Using Templates to Attack Masked Montgomery Ladder Implementations of Modular Exponentiation

Authors:
Christoph Herbst;Marcel Medwed
Affiliations:
Institute for Applied Information Processing and Communications, Graz University of Technology, Graz, Austria A---8010;Institute for Applied Information Processing and Communications, Graz University of Technology, Graz, Austria A---8010
Venue:
Information Security Applications
Year:
2009

Citing 11
Cited 1

A method for obtaining digital signatures and public-key cryptosystems

Communications of the ACM
Differential Power Analysis

CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems

CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Differential Fault Analysis of Secret Key Cryptosystems

CRYPTO '97 Proceedings of the 17th Annual International Cryptology Conference on Advances in Cryptology
Power Analysis Attacks of Modular Exponentiation in Smartcards

CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
The Montgomery Powering Ladder

CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Template Attacks

CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)

Power Analysis Attacks: Revealing the Secrets of Smart Cards (Advances in Information Security)
On the importance of checking cryptographic protocols for faults

EUROCRYPT'97 Proceedings of the 16th annual international conference on Theory and application of cryptographic techniques
Blinded fault resistant exponentiation

FDTC'06 Proceedings of the Third international conference on Fault Diagnosis and Tolerance in Cryptography
Practical template attacks

WISA'04 Proceedings of the 5th international conference on Information Security Applications

An updated survey on secure ECC implementations: attacks, countermeasures and cost

Cryptography and Security

Quantified Score

Hi-index	0.00

Visualization

Abstract

Since side-channel attacks turned out to be a major threat against implementations of cryptographic algorithms, many countermeasures have been proposed. Amongst them, multiplicative blinding is believed to provide a reasonable amount of security for public-key algorithms. In this article we show how template attacks can be used to extract sufficient information to recover the mask. Our practical experiments verify that one power trace suffices in order to remove such a blinding factor. In the course of our work we attacked a protected Montgomery Powering Ladder implementation on a widely used microcontroller. As a result we can state that the described attack could be a serious threat for public key algorithms implemented on devices with small word size.