Use of elliptic curves in cryptography
Lecture notes in computer sciences; 218 on Advances in cryptology---CRYPTO 85
A method for obtaining digital signatures and public-key cryptosystems
Communications of the ACM
ACISP '02 Proceedings of the 7th Australian Conference on Information Security and Privacy
ICISC '01 Proceedings of the 4th International Conference Seoul on Information Security and Cryptology
CRYPTO '99 Proceedings of the 19th Annual International Cryptology Conference on Advances in Cryptology
Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems
CRYPTO '96 Proceedings of the 16th Annual International Cryptology Conference on Advances in Cryptology
Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack
INDOCRYPT '00 Proceedings of the First International Conference on Progress in Cryptology
Efficient Elliptic Curve Exponentiation Using Mixed Coordinates
ASIACRYPT '98 Proceedings of the International Conference on the Theory and Applications of Cryptology and Information Security: Advances in Cryptology
Securing Elliptic Curve Point Multiplication against Side-Channel Attacks
ISC '01 Proceedings of the 4th International Conference on Information Security
Fast Implementation of Elliptic Curve Arithmetic in GF(pn)
PKC '00 Proceedings of the Third International Workshop on Practice and Theory in Public Key Cryptography: Public Key Cryptography
A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks
PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
Weierstraß Elliptic Curves and Side-Channel Attacks
PKC '02 Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems: Public Key Cryptography
Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems
CHES '99 Proceedings of the First International Workshop on Cryptographic Hardware and Embedded Systems
Using Second-Order Power Analysis to Attack DPA Resistant Software
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
CHES '00 Proceedings of the Second International Workshop on Cryptographic Hardware and Embedded Systems
Preventing SPA/DPA in ECC Systems Using the Jacobi Form
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Randomized Addition-Subtraction Chains as a Countermeasure against Power Attacks
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Hessian Elliptic Curves and Side-Channel Attacks
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Protections against Differential Analysis for Elliptic Curve Cryptography
CHES '01 Proceedings of the Third International Workshop on Cryptographic Hardware and Embedded Systems
Improved Elliptic Curve Multiplication Methods Resistant against Side Channel Attacks
INDOCRYPT '02 Proceedings of the Third International Conference on Cryptology: Progress in Cryptology
ISC '02 Proceedings of the 5th International Conference on Information Security
Power attacks on a side-channel resistant elliptic curve implementation
Information Processing Letters - Devoted to the rapid publication of short contributions to information processing
Workload Characterization of a Lightweight SSL Implementation Resistant to Side-Channel Attacks
CANS '08 Proceedings of the 7th International Conference on Cryptology and Network Security
A random M-ary method based countermeasure against side channel attacks
ICCSA'03 Proceedings of the 2003 international conference on Computational science and its applications: PartII
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
Fast elliptic curve arithmetic and improved weil pairing evaluation
CT-RSA'03 Proceedings of the 2003 RSA conference on The cryptographers' track
Signed MSB-set comb method for elliptic curve point multiplication
ISPEC'06 Proceedings of the Second international conference on Information Security Practice and Experience
Countermeasures for preventing comb method against SCA attacks
ISPEC'05 Proceedings of the First international conference on Information Security Practice and Experience
Practical modifications of leadbitter et al.'s repeated-bits side-channel analysis on (EC)DSA
WISA'05 Proceedings of the 6th international conference on Information Security Applications
Efficient countermeasures for thwarting the SCA attacks on the frobenius based methods
IMA'05 Proceedings of the 10th international conference on Cryptography and Coding
Digit set randomization in elliptic curve cryptography
SAGA'07 Proceedings of the 4th international conference on Stochastic Algorithms: foundations and applications
| Hi-index | 0.00 |
M枚ller proposed a countermeasure using window method against side channel attacks. However, its immunity to side channel attacks is still controversial. In this paper, we show M枚ller's countermeasure is vulnerable to a second-order differential power analysis attack. A side channel attackis an attackthat takes advantage of information leaked during execution of a cryptographic procedure. An nth-order differential power analysis attackis the side channel attack which uses n different leaked data that correspond to n different intermediate values during the execution. Our proposed attackagainst M枚ller's countermeasure finds out the use of same elliptic points, and restricts candidates of the secret scalar value. In these circumstances, the attack completely detects the scalar value using Baby-Step-Giant-Step method as a direct-computational attack. For a 160-bit scalar value, the proposed attack restricts the number of candidates of the scalar to a 45-bit integer, and the direct-computational attackcan actually detect the scalar value. Besides, we improve M枚ller's countermeasure to prevent the proposed attack. We compare the original method and improved countermeasure in terms of the computational intractability and the computational cost of the scalar multiplication.