Correlated Extra-Reductions Defeat Blinded Regular Exponentiation

Dugardin, Margaux; Guilley, Sylvain; Danger, Jean‐Luc; Najm, Zakaria; Rioul, Olivier

doi:10.1007/978-3-662-53140-2_1

Cited by 9 publications

(14 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This is the case when the cache size is limited, or when the machine is so loaded that it is shared with other threads. As a perspective, we intend to attribute each identified leakage to existing attacks, such as exploitation of "extra-reductions" in RSA/ECC Montgomery Modular Multiplication [10] or the exploitation of the correlation between the computation duration and the length of the nonce in ECDSA signature generation algorithm [8].…”

Section: Discussionmentioning

confidence: 99%

See 1 more Smart Citation

Cache-Timing Attacks Still Threaten IoT Devices

Takarabt

Schaub

Facon

et al. 2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Deployed widely and embedding sensitive data, IoT devices depend on the reliability of cryptographic libraries to protect user information. However when implemented on real systems, cryptographic algorithms are vulnerable to side channel attacks based on their execution behavior, which can be revealed by measurements of physical quantities such as timing or power consumption. Some countermeasures can be implemented in order to prevent those attacks. However those countermeasures are generally designed at high level description, and when implemented, some residual leakage may persist. In this article we propose a methodology to assess the robustness of the MbedTLS library against timing and cache-timing attacks. This comprehensive study of side-channel security allows us to identify the most frequent weaknesses in software cryptographic code and how those might be fixed. This methodology checks the whole source code, from the top level routines to low level primitives, that are used for the final application. We recover hundreds of lines of code that leak sensitive information.

show abstract

Section: Discussionmentioning

confidence: 99%

“…More perfected versions of timing attack are derived to break more secured implementations like Square-and-Multiply Always and Montgomery Ladder. Combined with power acquisition, a key can be extracted in less than one thousand traces [10].…”

Section: Introductionmentioning

confidence: 99%

Cache-Timing Attacks Still Threaten IoT Devices

Takarabt

Schaub

Facon

et al. 2019

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…The listings 1.2 and 1.3 in appendix A show some practical leakages found automatically. The extra-reduction leakage illustrated in listing 1.4 is that which is analyzed in [1], and which can be exploited by cache-timing attacks even in advanced scenarios (e.g., regular exponentiation algorithms [9]). As illustrated in Fig.…”

Section: Methodology Presentationmentioning

confidence: 99%

“…• Extra-reduction analysis [9] • BigMac Attack on windowed exponentiation [24] -On ECDSA (attacks other than that directly transposable from RSA):…”

Section: Cache-timing Issuesmentioning

confidence: 99%

Cache-Timing Attack Detection and Prevention

Carré¹,

Facon²,

Guilley³

et al. 2019

Constructive Side-Channel Analysis and Secure Design

Self Cite

View full text Add to dashboard Cite

With the publication of Spectre & Meltdown attacks, cachetiming exploitation techniques have received a wealth of attention recently. On the one hand, it is now well understood which some patterns in the C source code create observable unbalances in terms of timing. On the other hand, some practical cache-timing attacks (or Common Vulnerabilities and Exposures) have also been reported. However the exact relationship between vulnerabilities and exploitations is not enough studied as of today. In this article, we put forward a methodology to characterize the leakage induced by a "non-constant-time" construct in the source code. This methodology allows us to recover known attacks and to warn about possible new ones, possibly devastating.

show abstract

“…Recently in CHES 2016, Dugardin et al [12] pointed out binary exponentiation algorithms is vulnerable to side-channel attack even with message blinding and regular exponentiation. They presented a new dependency based on extra reductions in a sequence of multiplies and squares, which is a negative correlation between the extra reduction of two consecutive calculations.…”

Section: Introductionmentioning

confidence: 99%

Correlated Extra Reductions Defeat Fixed Window Exponentiation

Meng¹

2019

JCC

View full text Add to dashboard Cite

The security of modular power algorithm is a very important research topic, which is the core operation of public key cryptography algorithm. Since the first timing attack was public in 1996, the attacker can exploit time differences between specific events to recover a secret key. In 2016, Dugardin took advantage of extra reductions to attack a regular exponentiation algorithm, which did not entirely adapt the fixed window method with Montgomery's algorithm. The central thesis of this paper is that there exists a positive correlation between extra reductions of pre-computation and post-computation when the calculation has the same multiplier factor. In this article, basing on this dependency we present an attack method, and confirm the feasibility and effectiveness of it by conducting simulation experiments. Experimental results verify that the method can effectively attack modular power algorithm.

show abstract

Correlated Extra-Reductions Defeat Blinded Regular Exponentiation

Cited by 9 publications

References 20 publications

Cache-Timing Attacks Still Threaten IoT Devices

Cache-Timing Attacks Still Threaten IoT Devices

Cache-Timing Attack Detection and Prevention

Correlated Extra Reductions Defeat Fixed Window Exponentiation

Contact Info

Product

Resources

About