86 Hits in 2.8 sec

SPA-Based Adaptive Chosen-Ciphertext Attack on RSA Implementation [chapter]

Roman Novak
2002 Lecture Notes in Computer Science  
We describe an adaptive chosen-ciphertext attack on a smart card implementation of the RSA decryption algorithm in the presence of side-channel information leakage.  ...  The findings can be used to eventually improve future implementations of fast RSA decryption.  ...  The adversary can control the output x of the RSA decryption by feeding the card with x e mod n. The attack may be classified as SPA-based adaptive chosen-ciphertext attack.  ... 
doi:10.1007/3-540-45664-3_18 fatcat:hg4xdmuhd5e5rhq3eevlv7kzru

Universal Exponentiation Algorithm A First Step towards Provable SPA-Resistance [chapter]

Christophe Clavier, Marc Joye
2001 Lecture Notes in Computer Science  
As a result, we hopefully tend to reconcile the provable security notions of modern cryptography with real-world implementations of exponentiation-based cryptosystems.  ...  Our aim is to transfer the security of the exponentiation method being implemented to the exponent itself.  ...  The strongest attacks one can imagine (at the protocol level) are the so-called adaptive chosen-ciphertext attacks (CCA2).  ... 
doi:10.1007/3-540-44709-1_25 fatcat:rjc4wjlysbbsdbxnt7uk5oacbe

A Survey and Analysis of Security Issues on RSA Algorithm

Kunal Gagneja, K. John Singh
2015 Research Journal of Applied Sciences Engineering and Technology  
Generally, security is calculated only on the basis of brute force attack and advancements in algorithms, hardware and software architectures are ignored.  ...  In this study, problems are identified based upon mathematical architecture of RSA and same observations are used in removal of defects.  ...  An adaptive chosen-ciphertext attack on a smart card implementation of the RSA decryption algorithm in the presence of side-channel information leakage has been performed successfully.  ... 
doi:10.19026/rjaset.11.2094 fatcat:i6dmjyumljavnjlfvzwjtjpm4u

Chosen-message SPA attacks against FPGA-based RSA hardware implementations

Atsushi Miyamoto, Naofumi Homma, Takafumi Aoki, Akashi Satoh
2008 2008 International Conference on Field Programmable Logic and Applications  
This paper presents SPA (Simple Power Analysis) attacks against public-key cryptosystems implemented on an FPGA platform.  ...  In this paper, we implemented four-types of RSA processors on an FPGA platform in combination with two variants of the Montgomery multiplication algorithm and two different types of multipliers for SPA  ...  The SPA with adaptively chosen messages [4] can be applied to an RSA implementation using CRT based on Garner's algorithm, where an extra modular reduction at the end of a CRT is repeatedly searched  ... 
doi:10.1109/fpl.2008.4629904 dblp:conf/fpl/MiyamotoHAS08 fatcat:6xnc2ostvvh5tjil3tuijbxg6a

Basics of Side-Channel Analysis [chapter]

Marc Joye
2009 Cryptographic Engineering  
In this paper, Kocher exploits differences in computation times to break certain implementations of RSA and of discrete-logarithm based cryptosystems. In this section, we describe two timing attacks.  ...  Following [5] , the second attack is against an implementation of an RSA signature scheme [2, 13] .  ...  Attack on a Private RSA Exponentiation Attack on a DES Key Schedule SPA-type attacks are not restricted to public-key algorithms but can potentially be applied to other types of cryptographic algorithms  ... 
doi:10.1007/978-0-387-71817-0_13 fatcat:lzxamf2frfgbvli5pf2u7j3sve

Magnifying Side-Channel Leakage of Lattice-Based Cryptosystems with Chosen Ciphertexts: The Case Study of Kyber

Z. Xu, O. Pemberton, S. Roy, D. Oswald
2020 Zenodo  
In this paper, we propose EM side-channel attacks with carefully constructed ciphertext on Kyber, a lattice-based key encapsulation mechanism, which is a candidate of NIST Post-Quantum Cryptography standardization  ...  We demonstrate that specially chosen ciphertexts allow an adversary to modulate the leakage of a target device and enable full key extraction with a small number of traces through simple power analysis  ...  In Section 3, we present our chosen-ciphertext SPA attack on a "clean" implementation of Kyber, while in Section 4 we focus on attacks on highly optimized ARM implementations.  ... 
doi:10.5281/zenodo.3979188 fatcat:ij42ymvkhngfvjrakzalplw3lm

Side-Channel Analysis of Cryptographic Software via Early-Terminating Multiplications [chapter]

Johann Großschädl, Elisabeth Oswald, Dan Page, Michael Tunstall
2010 Lecture Notes in Computer Science  
Exploiting the early-termination mechanism makes Simple Power Analysis (SPA) attacks relatively straightforward to conduct, and may even allow one to attack implementations with integrated countermeasures  ...  Furthermore, we describe an implementation of one such attack on an implementation of AES, where we were able the extract the entire key using just eight power traces.  ...  ciphertext or to inject chosen ciphertexts.  ... 
doi:10.1007/978-3-642-14423-3_13 fatcat:ekz6kbafaje3fp2dhjkhzfvcha

Who Watches the Watchmen?: Utilizing Performance Monitors for Compromising Keys of RSA on Intel Platforms [chapter]

Sarani Bhattacharya, Debdeep Mukhopadhyay
2015 Lecture Notes in Computer Science  
Asymmetric-key cryptographic algorithms when implemented on systems with branch predictors, are subjected to side-channel attacks exploiting the deterministic branch predictor behavior due to their keydependent  ...  Subsimulations are performed to classify the message-space into distinct partitions based on the event branch misprediction and the target key bit value.  ...  ) in Chosen-ciphertext attacks.  ... 
doi:10.1007/978-3-662-48324-4_13 fatcat:irpxozmfqncoldyrlrxsphtpja

A Study on the SCA Trends for Application to IoT Devices

Bo-Yeon Sim, Dong-Guk Han
2020 Journal of Internet Services and Information Security  
Thus, in this paper, we introduce the trends of SCAs on IoT devices.  ...  Over the past 20 years, side-channel analysis (SCA) on IC Chip has mainly taken place.  ...  Since hardware implementations operate in parallel, they applied the chosen ciphertext DPA. They also suggested a threshold implementation based on boolean masking as a countermeasure [9] .  ... 
doi:10.22667/jisis.2020.02.29.002 dblp:journals/jisis/SimH20 fatcat:4sjvs66efzfctfw3v5emu7yezi

Fault Injection as an Oscilloscope: Fault Correlation Analysis

Albert Spruyt, Alyssa Milburn, Łukasz Chmielewski
2020 Transactions on Cryptographic Hardware and Embedded Systems  
To demonstrate that our attacks are practical, we first show that SPA can be used to recover RSA private exponents using FI attacks.  ...  Such attacks have recently focused more on exploitation of implementation-centric and device-specific properties of the faults.  ...  SPA attacks on RSA.  ... 
doi:10.46586/tches.v2021.i1.192-216 fatcat:mlspidbv4rba7j76jk234xdvsi

Introduction to differential power analysis

Paul Kocher, Joshua Jaffe, Benjamin Jun, Pankaj Rohatgi
2011 Journal of Cryptographic Engineering  
We also introduce approaches for preventing DPA attacks and for building cryptosystems that remain secure even when implemented in hardware that leaks.  ...  The attacks are practical, non-invasive, and highly effective-even against complex and noisy systems where cryptographic computations account for only a small fraction of the overall power consumption.  ...  Using an adaptive chosen ciphertext attack, the threshold M = q can be located by binary search, revealing the RSA private key. A similar attack was described in [12] .  ... 
doi:10.1007/s13389-011-0006-y fatcat:xwxqrsf6hfdbti7vplmm745quy

The Doubling Attack – Why Upwards Is Better than Downwards [chapter]

Pierre-Alain Fouque, Frederic Valette
2003 Lecture Notes in Computer Science  
In this paper, we propose a new attack against a classical implementation of these operations that only requires two queries to the device.  ...  The complexity of this so-called "doubling attack" is much smaller than previously known ones. Furthermore, this approach defeats two of the three countermeasures proposed by Coron at CHES '99.  ...  We only focus on the decryption cases. In this attack we assume that the adversary mounts a chosen ciphertext attack.  ... 
doi:10.1007/978-3-540-45238-6_22 fatcat:x7fce7adm5e35mrrdvwyj3ruo4

Structural Cryptanalysis Of The Message Based Random Variable Length Key Encryption Algorithm (mrvlk)

Azam Davahli, Hamid Mirvaziri, Media Aminian
2014 Journal of Mathematics and Computer Science  
The attack performs analysis on the final ciphertext and reveals the plaintext of MRVLK by exploiting the fact that the structure of the ciphertext is obvious and weak.  ...  This article has presented a Structural cryptanalysis on MRVLK (Message Based Random Variable Length Key Encryption).  ...  In this paper, the proposed attack has been applied on two well known ciphers, AES and Camellia; these ciphers use 8bit S-boxes but are structurally very different, and our attack adapts accordingly.  ... 
doi:10.22436/jmcs.012.03.04 fatcat:vekpjjb64zdcbn4m64257howhu

Physical Protection of Lattice-Based Cryptography

Ayesha Khalid, Tobias Oder, Felipe Valencia, Maire O' Neill, Tim Güneysu, Francesco Regazzoni
2018 Proceedings of the 2018 on Great Lakes Symposium on VLSI - GLSVLSI '18  
., addressing the physical security of lattice-based cryptographic implementations.  ...  Amongst the various classes of quantum-resistant cryptography schemes, lattice-based cryptography is emerging as one of the most viable options.  ...  DPA can be performed but not chosen-ciphertext attacks), but they are rare.  ... 
doi:10.1145/3194554.3194616 dblp:conf/glvlsi/KhalidOVOGR18 fatcat:lfintj5vbbf5xllxwoxeer6hdu

Strong Knowledge Extractors for Public-Key Encryption Schemes [chapter]

Manuel Barbosa, Pooya Farshim
2010 Lecture Notes in Computer Science  
Completely non-malleable encryption schemes resist attacks which allow an adversary to tamper with both ciphertexts and public keys.  ...  In this paper we introduce two extractor-based properties that allow us to gain insight into the design of such schemes and to go beyond known feasibility results in this area.  ...  We prove a fundamental theorem according to which a strongly plaintext-aware (SPA) and IND-CPA secure scheme also withstands strong chosen-ciphertext attacks 3 .  ... 
doi:10.1007/978-3-642-14081-5_11 fatcat:yizr7tvaavg5xhdvnaxnrxa7n4
« Previous Showing results 1 — 15 out of 86 results