A new attack with side channel leakage during exponent recoding computations

Yasuyuki Sakai, Kouichi Sakurai

Research output: Contribution to journalArticle

3 Citations (Scopus)

Abstract

In this paper we propose a new side channel attack, where exponent recodings for public key cryptosystems such as RSA and ECDSA are considered. The known side channel attacks and countermeasures for public key cryptosystems were against the main stage (square and multiply stage) of the modular exponentiation (or the point multiplication on an elliptic curve). We have many algorithms which achieve fast computation of exponentiations. When we compute an exponentiation, the exponent recoding has to be carried out before the main stage. There are some exponent recoding algorithms including conditional branches, in which instructions depend on the given exponent value. Consequently exponent recoding can constitute an information channel, providing the attacker with valuable information on the secret exponent. In this paper we show new algorithms of attack on exponent recoding. The proposed algorithms can recover the secret exponent, when the width-ω NAF [9] and the unsigned/signed fractional window representation [5] are used. Keywords: Side channel attack, exponent recoding, RSA cryptosystems, elliptic curve cryptosystems.

Original languageEnglish
Pages (from-to)298-311
Number of pages14
JournalLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3156
Publication statusPublished - Dec 1 2004

Fingerprint

Leakage
Cryptography
Exponent
Attack
Side Channel Attacks
Public-key Cryptosystem
Exponentiation
Multiplication
RSA Cryptosystem
Elliptic Curve Cryptosystem
Modular Exponentiation
Countermeasures
Signed
Side channel attack
Elliptic Curves
Branch
Fractional

All Science Journal Classification (ASJC) codes

  • Theoretical Computer Science
  • Computer Science(all)

Cite this

@article{fd50e3d37fc448a2bca109d82d288fa7,
title = "A new attack with side channel leakage during exponent recoding computations",
abstract = "In this paper we propose a new side channel attack, where exponent recodings for public key cryptosystems such as RSA and ECDSA are considered. The known side channel attacks and countermeasures for public key cryptosystems were against the main stage (square and multiply stage) of the modular exponentiation (or the point multiplication on an elliptic curve). We have many algorithms which achieve fast computation of exponentiations. When we compute an exponentiation, the exponent recoding has to be carried out before the main stage. There are some exponent recoding algorithms including conditional branches, in which instructions depend on the given exponent value. Consequently exponent recoding can constitute an information channel, providing the attacker with valuable information on the secret exponent. In this paper we show new algorithms of attack on exponent recoding. The proposed algorithms can recover the secret exponent, when the width-ω NAF [9] and the unsigned/signed fractional window representation [5] are used. Keywords: Side channel attack, exponent recoding, RSA cryptosystems, elliptic curve cryptosystems.",
author = "Yasuyuki Sakai and Kouichi Sakurai",
year = "2004",
month = "12",
day = "1",
language = "English",
volume = "3156",
pages = "298--311",
journal = "Lecture Notes in Computer Science",
issn = "0302-9743",
publisher = "Springer Verlag",

}

TY - JOUR

T1 - A new attack with side channel leakage during exponent recoding computations

AU - Sakai, Yasuyuki

AU - Sakurai, Kouichi

PY - 2004/12/1

Y1 - 2004/12/1

N2 - In this paper we propose a new side channel attack, where exponent recodings for public key cryptosystems such as RSA and ECDSA are considered. The known side channel attacks and countermeasures for public key cryptosystems were against the main stage (square and multiply stage) of the modular exponentiation (or the point multiplication on an elliptic curve). We have many algorithms which achieve fast computation of exponentiations. When we compute an exponentiation, the exponent recoding has to be carried out before the main stage. There are some exponent recoding algorithms including conditional branches, in which instructions depend on the given exponent value. Consequently exponent recoding can constitute an information channel, providing the attacker with valuable information on the secret exponent. In this paper we show new algorithms of attack on exponent recoding. The proposed algorithms can recover the secret exponent, when the width-ω NAF [9] and the unsigned/signed fractional window representation [5] are used. Keywords: Side channel attack, exponent recoding, RSA cryptosystems, elliptic curve cryptosystems.

AB - In this paper we propose a new side channel attack, where exponent recodings for public key cryptosystems such as RSA and ECDSA are considered. The known side channel attacks and countermeasures for public key cryptosystems were against the main stage (square and multiply stage) of the modular exponentiation (or the point multiplication on an elliptic curve). We have many algorithms which achieve fast computation of exponentiations. When we compute an exponentiation, the exponent recoding has to be carried out before the main stage. There are some exponent recoding algorithms including conditional branches, in which instructions depend on the given exponent value. Consequently exponent recoding can constitute an information channel, providing the attacker with valuable information on the secret exponent. In this paper we show new algorithms of attack on exponent recoding. The proposed algorithms can recover the secret exponent, when the width-ω NAF [9] and the unsigned/signed fractional window representation [5] are used. Keywords: Side channel attack, exponent recoding, RSA cryptosystems, elliptic curve cryptosystems.

UR - http://www.scopus.com/inward/record.url?scp=35048877880&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=35048877880&partnerID=8YFLogxK

M3 - Article

AN - SCOPUS:35048877880

VL - 3156

SP - 298

EP - 311

JO - Lecture Notes in Computer Science

JF - Lecture Notes in Computer Science

SN - 0302-9743

ER -