Practical Analysis of RSA Countermeasures Against Side-Channel Electromagnetic Attacks
نویسندگان
چکیده
This paper analyzes the robustness of RSA countermeasures against electromagnetic analysis and collision attacks. The proposed RSA cryptosystem uses residue number systems (RNS) for fast executions of the modular calculi with large numbers. The parallel architecture is protected at arithmetic and algorithmic levels by using the Montgomery Ladder and the Leak Resistant Arithmetic countermeasures. Because the architecture can leak information through control and memory executions, the hardware RNS-RSA also relies on the randomization of RAM accesses. Experimental results, obtained with and without randomization of the RNS moduli sets, suggest that the RNS-based RSA with bases randomization and secured RAM accesses is protected.
منابع مشابه
RSA-4096 with a Comparison of Real and Simulated Side-Channel Attacks
Today, designing cryptographic hardware and embedded systems requires much more attention due to the wide range of practical side-channel attacksa. The processors that are responsible to perform the operations defined in cryptographic algorithms should also be resistant to these kinds of side-channel-attacks as well as being efficient in terms of area, performance and latency. To improve the ha...
متن کاملHorizontal and Vertical Side-Channel Attacks against Secure RSA Implementations
Since the introduction of side-channel attacks in the nineties, RSA implementations have been a privileged target. A wide variety of countermeasures have been proposed and most of practical attacks are nowadays efficiently defeated by them. However, in a recent work published at ICICS 2010, Clavier et al. have pointed out that almost all the existing countermeasures were ineffective if the atta...
متن کاملPublic Key Perturbation of Randomized RSA Implementations
Among all countermeasures that have been proposed to thwart side-channel attacks against RSA implementations, the exponent randomization method – also known as exponent blinding – has been very early suggested by P. Kocher in 1996, and formalized by J.-S. Coron at CHES 1999. Although it has been used for a long time, some authors pointed out the fact that it does not intrinsically remove all so...
متن کاملROSETTA for Single Trace Analysis Recovery Of Secret Exponent by Triangular Trace Analysis
In most efficient exponentiation implementations, recovering the secret exponent is equivalent to disclosing the sequence of squaring and multiplication operations. Some known attacks on the RSA exponentiation apply this strategy, but cannot be used against classical blinding countermeasures. In this paper, we propose new attacks distinguishing squaring from multiplications using a single side-...
متن کاملPhysical Security of Cryptographic Algorithm Implementations
This thesis deals with physical attacks on implementations of cryptographic algorithms and countermeasures against these attacks. Physical attacks exploit properties of an implementation such as leakage through physically observable parameters (side-channel analysis) or susceptibility to errors (fault analysis) to recover secret cryptographic keys. In the absence of adequate countermeasures suc...
متن کامل