Two Operands of Multipliers in Side-Channel Attack
نویسندگان
چکیده
The single-shot collision attack on RSA proposed by Hanley et al. is studied focusing on the difference between two operands of multipliers. There are two consequences. Firstly, designing order of operands can be a cost-effective countermeasure. We show a concrete example in which operand order determines success and failure of the attack. Secondly, countermeasures can be ineffective if the asymmetric leakage is considered. In addition to the main results, the attack by Hanley et al. is extended using the signal-processing technique of the big mac attack. An experimental result to successfully analyze an FPGA implementation of RSA with the multiply-always method is also presented.
منابع مشابه
Attacking OpenSSL using Side-channel Attacks: the RSA case study
We show that RSA implementation present in OpenSSL can be successfully attacked using sidechannels. In OpenSSL, the modular exponentiation is implemented using m-ary method, where a table of size 2m entries is precomputed. The exponent is divided into words of m-bits each and the algorithm proceeds one word at a time using the precomputed table. Furthermore, to protect against side-channel atta...
متن کاملExploiting the Order of Multiplier Operands: A Low Cost Approach for HCCA Resistance
Horizontal collision correlation analysis (HCCA) imposes a serious threat to simple power analysis resistant elliptic curve cryptosystems involving unified algorithms, for e.g. Edward curve unified formula. This attack can be mounted even in presence of differential power analysis resistant randomization schemes. In this paper we have designed an effective countermeasure for HCCA protection, wh...
متن کاملExploiting the Order of Multiplier Operands: A Low Cost Approach for HCCA Resistance
Horizontal collision correlation analysis (HCCA) imposes a serious threat to simple power analysis resistant elliptic curve cryptosystems involving unified algorithms, for e.g. Edward curve unified formula. This attack can be mounted even in presence of differential power analysis resistant randomization schemes. In this paper we have designed an effective countermeasure for HCCA protection, wh...
متن کاملضربکننده و ضربجمعکننده پیمانه 2n+1 برای پردازنده سیگنال دیجیتال
Nowadays, digital signal processors (DSPs) are appropriate choices for real-time image and video processing in embedded multimedia applications not only due to their superior signal processing performance, but also of the high levels of integration and very low-power consumption. Filtering which consists of multiple addition and multiplication operations, is one of the most fundamental operatio...
متن کاملSide channel parameter characteristics of code injection attacks
Embedded systems are suggestive targets for code injection attacks in the recent years. Software protection mechanisms, and in general computers, are not usually applicable in embedded systems since they have limited resources like memory and process power. In this paper we investigate side channel characteristics of embedded systems and their applicability in code injection attack detection. T...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
- IACR Cryptology ePrint Archive
دوره 2015 شماره
صفحات -
تاریخ انتشار 2015