Handbook of Applied Cryptography
Handbook of Applied Cryptography
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Exponent blinding does not always lift (partial) spa resistance to higher-level security
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
Power attack on small RSA public exponent
CHES'06 Proceedings of the 8th international conference on Cryptographic Hardware and Embedded Systems
| Hi-index | 0.00 |
Schindler and Itoh proposed a side-channel attack on implementations of the double-and-add-algorithm with blinded exponents, where dummy additions can be detected with errors. Here this approach is generalized to partial information leakage: If window methods are used, several different types of additions occur. If the attacker can only discriminate between some types of additions, but not between all types, the so-called basic version of the attack is still feasible and the attacker can correct her guessing errors and find out the secret scalar. Sometimes generalized Schindler-Itoh methods can reveal even more bits than leak by SPA. In fact this makes an attack on a 2bit-window-algorithm feasible for a 32-bit randomization, where the attacker can distinguish between additions of different values with error rates up to 0.15, but cannot detect dummy additions. A barrier to applying the so-called enhanced version to partial information leakage is described.