Hardware Security Side channel attacks
|
|
- Benjamin Flowers
- 5 years ago
- Views:
Transcription
1 Hardware Security Side channel attacks R. Pacalet May 24, 2018
2 Introduction Outline Timing attacks P. Kocher Optimizations Conclusion Power attacks Introduction Simple Power Analysis (SPA) Differential Power Analysis (DPA) Wrap up on DPA Exercises on DPA Conclusion 2/52 Institut Mines-Telecom R. Pacalet May 24, 2018
3 Introduction 3/52 Institut Mines-Telecom R. Pacalet May 24, 2018
4 Hardware leaks information Eventually, security is always implemented in hardware Electronic devices consume power, take time to compute and emit electromagnetic radiations (not mentioning temperature, noise... ) These side-channels are usually correlated with the processing In security applications the side-channels can be used to retrieve embedded secrets A few hundreds of power traces can be sufficient to retrieve a secret key from a theoretically unbreakable system Unlike in quantum cryptography the information leakage is usually undetectable True for time Almost true for power 4/52 Institut Mines-Telecom R. Pacalet May 24, 2018
5 A bit of history 1956: MI5 against Egyptian Embassy in London (click-sound of the Hagelin enciphering machine) 1996: P. Kocher time-attacks RSA, DH, DSS (applied with success in 2003 against OpenSSL 0.9.6) 1999: P. Kocher power-attacks DES, AES, etc. (SPA, DPA). Successful against smart cards, FPGAs, : New attacks (SEMA, DEMA, TPA). Importance of hardware security increases (CHES) 5/52 Institut Mines-Telecom R. Pacalet May 24, 2018
6 A bit of history 1956: MI5 against Egyptian Embassy in London (click-sound of the Hagelin enciphering machine) 1996: P. Kocher time-attacks RSA, DH, DSS (applied with success in 2003 against OpenSSL 0.9.6) 1999: P. Kocher power-attacks DES, AES, etc. (SPA, DPA). Successful against smart cards, FPGAs, : New attacks (SEMA, DEMA, TPA). Importance of hardware security increases (CHES) 5/52 Institut Mines-Telecom R. Pacalet May 24, 2018
7 A bit of history 1956: MI5 against Egyptian Embassy in London (click-sound of the Hagelin enciphering machine) 1996: P. Kocher time-attacks RSA, DH, DSS (applied with success in 2003 against OpenSSL 0.9.6) 1999: P. Kocher power-attacks DES, AES, etc. (SPA, DPA). Successful against smart cards, FPGAs, : New attacks (SEMA, DEMA, TPA). Importance of hardware security increases (CHES) 5/52 Institut Mines-Telecom R. Pacalet May 24, 2018
8 A bit of history 1956: MI5 against Egyptian Embassy in London (click-sound of the Hagelin enciphering machine) 1996: P. Kocher time-attacks RSA, DH, DSS (applied with success in 2003 against OpenSSL 0.9.6) 1999: P. Kocher power-attacks DES, AES, etc. (SPA, DPA). Successful against smart cards, FPGAs, : New attacks (SEMA, DEMA, TPA). Importance of hardware security increases (CHES) 5/52 Institut Mines-Telecom R. Pacalet May 24, 2018
9 A bit of history 1956: MI5 against Egyptian Embassy in London (click-sound of the Hagelin enciphering machine) 1996: P. Kocher time-attacks RSA, DH, DSS (applied with success in 2003 against OpenSSL 0.9.6) 1999: P. Kocher power-attacks DES, AES, etc. (SPA, DPA). Successful against smart cards, FPGAs, : New attacks (SEMA, DEMA, TPA). Importance of hardware security increases (CHES) 5/52 Institut Mines-Telecom R. Pacalet May 24, 2018
10 A bit of history 1956: MI5 against Egyptian Embassy in London (click-sound of the Hagelin enciphering machine) 1996: P. Kocher time-attacks RSA, DH, DSS (applied with success in 2003 against OpenSSL 0.9.6) 1999: P. Kocher power-attacks DES, AES, etc. (SPA, DPA). Successful against smart cards, FPGAs, : New attacks (SEMA, DEMA, TPA). Importance of hardware security increases (CHES) 5/52 Institut Mines-Telecom R. Pacalet May 24, 2018
11 A bit of history 1956: MI5 against Egyptian Embassy in London (click-sound of the Hagelin enciphering machine) 1996: P. Kocher time-attacks RSA, DH, DSS (applied with success in 2003 against OpenSSL 0.9.6) 1999: P. Kocher power-attacks DES, AES, etc. (SPA, DPA). Successful against smart cards, FPGAs, : New attacks (SEMA, DEMA, TPA). Importance of hardware security increases (CHES) 5/52 Institut Mines-Telecom R. Pacalet May 24, 2018
12 A bit of history 1956: MI5 against Egyptian Embassy in London (click-sound of the Hagelin enciphering machine) 1996: P. Kocher time-attacks RSA, DH, DSS (applied with success in 2003 against OpenSSL 0.9.6) 1999: P. Kocher power-attacks DES, AES, etc. (SPA, DPA). Successful against smart cards, FPGAs, : New attacks (SEMA, DEMA, TPA). Importance of hardware security increases (CHES) 5/52 Institut Mines-Telecom R. Pacalet May 24, 2018
13 History repeats itself 2013, 18 th of December: Daniel Genkin (Technion and Tel Aviv University), Adi Shamir (Weizmann Institute of Science), Eran Tromer (Tel Aviv University) RSA Key Extraction via Low-Bandwidth Acoustic Cryptanalysis. Target: a regular computer computing the GnuPG s current implementation of RSA. Vibrations of electronic components (capacitors and coils) in the voltage regulation circuit as they regulate the voltage accross large fluctuations in power consumption. 6/52 Institut Mines-Telecom R. Pacalet May 24, 2018
14 History repeats itself The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away. 7/52 Institut Mines-Telecom R. Pacalet May 24, 2018
15 History repeats itself The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away. 7/52 Institut Mines-Telecom R. Pacalet May 24, 2018
16 History repeats itself The attack can extract full 4096-bit RSA decryption keys from laptop computers (of various models), within an hour, using the sound generated by the computer during the decryption of some chosen ciphertexts. We experimentally demonstrate that such attacks can be carried out, using either a plain mobile phone placed next to the computer, or a more sensitive microphone placed 4 meters away. 7/52 Institut Mines-Telecom R. Pacalet May 24, 2018
17 History repeats itself (the RSA Paso Doble) 8/52 Institut Mines-Telecom R. Pacalet May 24, 2018
18 History repeats itself 9/52 Institut Mines-Telecom R. Pacalet May 24, 2018
19 History repeats itself Even if a memory location is only accessed during out-of-order execution, it remains cached. Iterating over the 256 pages of probe array shows one cache hit, exactly on the page that was accessed during the outof-order execution. 10/52 Institut Mines-Telecom R. Pacalet May 24, 2018
20 Timing attacks 11/52 Institut Mines-Telecom R. Pacalet May 24, 2018
21 Timing attacks / P. Kocher 12/52 Institut Mines-Telecom R. Pacalet May 24, 2018
22 History First published by Paul Kocher (CRYPTO 96) Implemented by Dhem, Quisquater, et al. (CARDIS 98) Used by Canvel, Hiltgen, Vaudenay, and Vuagnoux to attack OpenSSL (CRYPTO 03) 13/52 Institut Mines-Telecom R. Pacalet May 24, 2018
23 Example #1 Exponentiation M D D = d w 1 d w 2...d 2 d 1 d 0, w-bits exponent d w 1 : Most Significant Bit (MSB), d 0 : LSB D = d 0 +d 1 2+d d w 2 2 w 2 +d w 1 2 w 1 M D = M d 0+d 1 2+d d w 2 2 w 2 +d w 1 2 w 1 = M d 0 M d 1 2 M d M d w 2 2 w 2 M d w 1 2 w 1 ( ) 2 ( ) 4 ( ) 2 = M d 0 M d 1 M d 2... M d w 2 ( ) 2 w 2 M d w 1 w 1 ( ( ) 2 2 ( ) 2 = M d 0 M d 1 M 2) d... M d w 2 ( ) 2 w 2 M d w 1 w 1 ( ( ( ) ) = M d M d 1 M d 2 M d 3... M d w 2 M w 1) d /52 Institut Mines-Telecom R. Pacalet May 24, 2018
24 Example #1 Exponentiation, pseudo-code Multiplication and square algorithm Algorithm 1 Exponentiation 1: A(w) 1 2: for k w do loop from MSB to LSB of D 3: if d k = 1 then bit #k of D (#w 1 is MSB) 4: B(k) A(k +1) M Multiplication 5: else 6: B(k) A(k +1) 7: end if 8: A(k) B(k) 2 Square 9: end for 10: M D = B(0) 15/52 Institut Mines-Telecom R. Pacalet May 24, 2018
25 Example #1 Modular exponentiation, pseudo-code TA prone? Why? What can we expect from TA? Algorithm 2 Modular exponentiation (modexp) 1: A(w) 1 2: for k w do loop from MSB to LSB of D 3: if d k = 1 then bit #k of D (#w 1 is MSB) 4: B(k) (A(k +1) M) mod N Modular multiplication 5: else 6: B(k) A(k +1) 7: end if 8: A(k) B(k) 2 mod N Modular square 9: end for 10: M D = B(0) 16/52 Institut Mines-Telecom R. Pacalet May 24, 2018
26 Example #2 What if timing of modular product and square is data-dependant? What can we expect from TA? Algorithm 3 Modular exponentiation (modexp) 1: A(w) 1 2: for k w do loop from MSB to LSB of D 3: if d k = 1 then bit #k of D (#w 1 is MSB) 4: B(k) (A(k +1) M) mod N Modular multiplication 5: else 6: B(k) A(k +1) 7: end if 8: A(k) B(k) 2 mod N Modular square 9: end for 10: M D = B(0) 17/52 Institut Mines-Telecom R. Pacalet May 24, 2018
27 Example #2: P. Kocher attack A(w) 1 for k w 1...b +1 do... A(k) B(k) 2 mod N end for if d b = 1 then B(b) (A(b +1) M) mod N else B(b) A(b +1) end if A(b) B(b) 2 mod N for k b do... A(k) B(k) 2 mod N end for M D = B(0) Assume attacker measure total modexp time t[i] for large number n of different plaintexts M[i], 1 i n Assume attacker knows leading bits d w 1...d b+1 of D, w > b 0 (none if b = w 1) For each M[i], attacker can compute A(b +1)[i] (thanks to d w 1...d b+1 ) For each M[i], attacker measure or estimate time of (A(b +1)[i] M[i]) mod N Assume for some M[i], (A(b +1)[i] M[i]) mod N is extremely slow (fast) and attacker can distinguish slow, average and fast cases 18/52 Institut Mines-Telecom R. Pacalet May 24, 2018
28 Example #2: P. Kocher attack A(w) 1 for k w 1...b +1 do... A(k) B(k) 2 mod N end for if d b = 1 then B(b) (A(b +1) M) mod N else B(b) A(b +1) end if A(b) B(b) 2 mod N for k b do... A(k) B(k) 2 mod N end for M D = B(0) If t[i] large (slow) when (A(b +1)[i] M[i]) mod N slow bit d b probably 1 B(b)[i] (A(b + 1)[i] M[i]) mod N probably computed t Else d b probably 0 B(b)[i] (A(b + 1)[i] M[i]) mod N probably skipped t The larger the difference, the higher the attacker s confidence Do you understand difference with example #1? 18/52 Institut Mines-Telecom R. Pacalet May 24, 2018
29 Example #2: P. Kocher attack A(w) 1 for k w 1...b +1 do... A(k) B(k) 2 mod N end for if d b = 1 then B(b) (A(b +1) M) mod N else B(b) A(b +1) end if A(b) B(b) 2 mod N for k b do... A(k) B(k) 2 mod N end for M D = B(0) 1 i n, M[i]: plaintext #i T [i]: measured time for M[i] D T [i] = e[i] + k=w 1 k=0 t[i,k] e[i]: measurement error t[i,k]: time of iteration k of M[i] D Attacker knows T [i], not e[i] or t[i,k] Compute w 1 b first iterations M[i],N,d w 1...d b+1 known t m [i,b]: attacker s timing estimate for A(b +1)[i] M[i] mod N 18/52 Institut Mines-Telecom R. Pacalet May 24, 2018
30 Example #2: P. Kocher attack A(w) 1 for k w 1...b +1 do... A(k) B(k) 2 mod N end for if d b = 1 then B(b) (A(b +1) M) mod N else B(b) A(b +1) end if A(b) B(b) 2 mod N for k b do... A(k) B(k) 2 mod N end for M D = B(0) i I slow, j I slow, t m [i,b] > t m [j,b] I slow = n/10 i I fast, j I fast, t m [i,b] < t m [j,b] I fast = n/10 T slow = T fast = i I slow (T [i]) n/10 i I fast (T [i]) n/10 = T slow T fast 18/52 Institut Mines-Telecom R. Pacalet May 24, 2018
31 Example #2: P. Kocher attack A(w) 1 for k w 1...b +1 do... A(k) B(k) 2 mod N end for if d b = 1 then B(b) (A(b +1) M) mod N else B(b) A(b +1) end if A(b) B(b) 2 mod N for k b do... A(k) B(k) 2 mod N end for M D = B(0) > τ d b = 1 < τ d b = 0 τ: threshold Continue with next bit (b 1) until all bits of D known Attack targets one bit at a time Attack efficiency depends on: Number n of experiments Variability of t m [i,b] (data dependency) Noise e[i] I slow and I fast (10% in example) τ 18/52 Institut Mines-Telecom R. Pacalet May 24, 2018
32 P. Kocher attack on RSAREF Mult.: E(t mult ) s σ(t mult ) s Exp.: E(t exp ) s σ(t exp ) s 19/52 Institut Mines-Telecom R. Pacalet May 24, 2018
33 P. Kocher attack on RSAREF RSAREF (functional) reference software library 512 bits modular exponentiation, 256 bits exponent (to speed up experiments) With 250 timing measurements probability of correct decision at any step of attack: /52 Institut Mines-Telecom R. Pacalet May 24, 2018
34 P. Kocher attack on RSAREF RSAREF (functional) reference software library 512 bits modular exponentiation, 256 bits exponent (to speed up experiments) With 250 timing measurements probability of correct decision at any step of attack: /52 Institut Mines-Telecom R. Pacalet May 24, 2018
35 OpenSSL BN library Mult.: E(t mult ) cc σ(t mult ) 130 cc Exp.: E(t exp ) cc σ(t exp ) cc 20/52 Institut Mines-Telecom R. Pacalet May 24, 2018
36 Timing attacks / Optimizations 21/52 Institut Mines-Telecom R. Pacalet May 24, 2018
37 Optimizations A(w) 1 for k w 1...b +1 do... A(k) B(k) 2 mod N end for if d b = 1 then B(b) (A(b +1) M) mod N else B(b) A(b +1) end if A(b) B(b) 2 mod N for k b do... A(k) B(k) 2 mod N end for M D = B(0) Cross-check on modular square timing Once d b known, verification on t s [i,b] Attacker s timing estimate for B b [i] 2 mod N In average, if total time T [i] Large (small) when t s [i,b] large (small)? Yes: better confidence in decision No: doubt about decision 22/52 Institut Mines-Telecom R. Pacalet May 24, 2018
38 Optimizations A(w) 1 for k w 1...b +1 do... A(k) B(k) 2 mod N end for if d b = 1 then B(b) (A(b +1) M) mod N else B(b) A(b +1) end if A(b) B(b) 2 mod N for k b do... A(k) B(k) 2 mod N end for M D = B(0) Detect wrong decisions d b guessed incorrectly ( A(k b)[i], B(k b)[i]) (A(k b)[i],b(k b)[i]) Correlation with measured time not observable any more Attack improvement Keep list of decisions Keep likelihood T slow T fast Likelihood-driven back-tracking Hard decisions soft decisions Resembles channel decoding More memory and CPU usage Reduce number of experiments 22/52 Institut Mines-Telecom R. Pacalet May 24, 2018
39 Optimizations A(w) 1 for k w 1...b +1 do... A(k) B(k) 2 mod N end for if d b = 1 then B(b) (A(b +1) M) mod N else B(b) A(b +1) end if A(b) B(b) 2 mod N for k b do... A(k) B(k) 2 mod N end for M D = B(0) t[i,k]: timing of iteration k of M[i] D mod N t[i,k]: attacker s estimate Variance of timing residue U[i] = k=w 1 t[i,k] k=b+1 [i] = T [i] U[i] = e[i] + = e[i] + k=w 1 k=0 k=b k=0 t[i,k] t[i,k] + k=w 1 k=b+1 t[i,k] k=w 1 (t[i,k] t[i,k]) k=b+1 22/52 Institut Mines-Telecom R. Pacalet May 24, 2018
40 Optimizations A(w) 1 for k w 1...b +1 do... A(k) B(k) 2 mod N end for if d b = 1 then B(b) (A(b +1) M) mod N else B(b) A(b +1) end if A(b) B(b) 2 mod N for k b do... A(k) B(k) 2 mod N end for M D = B(0) If d w 1...d b+1 correct t[i,k > b] t[i,k > b] k=b k=w 1 [i] = e[i] + t[i,k] + (t[i,k] t[i,k]) k=0 k=b+1 e[i] + k=b k=0 t[i,k] ( ) k=b Var i ( ) Var i (e[i]) +Var i t[i,k] k=0 Var( ) when b Var(e) +(b +1) Var(t) 22/52 Institut Mines-Telecom R. Pacalet May 24, 2018
41 Optimizations A(w) 1 for k w 1...b +1 do... A(k) B(k) 2 mod N end for if d b = 1 then B(b) (A(b +1) M) mod N else B(b) A(b +1) end if A(b) B(b) 2 mod N for k b do... A(k) B(k) 2 mod N end for M D = B(0) If d w 1...d a+1 correct but d a...d b+1 wrong for some a b +1 t[i,k > a] t[i,k > a], t[i,a k > b] t[i,a k > b] k=b k=w 1 [i] = e[i] + t[i,k] + (t[i,k] t[i,k]) k=0 k=b+1 e[i] + e[i] + k=b k=0 k=a t[i,k] + t[i,k] k=a (t[i,k] t[i,k]) k=b+1 k=a t[i,k] k=0 k=b+1 Var( ) Var(e) +(a +1) Var(t) +(a b) Var(t) Var(e) +(2 a b +1) Var(t) Var( ) when b 22/52 Institut Mines-Telecom R. Pacalet May 24, 2018
42 Timing attacks / Conclusion 23/52 Institut Mines-Telecom R. Pacalet May 24, 2018
43 Wrap up on TA (1/2) Where does it come from? Time: processing data takes time How does it work? Acquisition phase Same secret Sufficient number of experiments with different input messages Build database of {input, time} pairs (works also with outputs, how?) Analysis phase (usually off-line) Attacker tries to retrieve part s of secret (e.g. 1 bit) Attacker builds timing models TM g (M) Of one part of computation with input M (e.g. 1 modmul) Under assumption that s = g Attacker estimates correlations between the TM g and the T TM g with best correlation g best candidate for s 24/52 Institut Mines-Telecom R. Pacalet May 24, 2018
44 Wrap up on TA (2/2) In our example where we attack one exponent bit at a time For each attacked bit b, 2 timing models: TM 0 (M[i]): modmul time in iteration b of M[i] D mod N if d b = 0 TM 1 (M[i]): modmul time in iteration b of M[i] D mod N if d b = 1 Note: TM 0 (M[i]) = 0 Correlation(TM 1,T ) > Correlation(TM 0,T ) b = 1 Correlation(TM 1,T ) < Correlation(TM 0,T ) b = 0 T slow T fast is an estimator of correlation between TM 1 and T Note: there are much better correlation estimators Pearson correlation coefficient Kolmogorov-Smirnov test,... Whatever the statistical tool, principle remains the same: TM g with best correlation g best candidate for s Analysis usually off-line But interactive, adaptive attacks also exist 25/52 Institut Mines-Telecom R. Pacalet May 24, 2018
45 Pearson correlation coefficient A better statistical tool than partitioning s: portion of the secret under attack n: number of time measurements T [i] (1 i n): time measurements M[i] (1 i n): input messages TM g (M[i]): attacker s timing model for M[i] and guess g on s PCC i (T,TM g ): estimator of correlation between T [i] and TM g (M[i]) g with highest PCC i (T,TM g ) best candidate for s 26/52 Institut Mines-Telecom R. Pacalet May 24, 2018
46 Exercise on timing attacks? Exercise #1: list the hypotheses for a timing attack to be practical 27/52 Institut Mines-Telecom R. Pacalet May 24, 2018
47 Homework Try to understand why DES deciphering is the same as DES enciphering with round keys in reverse order Imagine countermeasures, evaluate their cost and efficiency Study and understand P. Kocher paper and especially the blinding countermeasure he proposes (section 10) Prepare the first lab Read directions Look at provided software libraries Imagine what you will do, why and how Prepare questions 28/52 Institut Mines-Telecom R. Pacalet May 24, 2018
48 Questions? 29/52 Institut Mines-Telecom R. Pacalet May 24, 2018
49 Power attacks 30/52 Institut Mines-Telecom R. Pacalet May 24, 2018
50 Power attacks / Introduction 31/52 Institut Mines-Telecom R. Pacalet May 24, 2018
51 Power in CMOS logic (1/2) Power consumption and cell output transition are correlated S rising edge observed through R P spying resistor: I(VDD) I = I short +I L E: S: 32/52 Institut Mines-Telecom R. Pacalet May 24, 2018
52 Power in CMOS logic (2/2) Power consumption and cell output transition are correlated S falling edge observed through R P spying resistor: I(VDD) I = I short E: S: 33/52 Institut Mines-Telecom R. Pacalet May 24, 2018
53 Power analysis setup (1/2) Power supply Offline analysis Device under attack Recorded traces 34/52 Institut Mines-Telecom R. Pacalet May 24, 2018
54 Power analysis setup (2/2) 35/52 Institut Mines-Telecom R. Pacalet May 24, 2018
55 Power attacks / Simple Power Analysis (SPA) 36/52 Institut Mines-Telecom R. Pacalet May 24, 2018
56 Simple power analysis, example #1 The power trace of a naive DES hardware implementation leaks a lot of information CMOS structures consume power when switching Hamming distance of register transitions Hamming weights in some implementations Clock spikes 37/52 Institut Mines-Telecom R. Pacalet May 24, 2018
57 Simple power analysis, example #1 The power trace of a naive DES hardware implementation leaks a lot of information CMOS structures consume power when switching Hamming distance of register transitions Hamming weights in some implementations Clock spikes 37/52 Institut Mines-Telecom R. Pacalet May 24, 2018
58 Simple power analysis, example #1 The power trace of a naive DES hardware implementation leaks a lot of information CMOS structures consume power when switching Hamming distance of register transitions Hamming weights in some implementations Clock spikes 37/52 Institut Mines-Telecom R. Pacalet May 24, 2018
59 Simple power analysis, example #2 Multiply by double and add algorithm Iterate on key bits from MSB to LSB C M K Algorithm 4 The double and add algorithm 1: A 1 1 2: for k 0,w 1 do 3: if K (k) = 1 then 4: B k A k 1 +M Add 5: else 6: B k A k 1 7: end if 8: A k B k 2 Double 9: end for 10: C = M K = B w 1 38/52 Institut Mines-Telecom R. Pacalet May 24, 2018
60 Exercise #2: SPA on DES key schedule Software implementation on a 8 bits CPU Left rotate by 1 position of 28-bits half-key Eight bits accumulator A One bit carry flag C C C 0 A[7..0] Rotate left (ROL) A[7..0] Shift right (LSR) mem[a+3] mem[a+2] mem[a+1] mem[a] 1: CLC; C 0 2: LDA a; A mem(a) 3: ROL; C A A C 4: STA a; mem(a) A 5: LDA a+1; ROL; STA a+1; 6: LDA a+2; ROL; STA a+2; 7: LDA a+3; ROL; STA a+3; 8: AND #$1F; A 000 A[4..0] 9: LSR; C A A[0] 0 A[7..1] 10: LSR; LSR; LSR; A 000 A[7..3] 11: ORA a; A Aormem(a) 12: STA a; 28 bits half-key 39/52 Institut Mines-Telecom R. Pacalet May 24, 2018
61 Power attacks / Differential Power Analysis (DPA) 40/52 Institut Mines-Telecom R. Pacalet May 24, 2018
62 P. Kocher attack on DES (1/2) Last round of DES R (known) + guess g on Key value L(g,R) N pairs of power traces and cipher texts T[i],C[i] Split traces in subsets that should exhibit a different power consumption: S 0 = {T[i] L(g,R[i])(j) = 0} S 1 = {T[i] L(g,R[i])(j) = 1} score(g) = E(S 0 ) E(S 1 ) 4 4 L 4 SBox 6 10 Ciphertext R Key 41/52 Institut Mines-Telecom R. Pacalet May 24, 2018
63 P. Kocher attack on DES (2/2) The larger the difference, the more likely the guess Hence the name Differential Power Analysis (DPA) 42/52 Institut Mines-Telecom R. Pacalet May 24, 2018
64 Power attacks / Wrap up on DPA 43/52 Institut Mines-Telecom R. Pacalet May 24, 2018
65 Wrap up on DPA (1/3)? Where does it come from? Power: computing requires energy Warning: ones do not consume more than zeros: CMOS logic has (almost) no static power consumption Transitions consume power (dynamic power consumption) Guesses on the previous and present value of a node can be cross-checked with the power trace 44/52 Institut Mines-Telecom R. Pacalet May 24, 2018
66 Wrap up on DPA (1/3)? Where does it come from? Power: computing requires energy Warning: ones do not consume more than zeros: CMOS logic has (almost) no static power consumption Transitions consume power (dynamic power consumption) Guesses on the previous and present value of a node can be cross-checked with the power trace 44/52 Institut Mines-Telecom R. Pacalet May 24, 2018
67 Wrap up on DPA (1/3)? Where does it come from? Power: computing requires energy Warning: ones do not consume more than zeros: CMOS logic has (almost) no static power consumption Transitions consume power (dynamic power consumption) Guesses on the previous and present value of a node can be cross-checked with the power trace 44/52 Institut Mines-Telecom R. Pacalet May 24, 2018
68 Wrap up on DPA (1/3)? Where does it come from? Power: computing requires energy Warning: ones do not consume more than zeros: CMOS logic has (almost) no static power consumption Transitions consume power (dynamic power consumption) Guesses on the previous and present value of a node can be cross-checked with the power trace 44/52 Institut Mines-Telecom R. Pacalet May 24, 2018
69 Wrap up on DPA (1/3)? Where does it come from? Power: computing requires energy Warning: ones do not consume more than zeros: CMOS logic has (almost) no static power consumption Transitions consume power (dynamic power consumption) Guesses on the previous and present value of a node can be cross-checked with the power trace 44/52 Institut Mines-Telecom R. Pacalet May 24, 2018
70 Wrap up on DPA (2/3)? How does it work? Two phases: Acquisition phase: same secret, different input messages, sufficient number of experiments => a database of input (output) messages, power trace pairs Analysis phase (usually off-line) Attacker builds power model PM of target implementation For a given input (output) message PM gives estimate of processing power (all of it or only a portion) PM depends on guess g on the secret key: there are as many PM g models as guesses g PM g model that best matches actual power traces is the one of most likely guess g for secret key 45/52 Institut Mines-Telecom R. Pacalet May 24, 2018
71 Wrap up on DPA (2/3)? How does it work? Two phases: Acquisition phase: same secret, different input messages, sufficient number of experiments => a database of input (output) messages, power trace pairs Analysis phase (usually off-line) Attacker builds power model PM of target implementation For a given input (output) message PM gives estimate of processing power (all of it or only a portion) PM depends on guess g on the secret key: there are as many PM g models as guesses g PM g model that best matches actual power traces is the one of most likely guess g for secret key 45/52 Institut Mines-Telecom R. Pacalet May 24, 2018
72 Wrap up on DPA (2/3)? How does it work? Two phases: Acquisition phase: same secret, different input messages, sufficient number of experiments => a database of input (output) messages, power trace pairs Analysis phase (usually off-line) Attacker builds power model PM of target implementation For a given input (output) message PM gives estimate of processing power (all of it or only a portion) PM depends on guess g on the secret key: there are as many PM g models as guesses g PM g model that best matches actual power traces is the one of most likely guess g for secret key 45/52 Institut Mines-Telecom R. Pacalet May 24, 2018
73 Wrap up on DPA (2/3)? How does it work? Two phases: Acquisition phase: same secret, different input messages, sufficient number of experiments => a database of input (output) messages, power trace pairs Analysis phase (usually off-line) Attacker builds power model PM of target implementation For a given input (output) message PM gives estimate of processing power (all of it or only a portion) PM depends on guess g on the secret key: there are as many PM g models as guesses g PM g model that best matches actual power traces is the one of most likely guess g for secret key 45/52 Institut Mines-Telecom R. Pacalet May 24, 2018
74 Wrap up on DPA (2/3)? How does it work? Two phases: Acquisition phase: same secret, different input messages, sufficient number of experiments => a database of input (output) messages, power trace pairs Analysis phase (usually off-line) Attacker builds power model PM of target implementation For a given input (output) message PM gives estimate of processing power (all of it or only a portion) PM depends on guess g on the secret key: there are as many PM g models as guesses g PM g model that best matches actual power traces is the one of most likely guess g for secret key 45/52 Institut Mines-Telecom R. Pacalet May 24, 2018
75 Wrap up on DPA (2/3)? How does it work? Two phases: Acquisition phase: same secret, different input messages, sufficient number of experiments => a database of input (output) messages, power trace pairs Analysis phase (usually off-line) Attacker builds power model PM of target implementation For a given input (output) message PM gives estimate of processing power (all of it or only a portion) PM depends on guess g on the secret key: there are as many PM g models as guesses g PM g model that best matches actual power traces is the one of most likely guess g for secret key 45/52 Institut Mines-Telecom R. Pacalet May 24, 2018
76 Wrap up on DPA (2/3)? How does it work? Two phases: Acquisition phase: same secret, different input messages, sufficient number of experiments => a database of input (output) messages, power trace pairs Analysis phase (usually off-line) Attacker builds power model PM of target implementation For a given input (output) message PM gives estimate of processing power (all of it or only a portion) PM depends on guess g on the secret key: there are as many PM g models as guesses g PM g model that best matches actual power traces is the one of most likely guess g for secret key 45/52 Institut Mines-Telecom R. Pacalet May 24, 2018
77 Wrap up on DPA (3/3) Guesses on the present value only can be cross-checked too if rising and falling transitions consume differently (I I = ɛ) and previous value is uncorrelated If the guess is 0 (1) then we had a falling (rising) transition with probability 1/2 and no transition with probability 1/2 On a large number of traces the average difference should be ɛ/2 Two types of attacks: Hamming distances between two successive states of a node or set of nodes Hamming weights of a node or set of nodes 46/52 Institut Mines-Telecom R. Pacalet May 24, 2018
78 Wrap up on DPA (3/3) Guesses on the present value only can be cross-checked too if rising and falling transitions consume differently (I I = ɛ) and previous value is uncorrelated If the guess is 0 (1) then we had a falling (rising) transition with probability 1/2 and no transition with probability 1/2 On a large number of traces the average difference should be ɛ/2 Two types of attacks: Hamming distances between two successive states of a node or set of nodes Hamming weights of a node or set of nodes 46/52 Institut Mines-Telecom R. Pacalet May 24, 2018
79 Wrap up on DPA (3/3) Guesses on the present value only can be cross-checked too if rising and falling transitions consume differently (I I = ɛ) and previous value is uncorrelated If the guess is 0 (1) then we had a falling (rising) transition with probability 1/2 and no transition with probability 1/2 On a large number of traces the average difference should be ɛ/2 Two types of attacks: Hamming distances between two successive states of a node or set of nodes Hamming weights of a node or set of nodes 46/52 Institut Mines-Telecom R. Pacalet May 24, 2018
80 Wrap up on DPA (3/3) Guesses on the present value only can be cross-checked too if rising and falling transitions consume differently (I I = ɛ) and previous value is uncorrelated If the guess is 0 (1) then we had a falling (rising) transition with probability 1/2 and no transition with probability 1/2 On a large number of traces the average difference should be ɛ/2 Two types of attacks: Hamming distances between two successive states of a node or set of nodes Hamming weights of a node or set of nodes 46/52 Institut Mines-Telecom R. Pacalet May 24, 2018
81 Wrap up on DPA (3/3) Guesses on the present value only can be cross-checked too if rising and falling transitions consume differently (I I = ɛ) and previous value is uncorrelated If the guess is 0 (1) then we had a falling (rising) transition with probability 1/2 and no transition with probability 1/2 On a large number of traces the average difference should be ɛ/2 Two types of attacks: Hamming distances between two successive states of a node or set of nodes Hamming weights of a node or set of nodes 46/52 Institut Mines-Telecom R. Pacalet May 24, 2018
82 Wrap up on DPA (3/3) Guesses on the present value only can be cross-checked too if rising and falling transitions consume differently (I I = ɛ) and previous value is uncorrelated If the guess is 0 (1) then we had a falling (rising) transition with probability 1/2 and no transition with probability 1/2 On a large number of traces the average difference should be ɛ/2 Two types of attacks: Hamming distances between two successive states of a node or set of nodes Hamming weights of a node or set of nodes 46/52 Institut Mines-Telecom R. Pacalet May 24, 2018
83 Power attacks / Exercises on DPA 47/52 Institut Mines-Telecom R. Pacalet May 24, 2018
84 Exercises on DPA (1/2)? Exercise #3: most efficient power model?? Hamming weight (based on current state only)? Hamming distance (based on previous and current states)? Exercise #4: differences with timing attacks?? Exercise #5: DPA easier than TA? Why?? Exercise #6: hypotheses? 48/52 Institut Mines-Telecom R. Pacalet May 24, 2018
85 Exercises on DPA (1/2)? Exercise #3: most efficient power model?? Hamming weight (based on current state only)? Hamming distance (based on previous and current states)? Exercise #4: differences with timing attacks?? Exercise #5: DPA easier than TA? Why?? Exercise #6: hypotheses? 48/52 Institut Mines-Telecom R. Pacalet May 24, 2018
86 Exercises on DPA (1/2)? Exercise #3: most efficient power model?? Hamming weight (based on current state only)? Hamming distance (based on previous and current states)? Exercise #4: differences with timing attacks?? Exercise #5: DPA easier than TA? Why?? Exercise #6: hypotheses? 48/52 Institut Mines-Telecom R. Pacalet May 24, 2018
87 Exercises on DPA (1/2)? Exercise #3: most efficient power model?? Hamming weight (based on current state only)? Hamming distance (based on previous and current states)? Exercise #4: differences with timing attacks?? Exercise #5: DPA easier than TA? Why?? Exercise #6: hypotheses? 48/52 Institut Mines-Telecom R. Pacalet May 24, 2018
88 Exercises on DPA (2/2)? Exercise #7: countermeasures?? Exercise #8: what if energy depends only on key?? Exercise #9: what if energy depends only on input messages?? Exercise #10: what if energy depends neither on key nor on input messages? 49/52 Institut Mines-Telecom R. Pacalet May 24, 2018
89 Exercises on DPA (2/2)? Exercise #7: countermeasures?? Exercise #8: what if energy depends only on key?? Exercise #9: what if energy depends only on input messages?? Exercise #10: what if energy depends neither on key nor on input messages? 49/52 Institut Mines-Telecom R. Pacalet May 24, 2018
90 Exercises on DPA (2/2)? Exercise #7: countermeasures?? Exercise #8: what if energy depends only on key?? Exercise #9: what if energy depends only on input messages?? Exercise #10: what if energy depends neither on key nor on input messages? 49/52 Institut Mines-Telecom R. Pacalet May 24, 2018
91 Exercises on DPA (2/2)? Exercise #7: countermeasures?? Exercise #8: what if energy depends only on key?? Exercise #9: what if energy depends only on input messages?? Exercise #10: what if energy depends neither on key nor on input messages? 49/52 Institut Mines-Telecom R. Pacalet May 24, 2018
92 Power attacks / Conclusion 50/52 Institut Mines-Telecom R. Pacalet May 24, 2018
93 Homework on Power Attacks Read and understand every detail of original paper by P. Kocher Imagine attack against hardware DES implementation, describe in deep details your algorithm: Ciphertexts are known L 0 R 0,...,L 15 R 15,R 16 L 16 values stored successively in same 64 bits register Attacker monitors current on power supply side Find way to blind DES 51/52 Institut Mines-Telecom R. Pacalet May 24, 2018
94 Questions? 52/52 Institut Mines-Telecom R. Pacalet May 24, 2018
RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis. Daniel Genkin, Adi Shamir, Eran Tromer
RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis Daniel Genkin, Adi Shamir, Eran Tromer Mathematical Attacks Input Crypto Algorithm Key Output Goal: recover the key given access to the inputs
More informationElliptic Curve Cryptography and Security of Embedded Devices
Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Mathématiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography
More informationRemote Timing Attacks are Practical
Remote Timing Attacks are Practical by David Brumley and Dan Boneh Presented by Seny Kamara in Advanced Topics in Network Security (600/650.624) Outline Traditional threat model in cryptography Side-channel
More informationIntroduction to Side Channel Analysis. Elisabeth Oswald University of Bristol
Introduction to Side Channel Analysis Elisabeth Oswald University of Bristol Outline Part 1: SCA overview & leakage Part 2: SCA attacks & exploiting leakage and very briefly Part 3: Countermeasures Part
More informationBranch Prediction based attacks using Hardware performance Counters IIT Kharagpur
Branch Prediction based attacks using Hardware performance Counters IIT Kharagpur March 19, 2018 Modular Exponentiation Public key Cryptography March 19, 2018 Branch Prediction Attacks 2 / 54 Modular Exponentiation
More informationA DPA attack on RSA in CRT mode
A DPA attack on RSA in CRT mode Marc Witteman Riscure, The Netherlands 1 Introduction RSA is the dominant public key cryptographic algorithm, and used in an increasing number of smart card applications.
More informationHorizontal and Vertical Side-Channel Attacks against Secure RSA Implementations
Introduction Clavier et al s Paper This Paper Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations Aurélie Bauer Éliane Jaulmes Emmanuel Prouff Justine Wild ANSSI Session ID:
More informationDifferential Power Analysis Attacks Based on the Multiple Correlation Coefficient Xiaoke Tang1,a, Jie Gan1,b, Jiachao Chen2,c, Junrong Liu3,d
4th International Conference on Sensors, Measurement and Intelligent Materials (ICSMIM 2015) Differential Power Analysis Attacks Based on the Multiple Correlation Coefficient Xiaoke Tang1,a, Jie Gan1,b,
More informationResistance of Randomized Projective Coordinates Against Power Analysis
Resistance of Randomized Projective Coordinates Against Power Analysis William Dupuy and Sébastien Kunz-Jacques DCSSI Crypto Lab 51, bd de Latour-Maubourg, 75700 PARIS 07 SP william.dupuy@laposte.net,
More informationTHEORETICAL SIMPLE POWER ANALYSIS OF THE GRAIN STREAM CIPHER. A. A. Zadeh and Howard M. Heys
THEORETICAL SIMPLE POWER ANALYSIS OF THE GRAIN STREAM CIPHER A. A. Zadeh and Howard M. Heys Electrical and Computer Engineering Faculty of Engineering and Applied Science Memorial University of Newfoundland
More informationFormal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers
Formal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers Sarani Bhattacharya and Debdeep Mukhopadhyay Indian Institute of Technology Kharagpur PROOFS 2016 August
More informationInvestigations of Power Analysis Attacks on Smartcards *
Investigations of Power Analysis Attacks on Smartcards * Thomas S. Messerges Ezzy A. Dabbish Robert H. Sloan 1 Dept. of EE and Computer Science Motorola Motorola University of Illinois at Chicago tomas@ccrl.mot.com
More informationComparison of some mask protections of DES against power analysis Kai Cao1,a, Dawu Gu1,b, Zheng Guo1,2,c and Junrong Liu1,2,d
International Conference on Manufacturing Science and Engineering (ICMSE 2015) Comparison of some mask protections of DES against power analysis Kai Cao1,a, Dawu Gu1,b, Zheng Guo1,2,c and Junrong Liu1,2,d
More informationHardware Architectures for Public Key Algorithms Requirements and Solutions for Today and Tomorrow
Hardware Architectures for Public Key Algorithms Requirements and Solutions for Today and Tomorrow Cees J.A. Jansen Pijnenburg Securealink B.V. Vught, The Netherlands ISSE Conference, London 27 September,
More informationSide-channel attacks on PKC and countermeasures with contributions from PhD students
basics Online Side-channel attacks on PKC and countermeasures (Tutorial @SPACE2016) with contributions from PhD students Lejla Batina Institute for Computing and Information Sciences Digital Security Radboud
More informationFirst-Order DPA Attack Against AES in Counter Mode w/ Unknown Counter. DPA Attack, typical structure
Josh Jaffe CHES 2007 Cryptography Research, Inc. www.cryptography.com 575 Market St., 21 st Floor, San Francisco, CA 94105 1998-2007 Cryptography Research, Inc. Protected under issued and/or pending US
More informationCorrelation Power Analysis. Chujiao Ma
Correlation Power Analysis Chujiao Ma Power Analysis Simple Power Analysis (SPA) different operations consume different power Differential Power Analysis (DPA) different data consume different power Correlation
More informationEfficient randomized regular modular exponentiation using combined Montgomery and Barrett multiplications
University of Wollongong Research Online Faculty of Engineering and Information Sciences - Papers: Part A Faculty of Engineering and Information Sciences 2016 Efficient randomized regular modular exponentiation
More informationInformation Security Theory vs. Reality
Information Security Theory vs. Reality 0368-4474, Winter 2015-2016 Lecture 3: Power analysis, correlation power analysis Lecturer: Eran Tromer 1 Power Analysis Simple Power Analysis Correlation Power
More informationDIFFERENTIAL POWER ANALYSIS MODEL AND SOME RESULTS
DIFFERENTIAL POWER ANALYSIS MODEL AND SOME RESULTS Sylvain Guilley, Philippe Hoogvorst and Renaud Pacalet GET / Télécom Paris, CNRS LTCI Département communication et électronique 46 rue Barrault, 75634
More informationSide-channel analysis in code-based cryptography
1 Side-channel analysis in code-based cryptography Tania RICHMOND IMATH Laboratory University of Toulon SoSySec Seminar Rennes, April 5, 2017 Outline McEliece cryptosystem Timing Attack Power consumption
More informationSide Channel Analysis. Chester Rebeiro IIT Madras
Side Channel Analysis Chester Rebeiro IIT Madras Modern ciphers designed with very strong assumptions Kerckhoff s Principle The system is completely known to the attacker. This includes encryption & decryption
More informationSide Channel Analysis and Protection for McEliece Implementations
Side Channel Analysis and Protection for McEliece Implementations Thomas Eisenbarth Joint work with Cong Chen, Ingo von Maurich and Rainer Steinwandt 9/27/2016 NATO Workshop- Tel Aviv University Overview
More informationLS-Designs. Bitslice Encryption for Efficient Masked Software Implementations
Bitslice Encryption for Efficient Masked Software Implementations Vincent Grosso 1 Gaëtan Leurent 1,2 François Xavier Standert 1 Kerem Varici 1 1 UCL, Belgium 2 Inria, France FSE 2014 G Leurent (UCL,Inria)
More informationCosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks
1 Cosc 412: Cryptography and complexity Lecture 7 (22/8/2018) Knapsacks and attacks Michael Albert michael.albert@cs.otago.ac.nz 2 This week Arithmetic Knapsack cryptosystems Attacks on knapsacks Some
More informationIn fact, 3 2. It is not known whether 3 1. All three problems seem hard, although Shor showed that one can solve 3 quickly on a quantum computer.
Attacks on RSA, some using LLL Recall RSA: N = pq hard to factor. Choose e with gcd(e,φ(n)) = 1, where φ(n) = (p 1)(q 1). Via extended Euclid, find d with ed 1 (mod φ(n)). Discard p and q. Public key is
More informationDPA-Resistance without routing constraints?
Introduction Attack strategy Experimental results Conclusion Introduction Attack strategy Experimental results Conclusion Outline DPA-Resistance without routing constraints? A cautionary note about MDPL
More informationCPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems
CPE 776:DATA SECURITY & CRYPTOGRAPHY Some Number Theory and Classical Crypto Systems Dr. Lo ai Tawalbeh Computer Engineering Department Jordan University of Science and Technology Jordan Some Number Theory
More informationRandom Delay Insertion: Effective Countermeasure against DPA on FPGAs
Random Delay Insertion: Effective Countermeasure against DPA on FPGAs Lu, Yingxi Dr. Máire O Neill Prof. John McCanny Overview September 2004 PRESENTATION OUTLINE DPA and countermeasures Random Delay Insertion
More information7 Cryptanalysis. 7.1 Structural Attacks CA642: CRYPTOGRAPHY AND NUMBER THEORY 1
CA642: CRYPTOGRAPHY AND NUMBER THEORY 1 7 Cryptanalysis Cryptanalysis Attacks such as exhaustive key-search do not exploit any properties of the encryption algorithm or implementation. Structural attacks
More informationA Proposition for Correlation Power Analysis Enhancement
A Proposition for Correlation Power Analysis Enhancement Thanh-Ha Le 1, Jessy Clédière 1,Cécile Canovas 1, Bruno Robisson 1, Christine Servière, and Jean-Louis Lacoume 1 CEA-LETI 17 avenue des Martyrs,
More informationMultiple-Differential Side-Channel Collision Attacks on AES
Multiple-Differential Side-Channel Collision Attacks on AES Andrey Bogdanov Horst Görtz Institute for IT Security Ruhr University Bochum, Germany abogdanov@crypto.rub.de www.crypto.rub.de Abstract. In
More informationSummary. Secured Arithmetic Operators for Cryptography. Introduction. Terminology
Summary Secured Arithmetic Operators for Cryptography Arnaud Tisserand CNRS, IRISA laboratory, CAIRN research team Electrical and Computer Engineering Seminar University of Massachusetts Amherst November
More informationStart Simple and then Refine: Bias-Variance Decomposition as a Diagnosis Tool for Leakage Profiling
IEEE TRANSACTIONS ON COMPUTERS, VOL.?, NO.?,?? 1 Start Simple and then Refine: Bias-Variance Decomposition as a Diagnosis Tool for Leakage Profiling Liran Lerman, Nikita Veshchikov, Olivier Markowitch,
More informationOn the Use of Masking to Defeat Power-Analysis Attacks
1/32 On the Use of Masking to Defeat Power-Analysis Attacks ENS Paris Crypto Day February 16, 2016 Presented by Sonia Belaïd Outline Power-Analysis Attacks Masking Countermeasure Leakage Models Security
More informationUsing Second-Order Power Analysis to Attack DPA Resistant Software
Using Second-Order Power Analysis to Attack DPA Resistant Software Thomas S. Messerges Motorola Labs, Motorola 3 E. Algonquin Road, Room 7, Schaumburg, IL 696 Tom.Messerges@motorola.com Abstract. Under
More informationExponent Blinding Does not Always Lift (Partial) SPA Resistance to Higher-Level Security
Exponent Blinding Does not Always Lift (Partial) SPA Resistance to Higher-Level Security Werner Schindler (Bundesamt für Sicherheit in der Informationstechnik (BSI)) and Kouichi Itoh (Fujitsu Laboratories
More informationAlgorithmic Number Theory and Public-key Cryptography
Algorithmic Number Theory and Public-key Cryptography Course 3 University of Luxembourg March 22, 2018 The RSA algorithm The RSA algorithm is the most widely-used public-key encryption algorithm Invented
More informationOn the Masking Countermeasure and Higher-Order Power Analysis Attacks
1 On the Masking Countermeasure and Higher-Order Power Analysis Attacks François-Xavier Standaert, Eric Peeters, Jean-Jacques Quisquater UCL Crypto Group, Place du Levant, 3, B-1348 Louvain-La-Neuve, Belgium.
More informationPower Analysis to ECC Using Differential Power between Multiplication and Squaring
Power Analysis to ECC Using Differential Power between Multiplication and Squaring Toru Akishita 1 and Tsuyoshi Takagi 2 1 Sony Corporation, Information Technologies Laboratories, Tokyo, Japan akishita@pal.arch.sony.co.jp
More informationSquare Always Exponentiation
Square Always Exponentiation Christophe Clavier 1 Benoit Feix 1,2 Georges Gagnerot 1,2 Mylène Roussellet 2 Vincent Verneuil 2,3 1 XLIM-Université de Limoges, France 2 INSIDE Secure, Aix-en-Provence, France
More informationMenu. Lecture 5: DES Use and Analysis. DES Structure Plaintext Initial Permutation. DES s F. S-Boxes 48 bits Expansion/Permutation
Lecture : Use and nalysis Menu Today s manifest: on line only Review Modes of Operation ttacks CS: Security and rivacy University of Virginia Computer Science David Evans http://www.cs.virginia.edu/~evans
More informationCryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur
Cryptography and Network Security Prof. D. Mukhopadhyay Department of Computer Science and Engineering Indian Institute of Technology, Kharagpur Module No. # 01 Lecture No. # 33 The Diffie-Hellman Problem
More informationA DPA Attack against the Modular Reduction within a CRT Implementation of RSA
A DPA Attack against the Modular Reduction within a CRT Implementation of RSA Bert den Boer, Kerstin Lemke, and Guntram Wicke T-Systems ISS GmbH Rabinstr. 8, D-53111 Bonn, Germany BdenBoer@tpd.tno.nl,
More informationEfficient Leak Resistant Modular Exponentiation in RNS
Efficient Leak Resistant Modular Exponentiation in RNS Andrea Lesavourey (1), Christophe Negre (1) and Thomas Plantard (2) (1) DALI (UPVD) and LIRMM (Univ. of Montpellier, CNRS), Perpignan, France (2)
More informationPower Consumption Analysis. Arithmetic Level Countermeasures for ECC Coprocessor. Arithmetic Operators for Cryptography.
Power Consumption Analysis General principle: measure the current I in the circuit Arithmetic Level Countermeasures for ECC Coprocessor Arnaud Tisserand, Thomas Chabrier, Danuta Pamula I V DD circuit traces
More informationConcurrent Error Detection in S-boxes 1
International Journal of Computer Science & Applications Vol. 4, No. 1, pp. 27 32 2007 Technomathematics Research Foundation Concurrent Error Detection in S-boxes 1 Ewa Idzikowska, Krzysztof Bucholc Poznan
More informationThe RSA Cipher and its Algorithmic Foundations
Chapter 1 The RSA Cipher and its Algorithmic Foundations The most important that is, most applied and most analyzed asymmetric cipher is RSA, named after its inventors Ron Rivest, Adi Shamir, and Len Adleman.
More informationA VLSI Algorithm for Modular Multiplication/Division
A VLSI Algorithm for Modular Multiplication/Division Marcelo E. Kaihara and Naofumi Takagi Department of Information Engineering Nagoya University Nagoya, 464-8603, Japan mkaihara@takagi.nuie.nagoya-u.ac.jp
More informationPartial Key Exposure: Generalized Framework to Attack RSA
Partial Key Exposure: Generalized Framework to Attack RSA Cryptology Research Group Indian Statistical Institute, Kolkata 12 December 2011 Outline of the Talk 1 RSA - A brief overview 2 Partial Key Exposure
More informationSOBER Cryptanalysis. Daniel Bleichenbacher and Sarvar Patel Bell Laboratories Lucent Technologies
SOBER Cryptanalysis Daniel Bleichenbacher and Sarvar Patel {bleichen,sarvar}@lucent.com Bell Laboratories Lucent Technologies Abstract. SOBER is a new stream cipher that has recently been developed by
More informationMulti-Exponentiation Algorithm
Multi-Exponentiation Algorithm Chien-Ning Chen Email: chienning@ntu.edu.sg Feb 15, 2012 Coding and Cryptography Research Group Outline Review of multi-exponentiation algorithms Double/Multi-exponentiation
More informationPublic Key Perturbation of Randomized RSA Implementations
Public Key Perturbation of Randomized RSA Implementations A. Berzati, C. Dumas & L. Goubin CEA-LETI Minatec & Versailles St Quentin University Outline 1 Introduction 2 Public Key Perturbation Against R2L
More informationReduce-by-Feedback: Timing resistant and DPA-aware Modular Multiplication plus: How to Break RSA by DPA
Reduce-by-Feedback: Timing resistant and DPA-aware Modular Multiplication plus: How to Break RSA by DPA M. Vielhaber vielhaber@gmail.com Hochschule Bremerhaven und/y Universidad Austral de Chile CHES 2012
More informationDifferential Cache Trace Attack Against CLEFIA
Differential Cache Trace Attack Against CLEFIA Chester Rebeiro and Debdeep Mukhopadhyay Dept. of Computer Science and Engineering Indian Institute of Technology Kharagpur, India {chester,debdeep}@cse.iitkgp.ernet.in
More informationBitslice Ciphers and Power Analysis Attacks
Bitslice Ciphers and Power Analysis Attacks Joan Daemen, Michael Peeters and Gilles Van Assche Proton World Intl. Rue Du Planeur 10, B-1130 Brussel, Belgium Email: {daemen.j, peeters.m, vanassche.g}@protonworld.com
More informationEase of Side-Channel Attacks on AES-192/256 by Targeting Extreme Keys
Ease of Side-Channel Attacks on AES-192/256 by Targeting Extreme Keys Antoine Wurcker eshard, France, antoine.wurcker@eshard.com Abstract. Concerning the side-channel attacks on Advanced Encryption Standard,
More informationBlinded Fault Resistant Exponentiation FDTC 06
Previous Work Our Algorithm Guillaume Fumaroli 1 David Vigilant 2 1 Thales Communications guillaume.fumaroli@fr.thalesgroup.com 2 Gemalto david.vigilant@gemalto.com FDTC 06 Outline Previous Work Our Algorithm
More informationQuantum Cryptography. Marshall Roth March 9, 2007
Quantum Cryptography Marshall Roth March 9, 2007 Overview Current Cryptography Methods Quantum Solutions Quantum Cryptography Commercial Implementation Cryptography algorithms: Symmetric encrypting and
More informationEvitando ataques Side-Channel mediante el cálculo de curvas isógenas e isomorfas
1 / 24 Evitando ataques Side-Channel mediante el cálculo de curvas isógenas e isomorfas R. Abarzúa 1 S. Martínez 2 J. Miret 2 R. Tomàs 2 J. Valera 2 1 Universidad de Santiago de Chile (Chile). e-mail:
More informationAlgorithm for RSA and Hyperelliptic Curve Cryptosystems Resistant to Simple Power Analysis
Algorithm for RSA and Hyperelliptic Curve Cryptosystems Resistant to Simple Power Analysis Christophe Negre ici joined work with T. Plantard (U. of Wollongong, Australia) Journees Nationales GDR IM January
More informationEfficient Modular Exponentiation Based on Multiple Multiplications by a Common Operand
Efficient Modular Exponentiation Based on Multiple Multiplications by a Common Operand Christophe Negre, Thomas Plantard, Jean-Marc Robert Team DALI (UPVD) and LIRMM (UM2, CNRS), France CCISR, SCIT, (University
More informationRSA RSA public key cryptosystem
RSA 1 RSA As we have seen, the security of most cipher systems rests on the users keeping secret a special key, for anyone possessing the key can encrypt and/or decrypt the messages sent between them.
More informationImpact of Extending Side Channel Attack on Cipher Variants: A Case Study with the HC Series of Stream Ciphers
Impact of Extending Side Channel Attack on Cipher Variants: A Case Study with the HC Series of Stream Ciphers Goutam Paul and Shashwat Raizada Jadavpur University, Kolkata and Indian Statistical Institute,
More informationLeakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider and Amir Moradi
Leakage Assessment Methodology - a clear roadmap for side-channel evaluations - Tobias Schneider and Amir Moradi Wednesday, September 16 th, 015 Motivation Security Evaluation Motivation Security Evaluation
More informationCSc 466/566. Computer Security. 5 : Cryptography Basics
1/84 CSc 466/566 Computer Security 5 : Cryptography Basics Version: 2012/03/03 10:44:26 Department of Computer Science University of Arizona collberg@gmail.com Copyright c 2012 Christian Collberg Christian
More informationCryptography CS 555. Topic 18: RSA Implementation and Security. CS555 Topic 18 1
Cryptography CS 555 Topic 18: RSA Implementation and Security Topic 18 1 Outline and Readings Outline RSA implementation issues Factoring large numbers Knowing (e,d) enables factoring Prime testing Readings:
More informationFinal Exam Math 105: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 30 April :30 11:00 a.m.
Final Exam Math 10: Topics in Mathematics Cryptology, the Science of Secret Writing Rhodes College Tuesday, 0 April 2002 :0 11:00 a.m. Instructions: Please be as neat as possible (use a pencil), and show
More informationSimple Pseudorandom Number Generator with Strengthened Double Encryption (Cilia)
Simple Pseudorandom Number Generator with Strengthened Double Encryption (Cilia) Henry Ng Henry.Ng.a@gmail.com Abstract. A new cryptographic pseudorandom number generator Cilia is presented. It hashes
More informationIntroduction to Modern Cryptography. Benny Chor
Introduction to Modern Cryptography Benny Chor RSA Public Key Encryption Factoring Algorithms Lecture 7 Tel-Aviv University Revised March 1st, 2008 Reminder: The Prime Number Theorem Let π(x) denote the
More informationProvable Security against Side-Channel Attacks
Provable Security against Side-Channel Attacks Matthieu Rivain matthieu.rivain@cryptoexperts.com MCrypt Seminar Aug. 11th 2014 Outline 1 Introduction 2 Modeling side-channel leakage 3 Achieving provable
More informationA Sound Method for Switching between Boolean and Arithmetic Masking
A Sound Method for Switching between Boolean and Arithmetic Masking Louis Goubin CP8 Crypto Lab, SchlumbergerSema 36-38 rue de la Princesse, BP45 78430 Louveciennes Cedex, France Louis.Goubin@louveciennes.tt.slb.com
More informationNovel Approaches for Improving the Power Consumption Models in Correlation Analysis
Novel Approaches for Improving the Power Consumption Models in Correlation Analysis Thanh-Ha Le, Quoc-Thinh Nguyen-Vuong, Cécile Canovas, Jessy Clédière CEA-LETI 17 avenue des Martyrs, 38 054 Grenoble
More informationMcBits: Fast code-based cryptography
McBits: Fast code-based cryptography Peter Schwabe Radboud University Nijmegen, The Netherlands Joint work with Daniel Bernstein, Tung Chou December 17, 2013 IMA International Conference on Cryptography
More informationDynamic Runtime Methods to Enhance Private Key Blinding
Dynamic Runtime Methods to Enhance Private Key Blinding Karine Gandolfi-Villegas and Nabil Hamzi Gemalto Security Labs {nabil.hamzi,karine.villegas}@gemalto.com Abstract. In this paper we propose new methods
More informationA Unified Framework for the Analysis of Side-Channel Key Recovery Attacks
A Unified Framework for the Analysis of Side-Channel Key Recovery Attacks François-Xavier Standaert 1, Tal G. Malkin 2, Moti Yung 2,3 1 UCL Crypto Group, Université Catholique de Louvain. 2 Dept. of Computer
More informationSecure Communication Using H Chaotic Synchronization and International Data Encryption Algorithm
Secure Communication Using H Chaotic Synchronization and International Data Encryption Algorithm Gwo-Ruey Yu Department of Electrical Engineering I-Shou University aohsiung County 840, Taiwan gwoyu@isu.edu.tw
More informationDesign at the Register Transfer Level
Week-7 Design at the Register Transfer Level Algorithmic State Machines Algorithmic State Machine (ASM) q Our design methodologies do not scale well to real-world problems. q 232 - Logic Design / Algorithmic
More informationPublic Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy
Symmetric Cryptography Review Alice Bob Public Key x e K (x) y d K (y) x K K Instructor: Dr. Wei (Lisa) Li Department of Computer Science, GSU Two properties of symmetric (secret-key) crypto-systems: The
More informationFast SPA-Resistant Exponentiation Through Simultaneous Processing of Half-Exponents
Fast SPA-Resistant Exponentiation Through Simultaneous Processing of Half-Exponents Carlos Moreno and M. Anwar Hasan Department of Electrical and Computer Engineering University of Waterloo, Canada cmoreno@uwaterloo.ca,
More informationSliding right into disaster - Left-to-right sliding windows leak
Sliding right into disaster - Left-to-right sliding windows leak Daniel J. Bernstein, Joachim Breitner, Daniel Genkin, Leon Groot Bruinderink, Nadia Heninger, Tanja Lange, Christine van Vredendaal and
More informationLecture Notes. Advanced Discrete Structures COT S
Lecture Notes Advanced Discrete Structures COT 4115.001 S15 2015-01-27 Recap ADFGX Cipher Block Cipher Modes of Operation Hill Cipher Inverting a Matrix (mod n) Encryption: Hill Cipher Example Multiple
More informationGurgen Khachatrian Martun Karapetyan
34 International Journal Information Theories and Applications, Vol. 23, Number 1, (c) 2016 On a public key encryption algorithm based on Permutation Polynomials and performance analyses Gurgen Khachatrian
More informationFormal Verification of Side-Channel Countermeasures
Formal Verification of Side-Channel Countermeasures Sonia Belaïd June 5th 2018 1 / 35 1 Side-Channel Attacks 2 Masking 3 Formal Tools Verification of Masked Implementations at Fixed Order Verification
More informationAlternative Approaches: Bounded Storage Model
Alternative Approaches: Bounded Storage Model A. Würfl 17th April 2005 1 Motivation Description of the Randomized Cipher 2 Motivation Motivation Description of the Randomized Cipher Common practice in
More informationrecover the secret key [14]. More recently, the resistance of smart-card implementations of the AES candidates against monitoring power consumption wa
Resistance against Dierential Power Analysis for Elliptic Curve Cryptosystems Jean-Sebastien Coron Ecole Normale Superieure Gemplus Card International 45 rue d'ulm 34 rue Guynemer Paris, F-75230, France
More informationEnhancing the Signal to Noise Ratio
Enhancing the Signal to Noise Ratio in Differential Cryptanalysis, using Algebra Martin Albrecht, Carlos Cid, Thomas Dullien, Jean-Charles Faugère and Ludovic Perret ESC 2010, Remich, 10.01.2010 Outline
More informationYet another side-channel attack: Multi-linear Power Analysis attack (MLPA)
Yet another side-channel attack: Multi-linear Power Analysis attack (MLPA) Thomas Roche, Cédric Tavernier Laboratoire LIG, Grenoble, France. Communications and Systems, Le Plessis Robinson, France. Cryptopuces
More informationSide Channel Attack to Actual Cryptanalysis: Breaking CRT-RSA with Low Weight Decryption Exponents
Side Channel Attack to Actual Cryptanalysis: Breaking CRT-RSA with Low Weight Decryption Exponents Santanu Sarkar and Subhamoy Maitra Leuven, Belgium 12 September, 2012 Outline of the Talk RSA Cryptosystem
More informationLinear Cryptanalysis of Reduced-Round Speck
Linear Cryptanalysis of Reduced-Round Speck Tomer Ashur Daniël Bodden KU Leuven and iminds Dept. ESAT, Group COSIC Address Kasteelpark Arenberg 10 bus 45, B-3001 Leuven-Heverlee, Belgium tomer.ashur-@-esat.kuleuven.be
More informationA Key Recovery Attack on MDPC with CCA Security Using Decoding Errors
A Key Recovery Attack on MDPC with CCA Security Using Decoding Errors Qian Guo Thomas Johansson Paul Stankovski Dept. of Electrical and Information Technology, Lund University ASIACRYPT 2016 Dec 8th, 2016
More informationCODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES. The questions with a * are extension questions, and will not be included in the assignment.
CODING AND CRYPTOLOGY III CRYPTOLOGY EXERCISES A selection of the following questions will be chosen by the lecturer to form the Cryptology Assignment. The Cryptology Assignment is due by 5pm Sunday 1
More informationXMX: A Firmware-oriented Block Cipher Based on Modular Multiplications
XMX: A Firmware-oriented Block Cipher Based on Modular Multiplications [Published in E. Biham, Ed., Fast Software Encrytion, vol. 1267 of Lecture Notes in Computer Science, pp. 166 171, Springer-Verlag,
More informationLECTURE NOTES ON Quantum Cryptography
Department of Software The University of Babylon LECTURE NOTES ON Quantum Cryptography By Dr. Samaher Hussein Ali College of Information Technology, University of Babylon, Iraq Samaher@itnet.uobabylon.edu.iq
More informationTemplate Attacks with Partial Profiles and Dirichlet Priors: Application to Timing Attacks June 18, 2016
Template Attacks with Partial Profiles and Dirichlet Priors: Application to Timing Attacks June 18, 2016 Eloi de Chérisey, Sylvain Guilley, Darshana Jayasinghe and Olivier Rioul Contents Introduction Motivations
More informationORYX. ORYX not an acronym, but upper case Designed for use with cell phones. Standard developed by. Cipher design process not open
ORYX ORYX 1 ORYX ORYX not an acronym, but upper case Designed for use with cell phones o To protect confidentiality of voice/data o For data channel, not control channel o Control channel encrypted with
More informationIntro to Physical Side Channel Attacks
Intro to Physical Side Channel Attacks Thomas Eisenbarth 15.06.2018 Summer School on Real-World Crypto & Privacy Šibenik, Croatia Outline Why physical attacks matter Implementation attacks and power analysis
More information2. Accelerated Computations
2. Accelerated Computations 2.1. Bent Function Enumeration by a Circular Pipeline Implemented on an FPGA Stuart W. Schneider Jon T. Butler 2.1.1. Background A naive approach to encoding a plaintext message
More informationCIS 551 / TCOM 401 Computer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 15 3/20/08 CIS/TCOM 551 1 Announcements Project 3 available on the web. Get the handout in class today. Project 3 is due April 4th It
More informationToward Secure Implementation of McEliece Decryption
Toward Secure Implementation of McEliece Decryption Mariya Georgieva & Frédéric de Portzamparc Gemalto & LIP6, 13/04/2015 1 MCELIECE PUBLIC-KEY ENCRYPTION 2 DECRYPTION ORACLE TIMING ATTACKS 3 EXTENDED
More information