A survey of fast exponentiation methods
Journal of Algorithms
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
The Montgomery Powering Ladder
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
AINA '05 Proceedings of the 19th International Conference on Advanced Information Networking and Applications - Volume 2
An RSA Implementation Resistant to Fault Attacks and to Simple Power Analysis
IEEE Transactions on Computers
Relative doubling attack against montgomery ladder
ICISC'05 Proceedings of the 8th international conference on Information Security and Cryptology
Hi-index | 0.00 |
The doubling attack by Fouque and Valette and its analogue, the relative doubling attack, by Yen et al. are a new kind of simple power analysis that can be applied to a binary double-and-add algorithm in a scalar multiplication (or a multiply-and-square algorithm in a modular exponentiation). The doubling attack is very powerful because it requires just two queries to the device to find the secret key. The original doubling attack broke the binary double-and-add always algorithm and the relative doubling attack succeeded in breaking the Montgomery ladder. Fouque and Valette told that the doubling attack was applicable only to downward algorithms, i.e., "left-to-right" implementations of a binary modular exponentiation and recommended to use upward "right-to-left" implementations. On the contrary, Yen et al. proposed a new downward algorithm and asserted that it was secure against doubling attacks. This kind of controversy comes from the lack of analysis of the fundamentals of the doubling attacks. Therefore we analyze the characteristic of the doubling attack and propose a method to easily test a given algorithm's security against doubling attacks. Furthermore, we show Yen et al.'s scheme is still vulnerable to the doubling attack.