Enhanced Doublng Attacks on Signed-All-Bits Set Recoding 1 Graduate School of Information Management and Security, Korea University, Korea

Enhanced Doublng Attacks on SignedEnhanced Doublng Attacks on Signed-All-Bits Set Recoding-All-Bits Set Recoding

1 Graduate School of Information Management and Security,

Korea University, Korea

http://cist.korea.ac.kr

Hee-seok KimHee-seok Kim11, Tae Hyun Kim, Tae Hyun Kim11, , Jeong Choon RyooJeong Choon Ryoo11, , Dong-Guk HanDong-Guk Han22, , Ho Won KimHo Won Kim22, , and Jongin Limand Jongin Lim11

2 Electronics and Telecommunications Research Institute(ETRI), Korea

http://www.etri.re.kr/

WISTP 2007WISTP 2007


Side Channel attacks-Power analysisSide Channel attacks-Power analysis Scalar multiplication & Simple power analysis to ECCScalar multiplication & Simple power analysis to ECC Countermeasures & Original Doubling Attack ( DA )Countermeasures & Original Doubling Attack ( DA )

Countermeasure1 - Coron’s dummy method Countermeasure2 - sABS recoding method DA & Weakness of Coron’s dummy method Security of sABS recoding against DA

Proposed AttacksProposed Attacks Recursive attack Initializing attack

Experiments & Statistical approach of noise reductionExperiments & Statistical approach of noise reduction Countermeasures & ConclusionCountermeasures & Conclusion

ContentsContents


Which are Side Channel Attacks Which are Side Channel Attacks

1. Timing Attacks

- Kocher (1996)

2. Differential Fault Analysis (DFA)

- Biham-Shamir (1997)

3. Simple Power Analysis (SPA)

- Kocher, Jaffe, Jun (1998)

4. Differential Power Analysis (DPA)

- Kocher, Jaffe, Jun (1998)


Power attacksPower attacks

Kocher et al., June 1998: Measure instantaneous power Kocher et al., June 1998: Measure instantaneous power consumption of a device while it runs a cryptographic algorithmconsumption of a device while it runs a cryptographic algorithm

Different power consumption when operating on logical oDifferent power consumption when operating on logical onnes vs. es vs. logical zeroes.logical zeroes.


In general, Addition has different power consumption from Doubling. – C. Clavier et al. [3]

Simple Power analysis to ECCSimple Power analysis to ECC

Point Doubling ( D ) : Execution in all bit values of secret key

d : secret exponent

Point Addition ( A ) : Execution when bit value is only ‘1’

D D DAA AD

(2)11101d

General scalar multiplication algorithm


Countermeasure against SPA-Coron’s methodCountermeasure against SPA-Coron’s method

d 1 1 1 0 1

P 2P 6P 14P

28P

3P 7P 29P

Point Doubling ( D ) , Point Addition ( A ) : Execution in all bit values of secret key

Coron’s dummy method

d 1 1 1 0 1

P 2P 6P 14P

28P

3P 7P 29P

D A D A D D A15P

D A D A D D AA


Countermeasure against SPA-sABS recodingCountermeasure against SPA-sABS recoding

1 11 111 1111 ..... 1 1where

sABS recoding 1 1 0 0 1 0 1

1 1 1 1 1 1 1

d 1 1 1 -1 -1 1 -1

P 2PD

6PD

14PD

26PD

50PD

102PD

3PA

7PA

13PS

25PS

51PA

101PS

D : Doubling, A : Addition, S : Subtraction

The power consumption of

Addition is similar to that of

Subtraction !!

It’s secure against original

SPA .


Doubling Attack ( DA ) – Fouque et al.Doubling Attack ( DA ) – Fouque et al.

Characteristics

Assumption Attacker has an ability to decide whether A=B or not when a smartcard computes ECDBL(A) and ECDBL(B).

When input values are P and 2P, Coron’s dummy method carries out the same doubling in the vicinity of the bit value ‘0’.

Attack method d 1 0 1 0 0 1

PPP

2P3P

4P5P

10P11P

2OP21P

40P41P

2P2P2P

4P6P

8P10P

20P22P

40P42P

80P82P


Doubling Attack ( DA ) – Fouque et al.Doubling Attack ( DA ) – Fouque et al.

P

2P

D A D A D A D A

D A D A D A D A

Key : 1 Key : 1 00 11 00 . . . . . . ..

= =≠


Security of sABS recoding against DASecurity of sABS recoding against DA

Characteristics

Because sABS recoded value has not ‘0’ bit, it is secure against original DA

Example

d 1 1 -1 1 -1 -1

PPP

2P3P

6P5P

10P11P

22P21P

42P41P

2P2P2P

4P6P

12P10P

20P22P

44P42P

84P82P


Characteristics

Feasible attack – Supporting a concrete method for experiment

Object New power attacks on scalar multiplication using recoding countermeasures (sABS recoding)

Proposed ‘initializing attack’ - Combination of ‘doubling attack’ and ‘Goubin’s attack’

SPA-based attacks on one-bit of key

Proposed attacksProposed attacks


Proposed attack 1 - Recursive AttackProposed attack 1 - Recursive Attack

Object New power attack on scalar multiplication using recoding countermeasures (sABS recoding)

If an attacker knows upper n bits of secret key, he can find the upper (n+1)-th bit by this attack. By this method, attacker can find all bits of secret key in sequence.

Characteristic

An attacker that knows upper n bits of secret key ( = d’ ) selects two inputs A, B for originating same ECDBL in the vicinity of upper (n+1)-th bit ( = t ) .

A = d’P, B = (2d’+1) P if t = 1, (2d’+1)A = d’B if t = -1, (2d’+1)A ≠d’B


Proposed attack 1 - Recursive AttackProposed attack 1 - Recursive Attack

d 1 1 -1 1 1 1 -1

A = d’P, B = (2d’+1) P if t = 1, (2d’+1)A = d’B if t = -1, (2d’+1)A ≠d’B

d’=11

11P 11P 22P33P

66P55P

110P121P

242P253P

506P517P

1034P1023P

23P 23P 46P69P

138P115P

230P253P

506P529P

1058P1081P

2162P2139P

1


Proposed attack 2 - Initializing AttackProposed attack 2 - Initializing Attack

An attacker that knows upper n bits of secret key ( = d’ ), he selects one input A for originating ECDBL(P) in the upper (n+1)-th bit ( = t ) .

A = (2d’+1)-1P if t = 1, (2d’+1)A = P if t = -1, (2d’+1)A ≠P An attacker acquires the first doubling signal-

ECDBL(P) in the signal according to input point ‘P’. the first doubling signal-ECDBL(P) in the signal according to input point ‘P’ compares with the (n+1)-th doubling signal-ECDBL(P) in the power signal according to input point ‘(2d’+1)-1P’


Proposed attack 2 - Initializing AttackProposed attack 2 - Initializing Attack

d 1 1 -1 1 1 1 -1

d’=11

54P 54P 35P16P

32P51P

29P10P

20PP

2P56P

39P20P

1

A = (2d’+1)-1P if t = 1, (2d’+1)A = P if t = -1, (2d’+1)A ≠PThe order

of curve : 73 (2*11+1)-1 mod 73

= 54


Experiments & Statistical approach of noise Experiments & Statistical approach of noise reductionreduction

SettingSetting

PIC Microcontroller Power supply – 5VFunction generator – 1MHz

Oscilloscope

…………

Splitting 1 trace into n- 1 pieces

1 ECDBL+1 ECADD

…………

INPUT : P

INPUT : P

…………

INPUT : Q

Disc. Disc. Disc. Disc.Disc. Disc. Disc. Disc.

Disc. Disc. Disc. Disc.Disc. Disc. Disc. Disc.

X1

X2

Ambiguous area

k

1m 2m1a1b

=m

X1 X2

k points


21 2 1 2

1

1.( , , ) ( ( ) ( ))

k

j

Disc S S t S t j S t jk

21 1

2 1

( 1)a b

m km m

Ambiguous area

k

1m 2m1a1b 2a 2b

Eliminateambiguous area

1m 2m

=m

X1 X2 X1 X2



………………

………………

………………

INPUT : 3P

Key : 1 1 -Key : 1 1 -1 . . . .1 . . . .

1 2 1 1

1 1 2 1

a m bmD

a b m m

KeKeyy

1 ??

Disc < D

1

INPUT : P

1 ??

INPUT : 7P

Disc > D

-1 k pointsuk points



Countermeasures & ConclusionCountermeasures & Conclusion

Characteristics of proposed attacksCharacteristics of proposed attacks These new attacks is applicable to sABS recoding countermeasure. These new attacks is applicable to sABS recoding countermeasure. SPA-based attacks on one-bit of key.SPA-based attacks on one-bit of key. Initializing attack is more powerful than Goubin’s attack.Initializing attack is more powerful than Goubin’s attack.

CountermeasuresCountermeasures Using a Projective coordinates – affine coordinates is not secure.Using a Projective coordinates – affine coordinates is not secure. BRIP can be applied to our attacks [BRIP can be applied to our attacks [13]13] .


Questions and CommentsQuestions and Comments

Hee Seok Kim : [email protected]

Documents

Enhanced Doublng Attacks on Signed-All-Bits Set Recoding 1 Graduate School of Information Management and Security, Korea University, Korea