DPA Countermeasures by Improving the Window Method

Itoh, Kazuya; Yajima, Jun; Takenaka, Masahiko; Torii, Naoya

doi:10.1007/3-540-36400-5_23

Cited by 37 publications

(28 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, Okeya-Sakurai showed the insecureness against the secondorder data-bit DPA [34]. Other approach to resist both DDPA and ADPA is proposed by Itoh et al [15], which randomize the window to be added in step 10 in Alg. 6.…”

Section: Window-based Methodsmentioning

confidence: 99%

“…They concluded that only the exponent splitting countermeasure [6], in which the scalar is divided into d = (d − r) + r for a random number r, and the randomized window method [15] are resistant against the attack [11]. But as a drawback, required computing time become at least twice than that of without countermeasures.…”

Section: Differential Power Analysismentioning

confidence: 99%

“…The security of a countermeasure against each of SPA, DDPA, and ADPA is measured by the Attenuation Ratio (AR) 1 proposed by Itoh et al [15]. AR is given by a ratio of heights of spikes with and without the countermeasure.…”

Section: Evaluation Techniquementioning

confidence: 99%

See 2 more Smart Citations

A Practical Countermeasure against Address-Bit Differential Power Analysis

Itoh

Izu

Takenaka

2003

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

Abstract. The differential power analysis (DPA) enables an adversary to reveal the secret key hidden in a smart card by observing power consumption. The address-bit DPA is a typical example of DPA which analyzes a correlation between addresses of registers and power consumption. In this paper, we propose a practical countermeasure, the randomized addressing countermeasure, against the address-bit DPA which can be applied to the exponentiation part in RSA or ECC with and without pre-computed table. Our countermeasure has almost no overhead for the protection, namely the processing speed is no slower than that without the countermeasure. We also report experimental results of the countermeasure in order to show its effect. Finally, a complete comparison of countermeasures from various view points including the processing speed and the security level is given.

show abstract

Section: Window-based Methodsmentioning

confidence: 99%

Section: Differential Power Analysismentioning

confidence: 99%

See 1 more Smart Citation

A Practical Countermeasure against Address-Bit Differential Power Analysis

Itoh

Izu

Takenaka

2003

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

show abstract

“…10 return R We note that Algorithm 10 works in a similar way to the Overlapping Windows method [29] for a fixed base m = 2 k−h OW M and m(h + 1) = 2 k3 . The main difference is that our algorithm generates on-the-fly a randomized recoding of the binary representation of the secret exponent κ.…”

Section: Left-to-right Algorithmsmentioning

confidence: 99%

Randomizing the Montgomery Powering Ladder

Tan

Tunstall

2015

Information Security Theory and Practice

View full text Add to dashboard Cite

Abstract. In this paper, we present novel randomized techniques to enhance Montgomery powering ladder. The proposed techniques increase the resistance against side-channel attacks and especially recently published correlation collision attacks in the horizontal setting. The first of these operates by randomly changing state such that the difference between registers varies, unpredictably, between two states. The second algorithm takes a random walk, albeit tightly bounded, along the possible addition chains required to compute an exponentiation. We also generalize the Montgomery powering ladder and present randomized (both left-to-right and right-to-left) m-ary exponentiation algorithms.

show abstract

“…There are other DPA countermeasures (e.g. randomized window methods [25,9], etc), but in this paper we aim at investigating the security of Coron's 3rd and JoyeTymen countermeasures.…”

Section: Dpa and Countermeasuresmentioning

confidence: 99%

Zero-Value Point Attacks on Elliptic Curve Cryptosystem

Akishita

Takagi

2003

Lecture Notes in Computer Science

View full text Add to dashboard Cite

Abstract. Several experimental results ensure that the differential power analysis (DPA) breaks the implementation of elliptic curve cryptosystem (ECC) on memory constraint devices. In order to resist the DPA, the parameters of the underlying curve must be randomized. We usually randomize the base point in the projective coordinate, or we transform all parameters to the random isomorphic curve. However, Goubin pointed out the point (0, y) can not be randomized by these countermeasures. This point is often contained in the standard curves, and we have to care this attack. In this paper, we propose a novel attack, called the zero-value point attack. On the contrary to Goubin's attack, we use the zero-value registers in the addition formulae. Even if a point has no zero-value coordinate, the auxiliary registers might take zero-value. We investigate these zerovalue registers that cannot be randomized by the above randomization. Indeed on elliptic curves over prime fields, we have found several points P = (x, y) which cause the zero-value registers, e.g., (1)3x 2 + a = 0, (2)5x 4 + 2ax 2 − 4bx + a 2 = 0, (3)P is y-coordinate self-collision point, etc. We demonstrate the standard curves that have these points. Interestingly, some conditions required for the zero-value attack depend on the explicit implementation of the addition formulae -in order to resist this type of attacks, we have to care how to assemble the multiplications and the additions in the addition formulae. Moreover, we show zero-value points for Montgomery-type method and elliptic curves over binary fields.

show abstract

DPA Countermeasures by Improving the Window Method

Cited by 37 publications

References 10 publications

A Practical Countermeasure against Address-Bit Differential Power Analysis

A Practical Countermeasure against Address-Bit Differential Power Analysis

Randomizing the Montgomery Powering Ladder

Zero-Value Point Attacks on Elliptic Curve Cryptosystem

Contact Info

Product

Resources

About