Cryptanalysis of the full version randomized addition-subtraction chains

Authors:
Dong-Guk Han;Nam Su Chang;Seok Won Jung;Young-Ho Park;Chang Han Kim;Heuisu Ryu
Affiliations:
Center for Information and Security Technologies, Korea Univ., Seoul, Korea;Center for Information and Security Technologies, Korea Univ., Seoul, Korea;Center for Information and Security Technologies, Korea Univ., Seoul, Korea;Dept. of Information Security, Sejong Cyber Univ., Seoul, Korea;Dept. of Information Security, Semyung Univ., Jechon, Korea;Electronics and Telecommunications Research Institute
Venue:
ACISP'03 Proceedings of the 8th Australasian conference on Information security and privacy
Year:
2003

Citing 5
Cited 0

Use of elliptic curves in cryptography

Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
On Insecurity of the Side Channel Attack Countermeasure Using Addition-Subtraction Chains under Distinguishability between Addition and Doubling

ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
Elliptic Curves with the Montgomery-Form and Their Cryptographic Applications

PKC '00 Proceedings of the Third International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems

PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems

CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems

Quantified Score

Hi-index	0.00

Visualization

Abstract

In [12], Okeya and Sakurai showed that the simple version randomized addition-subtraction chains countermeasure [14] is vulnerable to SPA attack. But their analysis method is not able to be applicable to the complex version [14]. In this paper, we show that Okeya and Sakurai's attack algorithm has two latent problems which need to be considered. We further propose new powerful concrete attack algorithms which are different from [12,15]. By using our proposed attack algorithms, we can totally break the full version randomized addition-subtraction chains [14]. From our implementation results for standard 163-bit keys, the success probability for the simple version with 20 AD sequences is about 94% and with 30 AD sequences is about 99%. Also, the success probability for the complex version with 40 AD sequences is about 94% and with 70 AD sequences is about 99%.