Use of elliptic curves in cryptography
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Handbook of Applied Cryptography
Handbook of Applied Cryptography
A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Power Analysis Attacks of Modular Exponentiation in Smartcards
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Low-Cost Solutions for Preventing Simple Side-Channel Analysis: Side-Channel Atomicity
IEEE Transactions on Computers
Ways to enhance differential power analysis
ICISC'02 Proceedings of the 5th international conference on Information security and cryptology
Power analysis for secret recovering and reverse engineering of public key algorithms
SAC'07 Proceedings of the 14th international conference on Selected areas in cryptography
Mycrypt'05 Proceedings of the 1st international conference on Progress in Cryptology in Malaysia
Successfully attacking masked AES hardware implementations
CHES'05 Proceedings of the 7th international conference on Cryptographic hardware and embedded systems
Improving the randomized initial point countermeasure against DPA
ACNS'06 Proceedings of the 4th international conference on Applied Cryptography and Network Security
Horizontal correlation analysis on exponentiation
ICICS'10 Proceedings of the 12th international conference on Information and communications security
Message blinding method requiring no multiplicative inversion for RSA
ACM Transactions on Embedded Computing Systems (TECS)
| Hi-index | 0.00 |
Power Analysis has been intensively studied since the firstpublications in 1996 and many related attacks on naive implementationshave been proposed. Nowadays algorithms in tamper resistant devicesare protected by different countermeasures most often based on datarandomization such as the BRIP algorithm on ECC and its RSA derivative.However not all of them are really secure or in the best case provento be secure. In 2005, Yen, Lien, Moon and Ha introduced theoreticalpower attacks on some classical and BRIP exponentiation implementations,characterized by the use of a chosen input message value ±1. Thefirst part of our article presents an optimized implementation for BRIPthat takes advantage of the Montgomery modular arithmetic to speedup the mask inversion operation. An extension of the Yen et al. attack,based on collision detection through power analysis, is also presented.Based on this analysis we give security advice on this countermeasureimplementation and determine the minimal random length to reach anappropriate level of security.