98 Hits in 4.7 sec

Defeating RSA Multiply-Always and Message Blinding Countermeasures [chapter]

Marc F. Witteman, Jasper G. J. van Woudenberg, Federico Menarini
2011 Lecture Notes in Computer Science  
We introduce a new correlation power attack on RSA's modular exponentiation implementations, defeating both message blinding and multiply-always countermeasures.  ...  Further we demonstrate that cross correlation analysis is ecient on hardware RSA implementations, even in the presence of message blinding and strong hiding countermeasures.  ...  Although this attack can defeat both message blinding and multiply-always countermeasures, there are known countermeasures that make it substantially harder (noise, oating clocks) or to virtually impossible  ... 
doi:10.1007/978-3-642-19074-2_6 fatcat:c4wihi7fivhsrbig52bnzisqpy

Power Analysis Attacks on the Right-to-Left Square-Always Exponentiation Algorithm

JaeCheol Ha, YongJe Choi, Dooho Choi, Hoonjae Lee
2014 Journal of Internet Services and Information Security  
In addition, the paper presents an improved right-to-left square-always algorithm resistant to existing and proposed power analysis attacks by using the additive message blinding method and the message  ...  This algorithm for RSA implementation is faster than existing regular countermeasures against side-channel attacks.  ...  Acknowledgments This work was supported by the KLA-SCARF project, the ICT R&D program of ETRI (Research on Key Leakage Analysis and Response Technologies)  ... 
doi:10.22667/jisis.2014.11.31.038 dblp:journals/jisis/HaCCL14 fatcat:4n2jo6s3arbhznazlrxm2g3ygy

ROSETTA for Single Trace Analysis [chapter]

Christophe Clavier, Benoit Feix, Georges Gagnerot, Christophe Giraud, Mylène Roussellet, Vincent Verneuil
2012 Lecture Notes in Computer Science  
It makes our attacks more robust against blinding countermeasures than previous methods even if both exponent and message are randomized, whatever the quality and length of random masks.  ...  Some known attacks on the RSA exponentiation apply this strategy, but cannot be used against classical blinding countermeasures.  ...  We show that classical combination of message, modulus and exponent blindings is not sufficient to counteract our analysis and we suggest more advanced countermeasures.  ... 
doi:10.1007/978-3-642-34931-7_9 fatcat:waracxvvsjcdfllbwto3jp2u4q

Revisiting and Evaluating Software Side-channel Vulnerabilities and Countermeasures in Cryptographic Applications [article]

Tianwei Zhang and Jun Jiang and Yinqian Zhang
2019 arXiv   pre-print
We systematize software side-channel attacks with a focus on vulnerabilities and countermeasures in the cryptographic implementations.  ...  We then evaluate popular libraries and applications, quantitatively measuring and comparing the vulnerability severity, response time and coverage.  ...  EdDSA Memory Page (TLB) [57] 1.2.1.c Square-and-Multiply-always RSA Branch [62] 1.2.2.a Double-and-Add-always RSA Memory Page (TLB) [57] 1.2.2.b Sliding window RSA Cacheline (PRIME-PROBE  ... 
arXiv:1911.09312v2 fatcat:o4am4aurlfajjkj7nuz3kbso6y

Weaknesses in Current RSA Signature Schemes [chapter]

Juliane Krämer, Dmitry Nedospasov, Jean-Pierre Seifert
2012 Lecture Notes in Computer Science  
Methods for recovering the full RSA private key have been known since 1978, whereas we present two specific methods for RSA CRT, with and without exponent blinding.  ...  Recovering a potentially blinded exponent is sufficient to sign messages in the RSA signature scheme. However, this is not true for RSA CRT.  ...  In particular we would like to thank Collin Mulliner and Christoph Bayer for their helpful and insightful input while writing the paper.  ... 
doi:10.1007/978-3-642-31912-9_11 fatcat:j3iqygyrivalrleogircnadzhq

Vertical and horizontal correlation attacks on RNS-based exponentiations

Guilherme Perin, Laurent Imbert, Philippe Maurine, Lionel Torres
2015 Journal of Cryptographic Engineering  
countermeasures like the exponent and message blinding.  ...  Side-channel attacks are a serious threat for physical implementations of public-key cryptosystems and notably for the RSA.  ...  In [29] , the authors presented a cross-correlation attack which can defeat the combination of message blinding (masked-inputs) and square-and-multiply-always countermeasures.  ... 
doi:10.1007/s13389-015-0095-0 fatcat:gaixhnguevbb3o3vhfsexcbe7a

Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations [chapter]

Aurélie Bauer, Eliane Jaulmes, Emmanuel Prouff, Justine Wild
2013 Lecture Notes in Computer Science  
A wide variety of countermeasures have been proposed and most of practical attacks are nowadays efficiently defeated by them.  ...  To defeat Horizontal attacks, the authors of the ICICS paper have proposed a set of new countermeasures.  ...  Existing Countermeasures The most popular countermeasures against Vertical advanced SCA is the exponent blinding and the multiplicative/additive message blinding (e.g. [6, 14] ).  ... 
doi:10.1007/978-3-642-36095-4_1 fatcat:hehtkxynp5bldbs5kzwmxfjk4a

Combined Attack on CRT-RSA [chapter]

Guillaume Barbu, Alberto Battistello, Guillaume Dabosville, Christophe Giraud, Guénaël Renault, Soline Renner, Rina Zeitoun
2013 Lecture Notes in Computer Science  
This article introduces a new Combined Attack on a CRT-RSA implementation resistant against Side-Channel Analysis and Fault Injection attacks.  ...  Indeed, such a value would allow the attacker to recover the RSA private key by computing the gcd of the public modulus and the faulty signature.  ...  We would also like to thank Jean-Sébastien Coron and the anonymous reviewers of PKC'13 for their valuable comments and suggestions.  ... 
doi:10.1007/978-3-642-36362-7_13 fatcat:q343go6pkjdojeqktiyqvvjrbi

Simple Power Analysis on Exponentiation Revisited [chapter]

Jean-Christophe Courrège, Benoit Feix, Mylène Roussellet
2010 Lecture Notes in Computer Science  
We detail the different ways to achieve this and then show that some blinded exponentiations can still be threatened by Simple Power Analysis depending on the implementation.  ...  Finally we will give advice on countermeasures to prevent such enhanced Simple Power Analysis techniques.  ...  Thanks also to Sean Commercial and Vincent Verneuil for their valuable comments and advice on this manuscript.  ... 
doi:10.1007/978-3-642-12510-2_6 fatcat:4bysihssnjfg7cguwuqprthozm

Horizontal Correlation Analysis on Exponentiation [chapter]

Christophe Clavier, Benoit Feix, Georges Gagnerot, Mylène Roussellet, Vincent Verneuil
2010 Lecture Notes in Computer Science  
Also, contrarily to the Big Mac attack, it applies even in the case of regular implementations such as the square and multiply always or the Montgomery ladder.  ...  We also point out that DSA and Diffie-Hellman exponentiations are no longer immune against CPA. Then we discuss the efficiency of known countermeasures, and we finally present some new ones.  ...  Acknowledgments The authors would like to thank Christophe Giraud and Sean Commercial for their valuable comments and advices on this manuscrit.  ... 
doi:10.1007/978-3-642-17650-0_5 fatcat:imvjhbr6hbgk7htjbrkvrnu4ca

Practical Second-Order Correlation Power Analysis on the Message Blinding Method and Its Novel Countermeasure for RSA

HeeSeok Kim, Tae Hyun Kim, Joong Chul Yoon, Seokhie Hong
2010 ETRI Journal  
One of the most efficient and secure countermeasures is the message blinding method, which includes the RSA derivative of the binary-with-randominitial-point algorithm on elliptical curve cryptosystems  ...  Recently power attacks on RSA cryptosystems have been widely investigated, and various countermeasures have been proposed.  ...  BRIP Countermeasure for RSA The message blinding method defends against first-order DPA attacks because intermediate values expected by an attacker are blinded by a random number at each execution.  ... 
doi:10.4218/etrij.10.0109.0249 fatcat:u4vnyici5naylmghj4n2vu2flu

Stochastic methods defeat regular RSA exponentiation algorithms with combined blinding methods

Margaux Dugardin, Werner Schindler, Sylvain Guilley
2021 Journal of Mathematical Cryptology  
In this article, we derive stochastic attacks to defeat Rivest-Shamir-Adleman (RSA) with Montgomery ladder regular exponentiation coupled with base blinding.  ...  In addition to this result, we also apply our method to the case of regular exponentiation, base blinding, and modulus blinding.  ...  We assume that the message has been blinded (message blinding, a.k.a. base blinding). The attack applies to both RSA with CRT and RSA without CRT.  ... 
doi:10.1515/jmc-2020-0010 fatcat:qntd46362fgcngxprtb2rfyyve

The Doubling Attack – Why Upwards Is Better than Downwards [chapter]

Pierre-Alain Fouque, Frederic Valette
2003 Lecture Notes in Computer Science  
Furthermore, this approach defeats two of the three countermeasures proposed by Coron at CHES '99.  ...  The recent developments of side channel attacks have lead implementers to use more and more sophisticated countermeasures in critical operations such as modular exponentiation, or scalar multiplication  ...  Coron's Second Countermeasure The second solution is based on the same idea as Chaum's blind RSA signature scheme.  ... 
doi:10.1007/978-3-540-45238-6_22 fatcat:x7fce7adm5e35mrrdvwyj3ruo4

A Survey of Differential Fault Analysis Against Classical RSA Implementations [chapter]

Alexandre Berzati, Cécile Canovas-Dumas, Louis Goubin
2012 Information Security and Cryptography  
Coron at CHES 1999 [19] and is also known as the Square & Multiply Always algorithm.  ...  message m by itself but by multiplying, at most log 2 (d) times, square powers of m.  ... 
doi:10.1007/978-3-642-29656-7_7 dblp:series/isc/BerzatiCG12 fatcat:4o5slwlbjfgb3fgucczr3qygxe

Double Exponentiation Algorithm Resistant to the Implementation Attacks on Cryptographic Device

Eunsoo Park, Jaecheol Ha
2017 Journal of Security Engineering  
We proposed a novel double exponentiation algorithm, which defeats most previous power analysis and fault injection attacks and can be adopted for secure RSA-CRT implementation. 44 1.  ...  fault injection attacks In this paper, we point out that the double addition chain exponentiation algorithm is vulnerable to the fault injection attack on input message and has inefficiency due to the  ...                ⋅  mod   ⋅    (1) Square-and-Multiply-Always 멱승 알고리듬 [Fig. 1] Square-and-Multiply-Always exponentiation algorithm 2.2 구현 공격 및 대응책 상기한 이진 멱승 알고리듬이나 Square-and-Multiply-Always  ... 
doi:10.14257/jse.2017.02.05 fatcat:qx53enrbujfedfu3xi5ckrma5i
« Previous Showing results 1 — 15 out of 98 results