Abstract
Recently, many research works have been reported about how physical cryptanalysis can be carried out on cryptographic devices by exploiting any possible leaked information through side channels. In this paper, we demonstrate a new type of safe-error based hardware fault cryptanalysis which is mounted on a recently reported countermeasure against simple power analysis attack. This safe-error based attack is developed by inducing a temporary random computational fault other than a temporary memory fault which was explicitly assumed in the first published safe-error based attack (in which more precisions on timing and fault location are assumed) proposed by Yen and Joye. Analysis shows that the new safe-error based attack proposed in this paper is powerful and feasible because the cryptanalytic complexity (especially the computational complexity) is quite small and the assumptions made are more reasonable. Existing research works considered many possible countermeasures against each kind of physical cryptanalysis. This paper and a few previous reports clearly show that a countermeasure developed against one physical attack does not necessarily thwart another kind of physical attack. However, almost no research has been done on dealing the possible mutual relationship between different kinds of physical cryptanalysis when choosing a specific countermeasure. Most importantly, in this paper we wish to emphasize that a countermeasure developed against one physical attack if not carefully examined may benefit another physical attack tremendously. This issue has never been explicitely noticed previously but its importance can not be overlooked because of the attack found in this paper. Notice that almost all the issues considered in this paper on a modular exponentiation also applies to a scalar multiplication over an elliptic curve.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
R.L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystem,” Commun. of ACM, vol. 21, no. 2, pp. 120–126, 1978.
T. ElGamal, “A public key cryptosystem and a signature scheme based on discrete logarithms,” IEEE Trans. Inf. Theory, vol. 31, no. 4, pp. 469–472, 1985.
R. Anderson and M. Kuhn, “Tamper resistance-a cautionary note,” In Proceedings of the 2nd USENIX Workshop on Electronic Commerce, pp. 1–11, 1996.
R. Anderson and M. Kuhn, “Low cost attacks on tamper resistant devices,” In Preproceedings of the 1997 Security Protocols Workshop, Paris, France, 7–9th April 1997.
D. Boneh, “Twenty years of attacks on the RSA cryptosystem,” Notices of the AMS, vol. 46, no. 2, pp. 203–213, Feb 1999.
Bellcore Press Release, “New threat model breaks crypto codes,” Sept. 1996, available at URL <http://www.bellcore.com/PRESS/ADVSRY96/facts.html>.
D. Boneh, R.A. DeMillo, and R.J. Lipton, “On the importance of checking cryptographic protocols for faults,” In Advances in Cryptology-EUROCRYPT’97, LNCS 1233, pp. 37–51, Springer-Verlag, 1997.
F. Bao, R.H. Deng, Y. Han, A. Jeng, A.D. Narasimbalu, and T. Ngair, “Breaking public key cryptosystems on tamper resistant devices in the presence of transient faults,” In Pre-proceedings of the 1997 Security Protocols Workshop, Paris, France, 1997.
Y. Zheng and T. Matsumoto, “Breaking real-world implementations of cryptosystems by manipulating their random number generation,” In Pre-proceedings of the 1997 Symposium on Cryptography and Information Security, Fukuoka, Japan, 29th January–1st February 1997. An earlier version was presented at the rump session of ASIACRYPT’96.
I. Peterson, “Chinks in digital armor-Exploiting faults to break smart-card cryptosystems,” Science News, vol. 151, no. 5, pp. 78–79, 1997.
M. Joye, J.-J. Quisquater, F. Bao, and R.H. Deng, “RSA-type signatures in the presence of transient faults,” In Cryptography and Coding, LNCS 1355, pp. 155–160, Springer-Verlag, 1997.
D.P. Maher, “Fault induction attacks, tamper resistance, and hostile reverse engineering in perspective,” In Financial Cryptography, LNCS 1318, pp. 109–121, Springer-Verlag, Berlin, 1997.
E. Biham and A. Shamir, “Differential fault analysis of secret key cryptosystems,” In Advances in Cryptology-CRYPTO’97, LNCS 1294, pp. 513–525, Springer-Verlag, Berlin, 1997.
A.K. Lenstra, “Memo on RSA signature generation in the presence of faults,” September 1996.
M. Joye, A.K. Lenstra, and J.-J. Quisquater, “Chinese remaindering based cryptosystems in the presence of faults,” Journal of Cryptology, vol. 12, no. 4, pp. 241–245, 1999.
M. Joye, F. Koeune, and J.-J. Quisquater, “Further results on Chinese remaindering,” Tech. Report CG-1997/1, UCL Crypto Group, Louvain-la-Neuve, March 1997.
A. Shamir, “How to check modular exponentiation,” presented at the rump session of EUROCRYPT’97, Konstanz, Germany, 11–15th May 1997.
A. Shamir, “Method and apparatus for protecting public key schemes from timing and fault attacks,” United States Patent 5991415, November 23, 1999.
S.M. Yen and M. Joye, “Checking before output may not be enough against faultbased cryptanalysis,” IEEE Trans. on Computers, vol. 49, no. 9, pp. 967–970, Sept. 2000.
P.J. Smith and M.J.J. Lennon, “LUC: A new public key system,” In Ninth IFIP Symposium on Computer Security, Elsevier Science Publishers, pp. 103–117, 1993.
I.F. Blake, G. Seroussi, and N.P. Smart. Elliptic curves in cryptography. vol. 265 of London Mathematical Society Lecture Note Series, Cambridge University Press, 1999.
P. Kocher, “Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems,” In Advances in Cryptology-CRYPTO’96, LNCS 1109, pp. 104–113, Springer-Verlag, 1996.
J.F. Dhem, F. Koeune, P.A. Leroux, P. Mestre, J.J. Quisquater, and J.L. Willems, “A practical implementation of the timing attack,” Technical Report CG-1998/1, UCL Crypto Group, Université catholique de Louvain, June 1998.
J.F. Dhem, F. Koeune, P.A. Leroux, P. Mestre, J.J. Quisquater, and J.L. Willems, “A practical implementation of the timing attack,” In Proceedings of CARDIS’ 98-Third Smart Card Research and Advanced Application Conference, UCL, Louvainla-Neuve, Belgium, Sep. 14–16, 1998.
F. Koeune and J.-J. Quisquater, “A timing attack against Rijndael,” Technical Report CG-1999/1, Université catholique de Louvain, June 1999.
W. Schindler, “A timing attack against RSA with the Chinese Remainder Theorem,” In Cryptographic Hardware and Embedded Systems-CHES 2000, LNCS 1965, pp. 109–124, Springer-Verlag, 2000.
B.S. Kaliski Jr. and M.J.B. Robshaw, “Comments on some new attacks on cryptographic devices,” RSA Laboratories Bulletin, no. 5, July 1997.
P. Kocher, J. Jaffe and B. Jun, “Introduction to differential power analysis and related attacks,” 1998, available at URL <http://www.cryptography.com/dpa/technical>.
P. Kocher, J. Jaffe and B. Jun, “Differential power analysis,” In Advances in Cryptology-CRYPTO’99, LNCS 1666, pp. 388–397, Springer-Verlag, 1999.
T.S. Messerges, E.A. Dabbish, and R.H. Sloan, “Power analysis attacks of modular exponentiation in smartcards,” In Cryptographic Hardware and Embedded Systems-CHES’ 99, LNCS 1717, pp. 144–157, Springer-Verlag, 1999.
C. Clavier, J.-S. Coron, and N. Dabbous, “Differential power analysis in the presence of hardware countermeasures,” In Cryptographic Hardware and Embedded Systems-CHES 2000, LNCS 1965, pp. 252–263, Springer-Verlag, 2000.
K. Okeya and K. Sakurai, “Power analysis breaks elliptic curve cryptosystems even secure against the timing attack,” In Advances in Cryptology-INDOCRYPT2000, LNCS 1977, pp. 178–190, Springer-Verlag, 2000.
C.D. Walter, “Sliding windows succumbs to big mac attack,” In Pre-proceedings of Workshop on Cryptographic Hardware and Embedded Systems-CHES 2001, pp. 291–304, May 13–16, 2001.
C. Clavier and M. Joye, “Universal exponentiation algorithm: A first step towards provable SPA-resistance,” In Pre-proceedings of Workshop on Cryptographic Hardware and Embedded Systems-CHES 2001, pp. 305–314, May 13–16, 2001.
T.S. Messerges, E.A. Dabbish, and R.H. Sloan, “Investigations of power analysis attacks on smartcards,” In Proceedings of USENIX Workshop on Smartcard Technology, pp. 151–161, May 1999.
L. Goubin and J. Patarin, “DES and differential power analysis-The duplication method,” In Cryptographic Hardware and Embedded Systems-CHES’ 99, LNCS 1717, pp. 158–172, Springer-Verlag, 1999.
E. Biham and A. Shamir, “Power analysis of the key scheduling of the AES candidates,” In Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, pp. 115–121, March 1999, available at URL <http://csrc.nist.gov/encryption/aes/round1/Conf2/aes2conf.html>.
S. Chari, C.S. Jutla, J.R. Rao, and P. Rohatgi, “A cautionary note regarding evaluation of AES candidates on smart-cards,” In Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, pp. 133–147, March 1999, available at URL <http://csrc.nist.gov/encryption/aes/round1/Conf2/aes2conf.html>.
S. Chari, C.S. Jutla, J.R. Rao, and P. Rohatgi, “Towards sound approaches to counteract power-analysis attacks,” In Advances in Cryptology-CRYPTO’99, LNCS 1666, pp. 398–412, Springer-Verlag, 1999.
J. Daemen and V. Rijmen, “Resistance against implementation attacks: A comparative study of the AES proposals,” In Proceedings of the Second Advanced Encryption Standard (AES) Candidate Conference, pp. 122–132, March 1999, available at URL <http://csrc.nist.gov/encryption/aes/round1/Conf2/aes2conf.html>.
P.N. Fahn and P.K. Pearson, “IPA: A new class of power attacks,” In Cryptographic Hardware and Embedded Systems-CHES’ 99, LNCS 1717, pp. 173–186, Springer-Verlag, 1999.
T.S. Messerges, “Securing the AES finalists against power analysis attacks,” In Proceedings of Fast Software Encryption Workshop-FSE 2000, LNCS 1978, Springer-Verlag, 2000.
J.-S. Coron and L. Goubin, “On boolean and arithmetic masking against differential power analysis,” In Cryptographic Hardware and Embedded Systems-CHES 2000, LNCS 1965, pp. 231–237, Springer-Verlag, 2000.
T.S. Messerges, “Using second-order power analysis to attack DPA resistant software,” In Cryptographic Hardware and Embedded Systems-CHES 2000, LNCS 1965, pp. 238–251, Springer-Verlag, 2000.
L. Goubin, “A sound method for switching between boolean and arithmetic masking,” In Pre-proceedings of Workshop on Cryptographic Hardware and Embedded Systems-CHES 2001, pp. 3–15, May 13–16, 2001.
M. Akkar and C. Giraud, “An implementation of DES and AES, secure against some attacks,” In Pre-proceedings of Workshop on Cryptographic Hardware and Embedded Systems-CHES 2001, pp. 315–325, May 13–16, 2001.
A.J. Menezes, P.C. van Oorschot, and S.A. Vanstone. Handbook of applied cryptography. CRC Press, 1997.
G.R. Blakley, “A computer algorithm for the product AB modulo M,” IEEE Transactions on Computers, vol. 32, no. 5, pp. 497–500, May 1983.
K.R. Sloan, Jr., Comments on “A computer algorithm for the product AB modulo M,” IEEE Transactions on Computers, vol. 34, no. 3, pp. 290–292, March 1985.
Ç.K. Koç, “RSA hardware implementation,” Technical Report TR 801, RSA Laboratories, Redwood City, April 1996
S.M. Yen and S.Y. Tseng, “Differential power cryptanalysis of a Rijndael implementation,” LCIS Technical Report TR-2K1-9, Dept. of Computer Science and Information Engineering, National Central University, Taiwan, May 3, 2001.
M. Joye, J.-J. Quisquater, S.M. Yen, and M. Yung, “Observability analysis-detecting when improved cryptosystems fail,” In Proceedings of the CT-RSA 2002 Conference, 2002. (to appear)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2002 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Sung-Ming, Y., Kim, S., Lim, S., Moon, S. (2002). A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack. In: Kim, K. (eds) Information Security and Cryptology — ICISC 2001. ICISC 2001. Lecture Notes in Computer Science, vol 2288. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-45861-1_31
Download citation
DOI: https://doi.org/10.1007/3-540-45861-1_31
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-43319-4
Online ISBN: 978-3-540-45861-6
eBook Packages: Springer Book Archive