This paper presents a version of the 2k-ary modular exponentiation algorithm that is secure against current methods of side-channel analysis that can be applied to PCs (the so-called micro-architectural attacks). Some optimisations to the basic algorithm are also proposed to improve the efficiency of an implementation. The proposed algorithm is compared to the current implementation of OpenSSL,...

3,700,820 A 10/1972 Blasbalg et a1. 6,385,329 B1 5/2002 Sharma et a1. 6,580,694 B1 6/2003 Baker 6,584,125 B1 6/2003 Katto 6,728,678 B2 4/2004 Bhadkamkar et 211. 6,754,203 B2 6/2004 Wah et a1. 6,868,094 B1 3/2005 Bordonaro et a1. 6,956,871 B2 * 10/2005 Wang et a1. ................. .. 370/503 7,061,938 B2 6/2006 Hogeboom 7,260,220 B2 8/2007 Steenhof et a1. 7,295,578 B1 11/2007 Lyle et a1. 7,333,...

Side-channel cryptanalysis is a new research area in applied cryptography that has gained more and more interest since the midnineties. It considers adversaries trying to take advantage of the physical specificities of actual cryptographic devices. These implementationspecific attacks frequently turn out to be much more efficient than the best known cryptanalytic attacks against the underlying ...

The most efficient technique for protecting the using Frobenius algorithms for scalar multiplication on Koblitz curves against the Side Channel Attacks seems to be the multiplier randomization technique proposed by Joye and Tymen. In this paper, an heuristic analysis on the security of the Joye and Tymen’s technique is given. A new method improving this technique is proposed. Analysis shows tha...

In the recent years, Higher-order Side Channel attacks have been widely investigated. In particular, 2nd-order DPA have been improved and successfully applied to break several masked implementations. In this context, the development of sound and practical countermeasures against attacks of arbitrary xed order d is of crucial interest. Surprisingly, while many studies have been dedicated to the ...

Masking with random values is an effective countermeasure against side-channel attacks. For cryptographic algorithms combining arithmetic and Boolean masking, it is necessary to switch from arithmetic to Boolean masking and vice versa. Following a recent approach by Hutter and Tunstall, we describe a high-order Boolean to arithmetic conversion algorithm whose complexity is independent of the re...

In this paper we show that, paradoxically, what looks like a “universal improvement” or a “straight-forward improvement” which enables better security and better reliability on a theoretical level, may in fact, within certain operational contexts, introduce new exposures and attacks, resulting in a weaker operational cryptosystem. We demonstrate a number of such dangerous “improvements”. This i...

In 1964, Massey introduced a class of codes with complementary duals which are called Linear Complimentary Dual (LCD for short) codes. He showed that LCD codes have applications in communication system, side-channel attack (SCA) and so on. LCD codes have been extensively studied in literature. On the other hand, MDS codes form an optimal family of classical codes which have wide applications in...

Public key cryptographic algorithms are typically based on group exponentiation algorithms, and many algorithms have been proposed in the literature based on addition chains. We describe attacks based on collisions of variables manipulated in group operations extending attacks described in the literature. These collisions are visible where one is able to acquire information through some suitabl...

We present an investigation into the security of three practical pairing algorithms; the Tate, Eta and Ate pairing, in terms of side channel vulnerability. These three algorithms have recently shown to be efficiently computable on the resource constrained smart card, yet no in depth side channel analysis has yet appeared in the literature. Since the secret parameter input to the pairing can pot...