CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Weierstraß Elliptic Curves and Side-Channel Attacks
PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
Preventing SPA/DPA in ECC Systems Using the Jacobi Form
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Randomized Addition-Subtraction Chains as a Countermeasure against Power Attacks
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Randomized Signed-Scalar Multiplication of ECC to Resist Power Attacks
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Breaking the liardet-smart randomized exponentiation algorithm
CARDIS'02 Proceedings of the 5th conference on Smart Card Research and Advanced Application Conference - Volume 5
Longer randomly blinded RSA keys may be weaker than shorter ones
WISA'07 Proceedings of the 8th international conference on Information security applications
Further hidden markov model cryptanalysis
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
Improvement on ha-moon randomized exponentiation algorithm
ICISC'04 Proceedings of the 7th international conference on Information Security and Cryptology
Optimal Recovery of Secret Keys from Weak Side Channel Traces
Cryptography and Coding '09 Proceedings of the 12th IMA International Conference on Cryptography and Coding
| Hi-index | 0.00 |
Secret key recovery from weak side channel leakage is always a challenge in the presence of standard counter-measures. The use of randomised exponent recodings in RSA or ECC means that, over multiple re-uses of a key, operations which correspond to a given key bit are not aligned in the traces. This enhances the difficulties because traces cannot be averaged to improve the signal-to-noise ratio.The situation can be described using a hidden Markov model (HMM) but the standard solution is computationally infeasible when many traces have to be processed. Previous work has not provided a satisfactory way out. Here, instead of ad hocsequential processing of complete traces, trace prefixes are combined naturally in parallel. This results in the systematic extraction of a much higher proportion of the information theoretic content of the leakage, enabling many keys of typical ECC length to be recovered with a computationally feasible search through a list of most likely values. Moreover, likely errors can now be located very easily.