كليدواژه :
الگوريتم BLAKLEY , همبستگي , حمله زماني , ضرب پيمانه اي
چكيده لاتين :
The published timing attack schemes against modular exponentiation implementations are based on tin large variations in their time measurements, while it is assumed that the running time of each step of the algorithm is independent of the running time of other steps. In this paper, we propose a new timing attack scheme against Blakleyʹs modular multiplication, which has rather small timing variations with respect tc modular exponentiation. We show that the assumption of independency of the running time of different steps is not valid for Blakleyʹs algorithm. We mathematically model the correlations between the running times of different steps. It is assumed that a set of known inputs multiplied by the same constant and the running time of each multiplication are given, but the multiplication result is not known. In addition, a machine similar to victim machine is not available. In some applications, such as Digital Signature Standard, the constant is the secret key. We take advantage of the obtained correlation to present our timing attack scheme for obtaining the constant parameter, which is the secret key. In addition to the attack scheme, an error detection scheme is presented. We also propose an error correction method in order to improve our attack efficiency. Practical implementation of our attack against DSS shows that error probability is less than 0.15, and the 160-bit secret key is found using 1,500.000 timing
measurements.
