Efficient Leak Resistant Modular Exponentiation in RNS

Lesavourey, Andrea; Nègre, Christophe; Plantard, Thomas

doi:10.1109/arith.2017.39

Cited by 4 publications

(3 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In a domain such as cryptography, arithmetic operations are performed modulo large numbers that are often prime, the use of RNS becomes more complicate as modular reduction requires a conversion of RNS bases [20], [21], [22], [23]. This last point has generated a rich literature, in particular around the choice of bases for efficient implementations [15], [24], [25], [26]. RNS are also particularly interesting for countering attacks by faults, as the addition of redundancy elements at the base level makes it possible to set up fault detection [27].…”

Section: Introductionmentioning

confidence: 99%

Generating Very Large RNS Bases

Bajard

Fukushima

Plantard³

et al. 2022

IEEE Trans. Emerg. Topics Comput.

Self Cite

View full text Add to dashboard Cite

HAL is a multi-disciplinary open access archive for the deposit and dissemination of scientific research documents, whether they are published or not. The documents may come from teaching and research institutions in France or abroad, or from public or private research centers. L'archive ouverte pluridisciplinaire HAL, est destinée au dépôt et à la diffusion de documents scientifiques de niveau recherche, publiés ou non, émanant des établissements d'enseignement et de recherche français ou étrangers, des laboratoires publics ou privés.

show abstract

Section: Introductionmentioning

confidence: 99%

Generating Very Large RNS Bases

Bajard

Fukushima

Plantard³

et al. 2022

IEEE Trans. Emerg. Topics Comput.

Self Cite

View full text Add to dashboard Cite

show abstract

“…There is a rich literature on RNS for cryptography focused on conversion algorithms and their integration into the cryptographic protocols (using different architectures such as field-programmable gate array (FPGA)) [15], [16], [17], [18] or fault detections [19], [20] where the choice of the RNS base is crucial. A frequent challenge is encountered with implementations on small operator devices, which restricts the size of the elements of the RNS bases and thus their numbers [21], [22].…”

Section: Introductionmentioning

confidence: 99%

Generating Residue Number System Bases

Bajard

Fukushima

Kiyomoto

et al. 2021

2021 IEEE 28th Symposium on Computer Arithmetic (ARITH)

Self Cite

View full text Add to dashboard Cite

“…In [15], the authors showed that we can draw randomly a RNS base from a set of moduli, to randomize an execution with a small cost. Since their publication, this work was used and cited in different papers [14], [16], [17], [18], [19]. To our knowledge, no one established a complete study of the randomness behavior of such approach, and what kind of protection it can get.…”

Section: Introductionmentioning

confidence: 99%

Resilience of Randomized RNS Arithmetic with Respect to Side-Channel Leaks of Cryptographic Computation

Courtois¹,

Abbas-Turki²,

Bajard³

2019

IEEE Trans. Comput.

View full text Add to dashboard Cite

In this paper, we want to promote the influence of randomized arithmetic on the leaks during a code execution. When somebody wants to extract some specific information from these leaks, one can observe different emanations of the device like power consumption. These leaks mostly come from the variations of the Hamming distances of the successive states of the system. This phenomenon is particularly critical for cryptographic devices. Our work evaluates the resilience of randomized moduli in Residue Number System (RNS) against Correlation Power Analysis (CPA), Differential Power Analysis (DPA). Our analysis is illustrated through the evaluation of scalar multiplication on an elliptic curve using the Montgomery Powering Ladder (MPL) algorithm which protects from Simple Power Analysis (SPA). We also propose an evaluation based on the Maximum Likelihood Estimator (MLE), which crosses the information of the whole state vector, instead of analysing only the current state like with CPA or DPA. Furthermore, MLE gives better performance and smooths the results allowing a better evaluation of the behaviour of the leakage. Our experimental evaluation suggests that the number of observations, needed to perform exploitable information leakage, is proportional to the number of possible RNS bases.

show abstract

Efficient Leak Resistant Modular Exponentiation in RNS

Cited by 4 publications

References 6 publications

Generating Very Large RNS Bases

Generating Very Large RNS Bases

Generating Residue Number System Bases

Resilience of Randomized RNS Arithmetic with Respect to Side-Channel Leaks of Cryptographic Computation

Contact Info

Product

Resources

About