Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
On the Generalised Hidden Number Problem and Bit Security of XTR
AAECC-14 Proceedings of the 14th International Symposium on Applied Algebra, Algebraic Algorithms and Error-Correcting Codes
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
CRYPTO '00 Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology
Evidence that XTR Is More Secure than Supersingular Elliptic Curve Cryptosystems
EUROCRYPT '01 Proceedings of the International Conference on the Theory and Application of Cryptographic Techniques: Advances in Cryptology
ASIACRYPT '01 Proceedings of the 7th International Conference on the Theory and Application of Cryptology and Information Security: Advances in Cryptology
Fast Irreducibility and Subgroup Membership Testing in XTR
PKC '01 Proceedings of the 4th International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems
PKC '03 Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography: Public Key Cryptography
Address-Bit Differential Power Analysis of Cryptographic Schemes OK-ECDH and OK-ECDSA
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
Multiplicative Masking and Power Analysis of AES
CHES '02 Revised Papers from the 4th International Workshop on Cryptographic Hardware and Embedded Systems
SPA-Based Adaptive Chosen-Ciphertext Attack on RSA Implementation
PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
Information and Communications Security: 6th International Conference, ICICS 2004, Malaga, Spain, October 27-29, 2004. Proceedings (Lecture Notes in Computer Science)
On XTR and side-channel analysis
SAC'04 Proceedings of the 11th international conference on Selected Areas in Cryptography
Hi-index | 0.00 |
In 2000, Lenstra and Verheul presented the XTR Public Key System which used a subgroup of the multiplicative group GF(p6) with a compact representation. In two other papers, Han et al. analyzed the security against power analysis of the XTR algorithms presented by Lenstra and Verheul in 2000. In particular they showed that the XTR Single Exponentiation (XTR-SE) is vulnerable to a modification of the Refined Power Analysis (MRPA) and they presented a countermeasure based on the XTR double exponentiation. In the first part of this paper, we show that this countermeasure is not efficient for some particular inputs. For these inputs, an attacker has a probability of 2/3 to retrieve the secret exponent with only one power measurement. In a second part, we show that all the inputs used by Han et al. for MRPA are not valid inputs for XTR. As one of these dangerous inputs can also be obtained by Fault Injection, we discuss about the different scenarios of attacks and about their respective countermeasures.