Algorithmic Countermeasures Against Fault Attacks and Power Analysis for RSA-CRT

Kiss, Ágnes; Krämer, Juliane; Rauzy, Pablo; Seifert, Jean-Pierre

doi:10.1007/978-3-319-43283-0_7

Cited by 12 publications

(5 citation statements)

References 26 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Side Channel Software based Hardware based invasive non-invasive [3], [4] power dummy loops [8] power shuffling, noise instr. [9], [10] power enhancing algorithms [11] time [12], [13] power This work power countermeasure is dependent on the implementation of the algorithm software. In addition, a secure processor which can protect against side-channel attacks using masking and hiding techniques was proposed in [13].…”

Section: Methodsmentioning

confidence: 99%

XDIVINSA: eXtended DIVersifying INStruction Agent to Mitigate Power Side-Channel Leakage

Pham

Marshall

Fell

et al. 2021

2021 IEEE 32nd International Conference on Application-Specific Systems, Architectures and Processors (ASAP)

View full text Add to dashboard Cite

Side-channel analysis (SCA) attacks pose a major threat to embedded systems due to their ease of accessibility.Realising SCA resilient cryptographic algorithms on embedded systems under tight intrinsic constraints, such as low area cost, limited computational ability, etc., is extremely challenging and often not possible. We propose a seamless and effective approach to realise a generic countermeasure against SCA attacks. XDI-VINSA, an extended diversifying instruction agent, is introduced to realise the countermeasure at the microarchitecture level based on the combining concept of diversified instruction set extension (ISE) and hardware diversification. XDIVINSA is developed as a lightweight co-processor that is tightly coupled with a RISC-V processor. The proposed method can be applied to various algorithms without the need for software developers to undertake substantial design efforts hardening their implementations against SCA. XDIVINSA has been implemented on the SASEBO G-III board which hosts a Kintex-7 XC7K160T FPGA device for SCA mitigation evaluation. Experimental results based on nonspecific t-statistic tests show that our solution can achieve leakage mitigation on the power side channel of different cryptographic kernels, i.e., Speck, ChaCha20, AES, and RSA with an acceptable performance overhead compared to existing countermeasures.

show abstract

Section: Methodsmentioning

confidence: 99%

XDIVINSA: eXtended DIVersifying INStruction Agent to Mitigate Power Side-Channel Leakage

Pham

Marshall

Fell

et al. 2021

2021 IEEE 32nd International Conference on Application-Specific Systems, Architectures and Processors (ASAP)

View full text Add to dashboard Cite

show abstract

“…To defend against Figure 6. Modular Multiplication SCAs, algorithms based on the square-and-multiply-always have been proposed [6] by checking invariants [21] violated if a fault is injected. Joye [18,19] introduces highly regular right-to-left variants and left-to-right/right-to-left variants respectively, and Walter [39] demonstrates their duality.…”

Section: Related Workmentioning

confidence: 99%

Semi-automatic ladderisation: improving code security through rewriting and dependent types

Brown

Barwell

Marquer

et al. 2022

Proceedings of the 2022 ACM SIGPLAN International Workshop on Partial Evaluation and Program Manipulation

View full text Add to dashboard Cite

Cyber attacks become more and more prevalent every day. One type of cyber attack is known as a side channel attack, where attackers exploit information leakage from the physical execution of a program, e.g. timing or power leakage, to uncover secret information, such as encryption keys or other sensitive data. There have been various attempts at addressing the problem of preventing side-channel attacks, often relying on various measures to decrease the discernibility of several code variants or code paths. Most techniques require a high-degree of expertise by the developer, who often employs ad hoc, hand-crafted code-patching in an attempt to make it more secure. In this paper, we take a different approach: building on the idea of ladderisation, inspired by Montgomery Ladders. We present a semi-automatic toolsupported technique, aimed at the non-specialised developer, which refactors (a class of) C programs into functionally (and even algorithmically) equivalent counterparts with improved security properties. Our approach provides refactorings that transform the source code into its ladderised equivalent, driven by an underlying verified rewrite system, based on dependent types. Our rewrite system automatically finds rewritings of selected C expressions, facilitating the production of their equivalent ladderised counterparts for a subset of C. We demonstrate our approach on a number of representative examples from the cryptographic domain, showing increased security.

show abstract

“…The cryptosystem is still a widely used standard, even in financial sector products like smart cards [9]. Despite its age, there are works that recently addressed some security research on RSA implementations [10][11][12]. RSA signature of message m, by using the private key d can be written as…”

Section: Rsa-crt With Montgomery Multiplicationsmentioning

confidence: 99%

A Secure Algorithm for Inversion Modulo 2k

Ferrer

2018

Cryptography

View full text Add to dashboard Cite

Modular inversions are widely employed in public key crypto-systems, and it is known that they imply a bottleneck due to the expensive computation. Recently, a new algorithm for inversions modulo p k was proposed, which may speed up the calculation of a modulus dependent quantity used in the Montgomery multiplication. The original algorithm lacks security countermeasures; thus, a straightforward implementation may expose the input. This is an issue if that input is a secret. In the RSA-CRT signature using Montgomery multiplication, the moduli are secrets (primes p and q). Therefore, the moduli dependent quantities related to p and q must be securely computed. This paper presents a security analysis of the novel method considering that it might be used to compute secrets. We demonstrate that a Side Channel Analysis leads to disclose the data being manipulated. In consequence, a secure variant for inversions modulo 2 k is proposed, through the application of two known countermeasures. In terms of performance, the secure variant is still comparable with the original one.

show abstract

Algorithmic Countermeasures Against Fault Attacks and Power Analysis for RSA-CRT

Cited by 12 publications

References 26 publications

XDIVINSA: eXtended DIVersifying INStruction Agent to Mitigate Power Side-Channel Leakage

XDIVINSA: eXtended DIVersifying INStruction Agent to Mitigate Power Side-Channel Leakage

Semi-automatic ladderisation: improving code security through rewriting and dependent types

A Secure Algorithm for Inversion Modulo 2k

Contact Info

Product

Resources

About