Two circuit design techniques improve the robustness of Whitenoise encryption algorithm implementation against side-channel attacks based on dynamic and/or static power consumption. The first technique aims to conceal the power consumption and has linear cost. The second technique aims to randomize the power consumption and has quadratic cost. These techniques are not mutual exclusive; their sy...

We introduce and analyze a side-channel attack on a straightforward implementation of the RSA key generation step. The attack exploits power information that allows to determine the number of the trial divisions for each prime candidate. Practical experiments are conducted, and countermeasures are proposed. For realistic parameters the success probability of our attack is in the order of 10–15 %.

GLV curves (Gallant et al.) have performance advantages over standard elliptic curves, using half the number of point doublings for scalar multiplication. Despite their introduction in 2001, implementations of the GLV method have yet to permeate widespread software libraries. Furthermore, side-channel vulnerabilities, specifically cachetiming attacks, remain unpatched in the OpenSSL code base s...

The process of performing a Side Channel Attack is generally a computationally intensive task. By employing a number of simple optimisations the data analysis phase of the attack can be greatly improved. In this paper we will describe some of these improvements and show in the context of DES when attacked using Kocher’s classic DPA [1], that a 97% reduction in data processing can be achieved.

Timing and cache side channels provide powerful attacks against many sensitive operations including cryptographic implementations. Existing defenses cannot protect against all classes of such attacks without incurring prohibitive performance overhead. A popular strategy for defending against all classes of these attacks is to modify the implementation so that the timing and cache access pattern...

The silicon industry has lately been focusing on side channel attacks, that is attacks that exploit information that leaks from the physical devices. Although different countermeasures to thwart these attacks have been proposed and implemented in general, such protections do not make attacks infeasible, but increase the attacker’s experimental (data acquisition) and computational (data processi...

In this paper, we report a subtle yet serious side channel vulnerability (CVE-2016-5696) introduced in a recent TCP specification. The specification is faithfully implemented in Linux kernel version 3.6 (from 2012) and beyond, and affects a wide range of devices and hosts. In a nutshell, the vulnerability allows a blind off-path attacker to infer if any two arbitrary hosts on the Internet are c...

Efficiency and security are the two main objectives of every elliptic curve scalar multiplication implementations. Many schemes have been proposed in order to speed up or secure its computation, usually thanks to efficient scalar representation [30,10,24], faster point operation formulae [8,25,13] or new curve shapes [2]. As an alternative to those general methods, authors have suggested to use...

2007 ii ≪Timmy & Finn – Sonnenkinder, die auch im Regen lachen≫ Acknowledgments I am deeply grateful to my supervisor, Prof. Dr. Johannes Blömer, for his great support and continuous encouragement in writing this thesis. Among other topics, he introduced me into the field of tamper resistance and side channel attacks and supplied me with new interesting and challenging problems and ideas. Johan...

The successful application to elliptic curve cryptography of side-channel attacks, in which information about the secret key can be recovered from the observation of side channels like power consumption, timing, or electromagnetic emissions, has motivated the recent development of unified formulæ for elliptic curve point operations. In this paper, we show how an attack introduced by Walter can ...