDENCE INTERVAL ESTIMATES of the form: -Given a significance.

4.3 Confidence Intervals -Using our CLM assumptions, we can construct CONFIDENCE INTERVALS or CONFIDENCE INTERVAL ESTIMATES of the form: -Given a significance.
C ● O ● M ● O ● D ● O RESEARCH LAB Longer Keys may Facilitate Side Channel Attacks (Bradford, UK) Colin.

C ● O ● M ● O ● D ● O RESEARCH LAB Longer Keys may Facilitate Side Channel Attacks (Bradford, UK) Colin.
C. Walter, Data Integrity for Modular Arithmetic, CHES 2000 CHES 2000 Data Integrity in Hardware for Modular Arithmetic Colin Walter Computation Department,

C. Walter, Data Integrity for Modular Arithmetic, CHES 2000 CHES 2000 Data Integrity in Hardware for Modular Arithmetic Colin Walter Computation Department,
Hidden Markov Model Cryptanalysis Chris Karlof and David Wagner.

Hidden Markov Model Cryptanalysis Chris Karlof and David Wagner.
Fundamentals of Forensic DNA Typing Slides prepared by John M. Butler June 2009 Appendix 3 Probability and Statistics.

Fundamentals of Forensic DNA Typing Slides prepared by John M. Butler June 2009 Appendix 3 Probability and Statistics.
1 Statistical Inference H Plan: –Discuss statistical methods in simulations –Define concepts and terminology –Traditional approaches: u Hypothesis testing.

1 Statistical Inference H Plan: –Discuss statistical methods in simulations –Define concepts and terminology –Traditional approaches: u Hypothesis testing.
Chapter 7: Statistical Applications in Traffic Engineering

Chapter 7: Statistical Applications in Traffic Engineering
Chapter 7(7b): Statistical Applications in Traffic Engineering Chapter objectives: By the end of these chapters the student will be able to (We spend 3.

Chapter 7(7b): Statistical Applications in Traffic Engineering Chapter objectives: By the end of these chapters the student will be able to (We spend 3.
Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.

Dr. Lo’ai Tawalbeh Summer 2007 Chapter 9 – Public Key Cryptography and RSA Dr. Lo’ai Tawalbeh New York Institute of Technology (NYIT) Jordan’s Campus INCS.
Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea 34901784 443099

Introduction to Cryptography and Security Mechanisms: Unit 5 Theoretical v Practical Security Dr Keith Martin McCrea
1 Analysis of Variance This technique is designed to test the null hypothesis that three or more group means are equal.

1 Analysis of Variance This technique is designed to test the null hypothesis that three or more group means are equal.
Resampling techniques Why resampling? Jacknife Cross-validation Bootstrap Examples of application of bootstrap.

Resampling techniques Why resampling? Jacknife Cross-validation Bootstrap Examples of application of bootstrap.
Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.

Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.
Evaluating Hypotheses

Evaluating Hypotheses

Similar presentations

Ads by Google