scholarly journals Side-Channel Vulnerabilities of Unified Point Addition on Binary Huff Curve and Its Countermeasure

2018 ◽  
Vol 8 (10) ◽  
pp. 2002 ◽  
Author(s):  
Sung Cho ◽  
Sunghyun Jin ◽  
HeeSeok Kim
Keyword(s):  
Correlation Analysis ◽  
Power Consumption ◽  
Elliptic Curve ◽  
Equivalence Class ◽  
Trace Analysis ◽  
Power Analysis ◽  
Side Channel ◽  
Addition Method ◽  
Side Channel Attacks ◽  
Single Power

Unified point addition for computing elliptic curve point addition and doubling is considered to be resistant to simple power analysis. Recently, new side-channel attacks, such as recovery of secret exponent by triangular trace analysis and horizontal collision correlation analysis, have been successfully applied to elliptic curve methods to investigate their resistance to side-channel attacks. These attacks turn out to be very powerful since they only require leakage of a single power consumption trace. In this paper, using these side-channel attack analyses, we introduce two vulnerabilities of unified point addition on the binary Huff curve. Also, we propose a new unified point addition method for the binary Huff curve. Furthermore, to secure against these vulnerabilities, we apply an equivalence class to the side-channel atomic algorithm using the proposed unified point addition method.

scholarly journals Novel Side-Channel Attacks on Quasi-Cyclic Code-Based Cryptography

2019 ◽  
pp. 180-212 ◽  
Author(s):  
Bo-Yeon Sim ◽  
Jihoon Kwon ◽  
Kyu Young Choi ◽  
Jihoon Cho ◽  
Aesun Park ◽  
...  
Keyword(s):  
Power Consumption ◽  
Power Analysis ◽  
Cyclic Code ◽  
Linear Equations ◽  
Constant Time ◽  
Side Channel ◽  
Parity Check ◽  
Side Channel Attacks ◽  
Timing Attacks ◽  
Code Based Cryptography

Chou suggested a constant-time implementation for quasi-cyclic moderatedensity parity-check (QC-MDPC) code-based cryptography to mitigate timing attacks at CHES 2016. This countermeasure was later found to become vulnerable to a differential power analysis (DPA) in private syndrome computation, as described by Rossi et al. at CHES 2017. The proposed DPA, however, still could not completely recover accurate secret indices, requiring further solving linear equations to obtain entire secret information. In this paper, we propose a multiple-trace attack which enables to completely recover accurate secret indices. We further propose a singletrace attack which can even work when using ephemeral keys or applying Rossi et al.’s DPA countermeasures. Our experiments show that the BIKE and LEDAcrypt may become vulnerable to our proposed attacks. The experiments are conducted using power consumption traces measured from ChipWhisperer-Lite XMEGA (8-bit processor) and ChipWhisperer UFO STM32F3 (32-bit processor) target boards.

scholarly journals Single Trace Side Channel Analysis on NTRU Implementation

2018 ◽  
Vol 8 (11) ◽  
pp. 2014 ◽  
Author(s):  
Soojung An ◽  
Suhri Kim ◽  
Sunghyun Jin ◽  
HanBit Kim ◽  
HeeSeok Kim
Keyword(s):  
Power Consumption ◽  
Quantum Computer ◽  
Side Channel ◽  
Side Channel Attacks ◽  
Side Channel Analysis ◽  
Channel Analysis ◽  
Post Quantum Cryptography ◽  
Single Trace ◽  
Secure Implementation ◽  
Single Power

As researches on the quantum computer have progressed immensely, interests in post-quantum cryptography have greatly increased. NTRU is one of the well-known algorithms due to its practical key sizes and fast performance along with the resistance against the quantum adversary. Although NTRU has withstood various algebraic attacks, its side-channel resistance must also be considered for secure implementation. In this paper, we proposed the first single trace attack on NTRU. Previous side-channel attacks on NTRU used numerous power traces, which increase the attack complexity and limit the target algorithm. There are two versions of NTRU implementation published in succession. We demonstrated our attack on both implementations using a single power consumption trace obtained in the decryption phase. Furthermore, we propose a countermeasure to prevent the proposed attacks. Our countermeasure does not degrade in terms of performance.

scholarly journals Automatic Generation of HCCA Resistant Scalar Multiplication Algorithm by Proper Sequencing of Field Multiplier Operands

10.29007/qszz ◽  
2018 ◽  
Author(s):  
Poulami Das ◽  
Debapriya Basu Roy ◽  
Debdeep Mukhopadhyay
Keyword(s):  
Correlation Analysis ◽  
Elliptic Curve ◽  
Power Analysis ◽  
Experimental Validation ◽  
Information Leakage ◽  
Automatic Generation ◽  
Side Channel ◽  
Multiplication Algorithm ◽  
Elliptic Curve Cryptosystems ◽  
First Time

Horizontal collision correlation analysis (HCCA) imposes a serious threat tosimple power analysis resistant elliptic curve cryptosystems involving unified algorithms, for e.g. Edward curve unified formula. This attack can be mounted even in presence of differential power analysis resistant randomization schemes. In this paper we have designed an effective countermeasure for HCCA protection, where the dependency of side-channel leakage from a school-book multiplication with the underling multiplier operands is investigated. We have shown how changing the sequence in which the operands are passed to the multiplication algorithm introduces dissimilarity in the information leakage. This disparity has been utilized in constructing a zero-cost countermeasure against HCCA. This countermeasure has been shown to help in HCCA resistivity. Additionally we provide experimental validation for our proposed countermeasure technique on a SASEBO platform. To the best of our knowledge, this is the first time that asymmetry in information leakage has been utilized in designing a side channel countermeasure and successfully applied in an ECC-based crypto-module.

scholarly journals Profiling Attack against RSA Key Generation Based on a Euclidean Algorithm

Information ◽  
2021 ◽  
Vol 12 (11) ◽  
pp. 462
Author(s):  
Sadiel de la Fe ◽  
Han-Byeol Park ◽  
Bo-Yeon Sim ◽  
Dong-Guk Han ◽  
Carles Ferrer
Keyword(s):  
Power Analysis ◽  
Euclidean Algorithm ◽  
Side Channel ◽  
Key Generation ◽  
Side Channel Attacks ◽  
The Public ◽  
Simple Power ◽  
Extended Euclidean Algorithm ◽  
Single Power

A profiling attack is a powerful variant among the noninvasive side channel attacks. In this work, we target RSA key generation relying on the binary version of the extended Euclidean algorithm for modular inverse and GCD computations. To date, this algorithm has only been exploited by simple power analysis; therefore, the countermeasures described in the literature are focused on mitigating only this kind of attack. We demonstrate that one of those countermeasures is not effective in preventing profiling attacks. The feasibility of our approach relies on the extraction of several leakage vectors from a single power trace. Moreover, because there are known relationships between the secrets and the public modulo in RSA, the uncertainty in some of the guessed secrets can be reduced by simple tests. This increases the effectiveness of the proposed attack.

Power Side-Channel Analysis of RNS GLV ECC Using Machine and Deep Learning Algorithms

2021 ◽  
Vol 21 (3) ◽  
pp. 1-20
Author(s):  
Mohamad Ali Mehrabi ◽  
Naila Mukhtar ◽  
Alireza Jolfaei
Keyword(s):  
Deep Learning ◽  
Elliptic Curve ◽  
Smart Cities ◽  
Information Leakage ◽  
Side Channel ◽  
Side Channel Attacks ◽  
Public Key Cryptosystems ◽  
Elliptic Curve Cryptosystems ◽  
Hardware Implementations ◽  
Substantial Progress

Many Internet of Things applications in smart cities use elliptic-curve cryptosystems due to their efficiency compared to other well-known public-key cryptosystems such as RSA. One of the important components of an elliptic-curve-based cryptosystem is the elliptic-curve point multiplication which has been shown to be vulnerable to various types of side-channel attacks. Recently, substantial progress has been made in applying deep learning to side-channel attacks. Conceptually, the idea is to monitor a core while it is running encryption for information leakage of a certain kind, for example, power consumption. The knowledge of the underlying encryption algorithm can be used to train a model to recognise the key used for encryption. The model is then applied to traces gathered from the crypto core in order to recover the encryption key. In this article, we propose an RNS GLV elliptic curve cryptography core which is immune to machine learning and deep learning based side-channel attacks. The experimental analysis confirms the proposed crypto core does not leak any information about the private key and therefore it is suitable for hardware implementations.

scholarly journals Online Template Attacks: Revisited

2021 ◽  
pp. 28-59
Author(s):  
Alejandro Cabrera Aldaya ◽  
Billy Bob Brumley
Keyword(s):  
Power Consumption ◽  
Elliptic Curve ◽  
Side Channel ◽  
Powerful Technique ◽  
Leakage Model ◽  
On Demand ◽  
Side Channels ◽  
Generic Framework ◽  
Template Attacks ◽  
Elliptic Curve Scalar Multiplication

An online template attack (OTA) is a powerful technique previously used to attack elliptic curve scalar multiplication algorithms. This attack has only been analyzed in the realm of power consumption and EM side channels, where the signals leak related to the value being processed. However, microarchitecture signals have no such feature, invalidating some assumptions from previous OTA works.In this paper, we revisit previous OTA descriptions, proposing a generic framework and evaluation metrics for any side-channel signal. Our analysis reveals OTA features not previously considered, increasing its application scenarios and requiring a fresh countermeasure analysis to prevent it.In this regard, we demonstrate that OTAs can work in the backward direction, allowing to mount an augmented projective coordinates attack with respect to the proposal by Naccache, Smart and Stern (Eurocrypt 2004). This demonstrates that randomizing the initial targeted algorithm state does not prevent the attack as believed in previous works.We analyze three libraries libgcrypt, mbedTLS, and wolfSSL using two microarchitecture side channels. For the libgcrypt case, we target its EdDSA implementation using Curve25519 twist curve. We obtain similar results for mbedTLS and wolfSSL with curve secp256r1. For each library, we execute extensive attack instances that are able to recover the complete scalar in all cases using a single trace.This work demonstrates that microarchitecture online template attacks are also very powerful in this scenario, recovering secret information without knowing a leakage model. This highlights the importance of developing secure-by-default implementations, instead of fix-on-demand ones.

scholarly journals Side-Channel Power Resistance for Encryption Algorithms Using Implementation Diversity

Cryptography ◽  
2020 ◽  
Vol 4 (2) ◽  
pp. 13
Author(s):  
Ivan Bow ◽  
Nahome Bete ◽  
Fareena Saqib ◽  
Wenjie Che ◽  
Chintan Patel ◽  
...  
Keyword(s):  
Power Analysis ◽  
Side Channel ◽  
Side Channel Attacks ◽  
Dynamic Partial Reconfiguration ◽  
Channel Power ◽  
Diversity Techniques ◽  
Gate Arrays ◽  
Field Programmable ◽  
Programmable Gate Arrays ◽  
Encryption Algorithms

This paper investigates countermeasures to side-channel attacks. A dynamic partial reconfiguration (DPR) method is proposed for field programmable gate arrays (FPGAs)s to make techniques such as differential power analysis (DPA) and correlation power analysis (CPA) difficult and ineffective. We call the technique side-channel power resistance for encryption algorithms using DPR, or SPREAD. SPREAD is designed to reduce cryptographic key related signal correlations in power supply transients by changing components of the hardware implementation on-the-fly using DPR. Replicated primitives within the advanced encryption standard (AES) algorithm, in particular, the substitution-box (SBOX)s, are synthesized to multiple and distinct gate-level implementations. The different implementations change the delay characteristics of the SBOXs, reducing correlations in the power traces, which, in turn, increases the difficulty of side-channel attacks. The effectiveness of the proposed countermeasures depends greatly on this principle; therefore, the focus of this paper is on the evaluation of implementation diversity techniques.

Sign in / Sign up

Export Citation Format

Share Document