Andy Russon scite author profile

Andy Russon

2Publications

0Citation Statements Received

85Citation Statements Given

How they've been cited

How they cite others

Affiliations

Institut de recherche mathématique de Rennes, Institut Polytechnique de Paris, Orange (France)

Publications

Order By: Most citations

Threat for the Secure Remote Password Protocol and a Leak in Apple’s Cryptographic Library

Russon

2021

View full text Add to dashboard Cite

The Secure Remote Password protocol is a password-based authenticated key-exchange between two parties. One advantage is to prevent offline dictionary attacks from an adversary eavesdropping the communication. We present how such an attack is feasible if the modular exponentiation at the heart of the protocol is vulnerable and leaks some data related to the password. In the case of a fixed exponent, adding randomness during the execution is a classical protection mechanism, and such a mechanism is present in Apple's cryptographic library to randomize the exponent. Despite being intended to protect against complex side-channel attacks, we show that its usage makes the implementation vulnerable to simple side-channels such as power analysis. This leakage observed in the library is mild but is useful for the attack we propose on the Secure Remote Password protocol.

show abstract

Differential Fault Attack on Montgomery Ladder and in the Presence of Scalar Randomization

Russon

2021

View full text Add to dashboard Cite

Differential fault attacks are powerful techniques to break a cryptographic primitive, where the adversary disrupts the execution of a calculation to find a secret key. Those attacks have been applied in Elliptic Curve Cryptography under various types of faults, and there exists several protection mechanisms to prevent them.In this paper, we present a new differential fault attack on the Montgomery ladder algorithm for scalar multiplication. We further present that such attacks can be applied when specific point additions formulas are used and when different scalar blinding techniques to randomize the computation are present.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Andy Russon

Threat for the Secure Remote Password Protocol and a Leak in Apple’s Cryptographic Library

Differential Fault Attack on Montgomery Ladder and in the Presence of Scalar Randomization

Contact Info

Product

Resources

About