Presentation is loading. Please wait.

Presentation is loading. Please wait.

A DPA Countermeasure by Randomized Frobenius Decomposition Tae-Jun Park, Mun-Kyu Lee*, Dowon Hong and Kyoil Chung * Inha University.

Published byPrudence Greer Modified over 9 years ago

Similar presentations

Presentation on theme: "A DPA Countermeasure by Randomized Frobenius Decomposition Tae-Jun Park, Mun-Kyu Lee*, Dowon Hong and Kyoil Chung * Inha University."— Presentation transcript:

1 A DPA Countermeasure by Randomized Frobenius Decomposition Tae-Jun Park, Mun-Kyu Lee*, Dowon Hong and Kyoil Chung * Inha University

2 WISA 2005 2 Outline Side channel analysis Side channel analysis I Frobenius expansion Frobenius expansion II Random decomposition Random decomposition III Conclusion Conclusion IV

3 WISA 2005 3 Power Analysis  Kocher, Crypto 99 Powerful technique to recover the secret information by monitoring power signal Two kinds of power analysis - SPA : Simple power analysis - DPA : Differential power analysis

4 WISA 2005 4 Power Analysis on Elliptic Curve  Coron, CHES 99 Naïve implementation of ECC are highly vulnerable to SPA and DPA Various methods have been proposed - Hasan suggested several countermeasures on Koblitz curves, 2001, IEEE Transactions on computers - Ciet et al. proposed randomizing the GLV decomposition to prevent DPA in GLV curves CHES 2002

5 WISA 2005 5 The Goal of This Talk New Countermeasure against DPA on ECC Applied to any curve where Frobenius method can be used Two dimensional generalization of Coron’s method 15.3 ~34.0% extra computations

6 WISA 2005 6 Elliptic Curve  Let be the prime power is of or Otherwise x y - To avoid the MOV attack Use only nonsupersingular elliptic curve

7 WISA 2005 7 Frobenius Endomorphism The Frobenius endomorphisms of The minimal polynomial of the Frobenius endomorphism

8 WISA 2005 8 Frobenius Expansion-(1) The endomorphism ring of nonsupersingular elliptic curve is the order in the imaginary quadratic field The ring is a subring of the endomorphism ring Mueller proposed a Frobenius expansion method by iterating divisions - fast scalar multiplication on elliptic curves over small fields of characteristic two - Division by the Frobenius endomorphism in the ring

9 WISA 2005 9 Division by in the looks like division by complex number in the Gaussian integer Lemma: Suppose that be even (resp., odd) prime power. Let. There exists an integer and an element s.t. Frobenius Expansion-(2)

10 WISA 2005 10 Frobenius Expansion-(3) By iterating the process of divisions by with remainder, one can expand with

11 WISA 2005 11 Division by in -(1)

12 WISA 2005 12 Let be the lattice generated by 1 and : is isomorphic to All elements in which can be divided by for example, all numbers divided by 2 is of the form The set of such elements is generated by and : Division by in -(2)

13 WISA 2005 13 Divide by with remainder - If, then there exist s. t. - If not, move horizontally left or right to for suitable Division by in -(3)

14 WISA 2005 14 Random Decomposition-(1) Transform to random lattice - Choose random integer where

15 WISA 2005 15 Random Decomposition-(2)

16 WISA 2005 16 Random Decomposition-(3)

17 WISA 2005 17 Random Decomposition-(4) Lemma : For any, we can find s. t. with the Euclidean length of is bounded by

18 WISA 2005 18 Random Decomposition-(5)

19 WISA 2005 19 Scalar Multiplication Scalar multiplication - is expanded as - By Mueller’s expansion method - A scalar multiplication

20 WISA 2005 20 Overhead

21 WISA 2005 21 Conclusion Our method can be applied to all kind of elliptic curves It can be used in conjunction with other countermeasure It will be generalized to hyperelliptic curves

Download ppt "A DPA Countermeasure by Randomized Frobenius Decomposition Tae-Jun Park, Mun-Kyu Lee*, Dowon Hong and Kyoil Chung * Inha University."

Similar presentations

Attacking Cryptographic Schemes Based on Perturbation Polynomials Martin Albrecht (Royal Holloway), Craig Gentry (IBM), Shai Halevi (IBM), Jonathan Katz.

Attacking Cryptographic Schemes Based on Perturbation Polynomials Martin Albrecht (Royal Holloway), Craig Gentry (IBM), Shai Halevi (IBM), Jonathan Katz.
CRT RSA Algorithm Protected Against Fault Attacks WISTP - 5/10/07 Arnaud BOSCHER Spansion EMEA Robert NACIRI Oberthur Card Systems Emmanuel PROUFF Oberthur.

CRT RSA Algorithm Protected Against Fault Attacks WISTP - 5/10/07 Arnaud BOSCHER Spansion EMEA Robert NACIRI Oberthur Card Systems Emmanuel PROUFF Oberthur.
Randomized Signed-Scalar Multiplication of ECC to Resist Power Attacks JaeCheol Ha * and SangJae Moon ** * Korea Nazarene University **

Randomized Signed-Scalar Multiplication of ECC to Resist Power Attacks JaeCheol Ha * and SangJae Moon ** * Korea Nazarene University **
Fearful Symmetry: Can We Solve Ideal Lattice Problems Efficiently?

Fearful Symmetry: Can We Solve Ideal Lattice Problems Efficiently?
Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.

Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.
Mathematics of Cryptography Part II: Algebraic Structures

Mathematics of Cryptography Part II: Algebraic Structures
1 390-Elliptic Curves and Elliptic Curve Cryptography Michael Karls.

1 390-Elliptic Curves and Elliptic Curve Cryptography Michael Karls.
Lecture 8: Lattices and Elliptic Curves

Lecture 8: Lattices and Elliptic Curves
Is there Safety in Numbers against Side Channel Leakage? Colin D. Walter UMIST, Manchester, UK www.co.umist.ac.uk.

Is there Safety in Numbers against Side Channel Leakage? Colin D. Walter UMIST, Manchester, UK
What is Elliptic Curve Cryptography?

What is Elliptic Curve Cryptography?
Notation Intro. Number Theory Online Cryptography Course Dan Boneh

Notation Intro. Number Theory Online Cryptography Course Dan Boneh
Theoretical Program Checking Greg Bronevetsky. Background The field of Program Checking is about 13 years old. Pioneered by Manuel Blum, Hal Wasserman,

Theoretical Program Checking Greg Bronevetsky. Background The field of Program Checking is about 13 years old. Pioneered by Manuel Blum, Hal Wasserman,
Advanced Information Security 4 Field Arithmetic

Advanced Information Security 4 Field Arithmetic
Hidden Markov Model Cryptanalysis Chris Karlof and David Wagner.

Hidden Markov Model Cryptanalysis Chris Karlof and David Wagner.
Hashing Techniques.

Hashing Techniques.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
Windows Core Security1© 2006 Microsoft Corp Cryptography: Helping Number Theorists Bring Home the Bacon Since 1977 Dan Shumow SDE Windows Core Security.

Windows Core Security1© 2006 Microsoft Corp Cryptography: Helping Number Theorists Bring Home the Bacon Since 1977 Dan Shumow SDE Windows Core Security.
The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.

The RSA Cryptosystem and Factoring Integers (II) Rong-Jaye Chen.
Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.

Side-Channel Attacks on Smart Cards. Timing Analysis Cryptosystems take different amount of time to process different inputs. Performance optimisations.
Chapter II. THE INTEGERS

Chapter II. THE INTEGERS

Similar presentations

Ads by Google