Use of elliptic curves in cryptography
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Electromagnetic Analysis: Concrete Results
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Low-Cost Solutions for Preventing Simple Side-Channel Analysis: Side-Channel Atomicity
IEEE Transactions on Computers
An RSA Implementation Resistant to Fault Attacks and to Simple Power Analysis
IEEE Transactions on Computers
Investigations of power analysis attacks on smartcards
WOST'99 Proceedings of the USENIX Workshop on Smartcard Technology on USENIX Workshop on Smartcard Technology
Passive and Active Combined Attacks: Combining Fault Attacks and Side Channel Analysis
FDTC '07 Proceedings of the Workshop on Fault Diagnosis and Tolerance in Cryptography
Distinguishing Multiplications from Squaring Operations
Selected Areas in Cryptography
Protecting RSA against Fault Attacks: The Embedding Method
FDTC '09 Proceedings of the 2009 Workshop on Fault Diagnosis and Tolerance in Cryptography
Public key perturbation of randomized RSA implementations
CHES'10 Proceedings of the 12th international conference on Cryptographic hardware and embedded systems
Combined implementation attack resistant exponentiation
LATINCRYPT'10 Proceedings of the First international conference on Progress in cryptology: cryptology and information security in Latin America
Defeating RSA multiply-always and message blinding countermeasures
CT-RSA'11 Proceedings of the 11th international conference on Topics in cryptology: CT-RSA 2011
Exponent blinding does not always lift (partial) spa resistance to higher-level security
ACNS'11 Proceedings of the 9th international conference on Applied cryptography and network security
To infinity and beyond: combined attack on ECC using points of low order
CHES'11 Proceedings of the 13th international conference on Cryptographic hardware and embedded systems
Local and Direct EM Injection of Power Into CMOS Integrated Circuits
FDTC '11 Proceedings of the 2011 Workshop on Fault Diagnosis and Tolerance in Cryptography
Using templates to distinguish multiplications from squaring operations
International Journal of Information Security
Simple power analysis on exponentiation revisited
CARDIS'10 Proceedings of the 9th IFIP WG 8.8/11.2 international conference on Smart Card Research and Advanced Application
| Hi-index | 0.00 |
Since the introduction of the side-channel and fault injection analysis late in the 90's, implementing cryptographic standards on embedded devices has become a difficult challenge. Developers were obliged to add new appropriate countermeasures into their code. To prevent those separate threats, they often implemented countermeasures separately. The side-channel dedicated countermeasures were added to the algorithm when on the other hand specific protections against fault injections, like computation verifications, were implemented. However in 2007 Amiel et al.demonstrated that a single fault injection combined with simple side-channel analysis can defeat such a classical implementation. Then it became obvious that side-channel and fault countermeasures had to be designed together. In that vein Schmidt et al.published at Latincrypt 2010 an efficient exponentiation algorithm supposedly resistant against this combined attack category. Despite the clever design of these algorithms, we present here two new attacks that can defeat its security. Our first attack is a single fault injection scheme requiring only few faulted ciphertexts. The second one requires the combination of a single fault injection with a differential treatment. We also propose a more secure version of this algorithm that thwarts our attacks.