Title :
New cross correlation attack methods on the Montgomery Ladder implementation of RSA
Author :
Akalp Kuzu, Ebru ; Soysal, B. ; Sahinoglu, M. ; Guvenc, U. ; Tangel, Ali
Author_Institution :
TUBITAK/BILGEM, Kocaeli, Turkey
Abstract :
In this study, two novel time sample cross correlation based power attacks using novel voting mechanism and novel multi reference bit mechanism are introduced. These two attack methods are applied on a Montgomery Ladder (ML) implementation of RSA algorithm. In the target ML implementation, use of operands from different locations according to the existence of toggling on the exponent bits is the source of vulnerability. To retrieve the bit type (toggling or not toggling of consecutive bit values) of the secret key, cross correlation values between power traces of a fixed reference bit and power trace of remaining bits of the secret key are calculated. For proposed first method, for each key bit, if this cross correlation value is greater than a threshold, this bit is labeled as the same type, otherwise labeled as the opposite type with respect to the reference bit and corresponding scores are increased. This procedure is repeated for each RSA run. As the number of used power traces are increased, to decide to the final type of each key bit, a voting mechanism is applied on the scores gathered from each RSA run. By application of this method, type of 970 bits of the 1024 bit RSA key could be retrieved correctly. However locations of wrongly estimated 54 bit positions can be found by examining the corresponding scores of those bits. For the second method, instead of scores, sum of correlation values are used to decide to the type of each bit. By this method type of all the 1024 key bits could be estimated correctly. It is also shown that this second attack method can be improved by using multi reference bits together. This property makes the method more flexible. Both of the attack methods are not affected by message blinding or modulus blinding type countermeasures. For a successful attack of these types, positions of square and multiply operations related with each key bit must be known. However, exponent blinding can be used as a countermeasure.
Keywords :
public key cryptography; ML implementation; RSA; bit-type retrieval; cross-correlation attack methods; cross-correlation values; exponent bit toggling; exponent blinding; montgomery ladder implementation; multiply operations; multireference bit mechanism; opposite-type bit label; power traces; same-type bit label; secret key; square operations; voting mechanism; Algorithm design and analysis; Correlation; Correlation coefficient; Elliptic curve cryptography; Registers; Resistance; Cross Correlation Analysis; DPA; Montgomery Ladder Exponentiation; RSA; Side Channel Attack;
Conference_Titel :
Advance Computing Conference (IACC), 2013 IEEE 3rd International
Conference_Location :
Ghaziabad
Print_ISBN :
978-1-4673-4527-9
DOI :
10.1109/IAdCC.2013.6514209
