Signature Generation and Power Cryptanalysis in Elliptic Curve Cryptosystems, Study notes of Electrical and Electronics Engineering

Signature generation methods in elliptic curve cryptosystems, specifically focusing on rsa signature generation using chinese remainder theorem and method ii. It also covers timing and power cryptanalysis, including simple power analysis (spa) and differential power analysis (dpa), and countermeasures to these attacks. Historical context, requirements for mounting the attacks, and examples of attacks and countermeasures.

Typology: Study notes

Pre 2010

Uploaded on 02/12/2009

koofers-user-bo9
koofers-user-bo9 🇺🇸

10 documents

1 / 34

Toggle sidebar

This page cannot be seen from the preview

Don't miss anything!

bg1
1
Side-Channel Attacks
Timing Cryptanalysis
Power Analysis
Fault Analysis
Cache Attacks
Lecture 9
Traditional Cryptographic Assumptions
Cryptographic
transformation
(Encryption, Decryption,
Signing, etc.)
Secret key, K
input output
Actual Information Available
Cryptographic
transformation
(Encryption, Decryption,
Signing, etc.)
Secret key, K
input output
Leaked information:
Timing
Power consumption
Electromagnetic radiation
pf3
pf4
pf5
pf8
pf9
pfa
pfd
pfe
pff
pf12
pf13
pf14
pf15
pf16
pf17
pf18
pf19
pf1a
pf1b
pf1c
pf1d
pf1e
pf1f
pf20
pf21
pf22

Partial preview of the text

Download Signature Generation and Power Cryptanalysis in Elliptic Curve Cryptosystems and more Study notes Electrical and Electronics Engineering in PDF only on Docsity!

Side-Channel Attacks

Timing Cryptanalysis

Power Analysis

Fault Analysis

Cache Attacks

Lecture 9

Traditional Cryptographic Assumptions

Cryptographic transformation (Encryption, Decryption, Signing, etc.) Secret key, K input output

Actual Information Available

Cryptographic transformation (Encryption, Decryption, Signing, etc.) Secret key, K input output Leaked information: Timing Power consumption Electromagnetic radiation

Timing Cryptanalysis

Timing Cryptanalysis

Inventor: Paul Kocher Time: November 1995 November 29, 1995: presentation of the basic concept at the university seminar December 11, 1995: article in New York Times January 1996: presentation at the RSA Data Security Conference ;

  • RSA announces introducing countermeasures against this attack to their libraries
  • $1000 Netscape “bugs bounty” awarded to Kocher 22 years (at the time of the attack discovery) biology student at Stanford Paul Kocher

Times of signing messages M 1 .. MP time TSGN(M 1 ) TSGN(M 2 ) TSGN(M 3 )

TSGN(MP)

RSA Signature Generation

d dL- 1 dL- 2 dL- 3.... d 2 d 1 d 0 Operation: SGN(M) = S = Md^ mod N S= P=M for i = 0 to L- 1 { if (di==1) S = S·P mod N P = P·P mod N } Computations performed in the first iteration (for i=0): For di= P = P ·P mod N For di= P = P·P mod N S = S·P mod N Analysis of correlations between the time of the first iteration, T 1 and the time of the entire transformation, TSGN time TSGN(M 1 ) TSGN(M 2 )

TSGN(M 3 )

T 1 (M 1 |d 0 =0) T 1 (M 1 |d 0 =1) T 1 (M 2 |d 0 =0) T 1 (M 2 |d 0 =1) Average times T 1 (M 3 |d 0 =0) T 1 (M 3 |d 0 =1)

Analysis of the execution times of all iterations

except the first one

time

.... TSGN(M 1 ) - T 1 (M 1 |d 0 =0) TSGN(M 1 ) - T 1 (M 1 |d 0 =1) TSGN(M 2 ) - T 1 (M 2 |d 0 =0) TSGN(M 2 ) - T 1 (M 2 |d 0 =1) TSGN(M 3 ) - T 1 (M 3 |d 0 =0) TSGN(M 3 ) - T 1 (M 3 |d 0 =1) TSGN(M 1 ) TSGN(M 2 ) TSGN(M 3 ) Distribution of the execution times of the entire transformation Distribution of the execution times of all iterations except the first one For d 0 = For d 0 = Standard deviation Standard deviation Standard deviation Assuming correct guessing of d 0 (and thus the time of the first iteration) Standard deviation of the execution times of remaining iterations decreases Assuming incorrect guessing of d 0 (and thus the time of the first instruction) Standard deviation of the presumed execution time of the remaining iterations increases

Test for bit d 0

Method II Choose random Y SGN(M) = ([M·( Y-^1 )e]d^ mod N) · Y mod N = = [Md^ mod N] ·[ ( Y-^1 )ed^ mod N] · Y mod N = = Md^ mod N R. Rivest ( Y-^1 )e^ mod N maybe computed in advance Only two additional multiplications

Timing Cryptanalysis

Countermeasures

Timing Cryptanalysis

Summary

Requirements regarding the capabilities necessary to mount the attack not met for many applications (e.g., e-mail) Simple countermeasure that increases the time of transformations to a very small extant (<1%) Problems with modification of applications already deployed, in particular hardware implementations

Power Analysis

Power Cryptanalysis

Inventors: Paul Kocher, Joshua Jaffe i Benjamin Jun Cryptography Research Time: first developments - beginning of 1997 first publication - June 1998 Attack that enables to recover a key stored in a cryptographic device based on the measurement of power consumption during cryptographic operations The most vulnerable devices: smart cards , cryptographic tokens Time necessary to recover the key: Equipment: basic measurement equipment (ammeter, oscilloscope) seconds for simple power analysis several hours for differential power analysis Requirements: access to the device (e.g., a smart card)

Power Cryptanalysis

Power cryptanalysis

  • can be performed during the regular operation of a smart card (!), assuming that the opponent modified a reader
  • does not require an unauthorized access to the card
  • does not require the knowledge of the plaintext

Simple Power Analysis

Measurements by Paul Kocher 16 rounds of DES magnified view of the second and third round Permutation IP Permutation IP-^1 If a sequence of instructions depends on the key bits, it is straightforward to recover the key Example: Generation of the RSA signature S= for i =L-1 downto 0 { S = S^2 mod N if ( di == 1 ) S = S · M mod N } private key bit

Simple Power Analysis

Simple Power Analysis

Example: Generation of the RSA signature multiplication squaring time Power consumption during the signature generation dL- 1 =1 dL- 2 =

From the presentation by Marc Joye, Thomson Security Labs, Quo vadis cryptology? workshop, Warsaw, May 2007

Simple Power Analysis

Countermeasures Sequence of instructions independent of the key bits (with the exception of instructions having the same power pattern)

  • Avoid conditional branches (if, switch, etc .)
  • Ability to prevent analysis depends strongly on the operations used by the cipher, and on the processor instruction set

Differential Power Analysis (DPA)

Power consumption depends not only on the type of the executed instructions but also on values of operands Examples :

  • storing data to the register or memory Storing 1 has a larger power consumption than storing 0
  • variable shifts and rotations Power consumption depends on the number of positions by which we shift or rotate
  • logical and arithmetic operations Strong dependence of the power consumption on values of operands

R 16 L 16 F IP-^1 Ciphertext, D R 15 L 15 K 16

Example: Last round of DES

known to the opponent Instruction I a - bit no 1 of the result of F 32 32 32 a = f ( K , D ) K - fragment of the K 16

unknown to the opponent L 16 = g ( D ) E K K 16 known to the opponent E(L 16 ) (^48 ) 6 unknown to the opponent P F(L 16 , K 16 ) a = f ( K , D ) a S1 S2 S3 S4 S5 S6 S7 S Bit a appears as an input to the instruction I , for which an average power consumption P I ( a ) depends strongly on the value of a P I ( a =0) P I ( a =1) Average power consumption by the instruction I for different values of the input bit a

Differential Power Analysis

Phase I: Target Specification Phase D I

Phase II: Data collection phase Measuring power consumption for N different data blocks Di ( i.e ., N different plaintexts and the corresponding ciphertexts) P I ( f ( K , D 1 )) P I ( f ( K , D 2 )) P I ( f ( K , D 3 ))

P I ( f ( K , DN - 1 )) P I ( f ( K , DN )) Phase III: Data analysis phase Assume a certain value of the key fragment K and add MN/2 power consumptions corresponding to the same value of a K= Kz a=^... P I ( f ( Ki , Di 2 )=0) a=... P I ( f ( Kz , Dj 1 )=1) P I ( f ( Kz , Dj 2 )=1) P I ( f ( Kz , Dj 3 )=1) P I ( f ( Kz ,^ Dj M )=1) P I ( f ( Kz , Di 1 )=0) P I ( f ( Kz , Di 3 )=0) P I ( f ( Kz , Di M )=0) Correct value of the key fragment K: a=^... a=...

^ P I ( f ( K* ,^ Di ))

f ( K* , Di )= K = K*

^ P I ( f ( K* ,^ Di ))

f ( K* , Di )= T I (K=K) T I (K=K)  D I · N /

Attack does not require the knowledge of the position of the instruction I in time Instructions affected by bit a will show up automatically on an averaged diagram, corresponding to the correct value of the key fragment K

Differential Power Analysis

Example of the attack Pankaj Rohatgi, IBM, 1999 Implementation of the AES candidate Twofish on a smart card 128 - bit key recovered based on about 50 encryptions of independent data blocks

Differential Power Analysis

for Key Scheduling

By observing power consumption during encryptions of multiple blocks of plaintext, it is possible to determine the exact location of instructions belonging to key scheduling Biham, Shamir 1999

All encryptions performed using the same key : Data 1 Data 2 Data 3 key scheduling The last phase of each period of computing an internal key, corresponds to storing the key in memory Storing 6 bytes of an internal key to memory

Differential Power Analysis

for Key Scheduling

Analysis of power consumption during storing the internal keys to memory enables to determine the Hamming weight (the number of ones ) for all bytes of the internal keys Hamming weight (number of ones in a byte)

Differential Power Analysis

for Key Scheduling

5 4 3 4 3 3

III. Filter at the power input + physical shielding Problem: Limited accuracy of the filter Possibility of deactivation in case of the access to the card

Differential Power Analysis

Proposed countermeasures IV. Software balancing of the operand^ complement^ operand Problem: Significant reduction of speed Correlations still present for more complex arithmetic operations

Differential Power Analysis

Proposed countermeasures V. Hardware balancing All instructions executed by the processor has the same power consumption for all operand values Problem: Very costly and hard to design

Differential Power Analysis

Proposed countermeasures

Differential Power Cryptanalysis

Countermeasures Lack of effective countermeasures in existing cards We have not yet encountered a card that couldn’t be broken Paul Kocher, 1998 Protection methods developed and licensed by Cryptography Research currently introduced to several types of cards Microcontroller Switch control GND VCC C2 C

Shamir’s countermeasure

S S S S C C C C VDD VDD MC MC S S S S supply from C recharging C C C C C VDD VDD MC MC S S S S C C C C VDD VDD MC MC S S S S C C C C VDD VDD MC MC S S S S C C C C VDD VDD MC MC S S S S supply from C1 supply from C1 & C2 supply from C recharging C supply from C

Shamir’s countermeasure