Method for Detecting Vulnerability to Doubling Attacks

Authors:
Chong Hee Kim;Jean-Jacques Quisquater
Affiliations:
UCL Crypto Group, Université Catholique de Louvain, Belgium, Louvain-la-Neuve, Belgium 1348;UCL Crypto Group, Université Catholique de Louvain, Belgium, Louvain-la-Neuve, Belgium 1348
Venue:
ICICS '08 Proceedings of the 10th International Conference on Information and Communications Security
Year:
2008

Citing 9
Cited 0

A survey of fast exponentiation methods

Journal of Algorithms
A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
Differential Power Analysis

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems

CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
The Montgomery Powering Ladder

CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
A Secure Modular Exponential Algorithm Resists to Power, Timing, C Safe Error and M Safe Error Attacks

AINA '05 Proceedings of the 19th International Conference on Advanced Information Networking and Applications - Volume 2
An RSA Implementation Resistant to Fault Attacks and to Simple Power Analysis

IEEE Transactions on Computers
Relative doubling attack against montgomery ladder

ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology

Quantified Score

Hi-index	0.00

Visualization

Abstract

The doubling attack by Fouque and Valette and its analogue, the relative doubling attack, by Yen et al. are a new kind of simple power analysis that can be applied to a binary double-and-add algorithm in a scalar multiplication (or a multiply-and-square algorithm in a modular exponentiation). The doubling attack is very powerful because it requires just two queries to the device to find the secret key. The original doubling attack broke the binary double-and-add always algorithm and the relative doubling attack succeeded in breaking the Montgomery ladder. Fouque and Valette told that the doubling attack was applicable only to downward algorithms, i.e., "left-to-right" implementations of a binary modular exponentiation and recommended to use upward "right-to-left" implementations. On the contrary, Yen et al. proposed a new downward algorithm and asserted that it was secure against doubling attacks. This kind of controversy comes from the lack of analysis of the fundamentals of the doubling attacks. Therefore we analyze the characteristic of the doubling attack and propose a method to easily test a given algorithm's security against doubling attacks. Furthermore, we show Yen et al.'s scheme is still vulnerable to the doubling attack.