Sangyub Lee scite author profile

In this paper, we propose a novel key recovery attack against secure ECDSA signature generation employing regular table-based scalar multiplication. Our attack exploits novel leakage, denoted by collision information, which can be constructed by iteratively determining whether two entries loaded from the table are the same or not through side-channel collision analysis. Without knowing the actual value of the table entries, an adversary can recover the private key of ECDSA by finding the condition for which several nonces are linearly dependent by exploiting only the collision information. We show that this condition can be satisfied practically with a reasonable number of digital signatures and corresponding traces. Furthermore, we also show that all entries in the pre-computation table can be recovered using the recovered private key and a sufficient number of digital signatures based on the collision information. As case studies, we find that fixed-base comb and T_SM scalar multiplication are vulnerable to our attack. Finally, we verify that our attack is a real threat by conducting an experiment with power consumption traces acquired during T_SM scalar multiplication operations on an ARM Cortex-M based microcontroller. We also provide the details for validation process.

show abstract

Designing of reverse vending machine to improve its sorting efficiency for recyclable materials for its application in convenience stores

Kim

Lee²,

Park³

et al. 2021

Journal of the Air & Waste Management Association

View full text Add to dashboard Cite

A Combined Single Trace Attack on Global Shuffling Long Integer Multiplication and its Novel Countermeasure

Lee

Cho²,

Kim

et al. 2020

IEEE Access

View full text Add to dashboard Cite

Advanced collision-based single trace attacks which can be applied on simple power analysis resistant scalar multiplications become virtual threat on elliptic curve cryptosystems recently as their practical experimental results are increasingly reported in the literature. Since such attacks are based on detecting collisions of data dependent leakage caused by underlying long integer multiplications, so-called global shuffling countermeasure which breaks such collision correlation by independently randomizing the execution order of unit operations such as single precision multiplication and carry propagation, is considered as promising countermeasure if theoretical randomness of shuffling order is guaranteed. In this paper, we firstly analyze the practical security of the global shuffling long integer multiplications by exhibiting a combined single trace attack on software implementations on an ARM Cortex-M4 microcontroller. Our combined attack consists of a simple power analysis for revealing random permutation vectors which enables later collision-based single trace attack. First we demonstrate how to reveal random permutation vectors for carry propagation process of whole global shuffling long integer multiplications within a single power trace by simple power analysis accompanied with straightforward substitution of power consumption samples. Then we perform collision-based single trace attacks after rearranging the order of subtraces for unit carry propagations based on revealed permutation vectors. Since the vulnerability to simple power analysis is originated from the if-statement for selection of proper entries of the permutation vectors, we propose a novel countermeasure which eliminates such selection with simple addition and modulus operation and also demonstrate practical result achieving regularity in power trace patterns. INDEX TERMS Cryptography, digital signatures, elliptic curves, public key, side-channel attacks.

show abstract

Power Analysis Attacks on Blinding Countermeasure against Horizontal CPA

Lee

Kim²,

Kim

et al. 2015

Journal of the Korea Institute of Information Security and Cryp

View full text Add to dashboard Cite

Until recently, power analysis is one of the most popular research issues among various side channel analyses. Since Differential Power Analysis had been first proposed by Kocher et al., various practical power analyses correspond with software/hardware cryptographic devices have been proposed. In this paper, we analyze vulnerability of countermeasure against power analysis exploiting single power trace of public cryptographic algorithm. In ICICS 2010, Clavier et al. proposed Horizontal Correlation Analysis which can recover secret information from a single exponentiation trace and corresponding countermeasures. "Blind operands in LIM", one of their countermeasures, exploits additive blinding in order to prevent leakage of intermediate value related to secret information. However, this countermeasure has vulnerability of having power leakage that is dependant with the message known by an adversary. In this paper, we analyzed vulnerabilities by three attack scenarios and proved them by practical correlation power analysis experiments.

show abstract

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Sangyub Lee

Extending Data Quality Management for Smart Connected Product Operations

Novel Key Recovery Attack on Secure ECDSA Implementation by Exploiting Collisions between Unknown Entries

Designing of reverse vending machine to improve its sorting efficiency for recyclable materials for its application in convenience stores

A Combined Single Trace Attack on Global Shuffling Long Integer Multiplication and its Novel Countermeasure

Power Analysis Attacks on Blinding Countermeasure against Horizontal CPA

Contact Info

Product

Resources

About