Square Always Exponentiation
نویسندگان
چکیده
Embedded exponentiation techniques have become a key concern for security and efficiency in hardware devices using public key cryptography. An exponentiation is basically a sequence of multiplications and squarings, but this sequence may reveal exponent bits to an attacker on an unprotected implementation. Although this subject has been covered for years, we present in this paper new exponentiation algorithms based on trading multiplications for squarings. Our method circumvents attacks aimed at distinguishing squarings from multiplications at a lower cost than previous techniques. Last but not least, we present new algorithms using two parallel squaring blocks which provide the fastest exponentiation to our knowledge.
منابع مشابه
Power Analysis Attacks on the Right-to-Left Square-Always Exponentiation Algorithm
The naive implementation of an exponentiation used in public key cryptography may reveal a secret key to the attacker by several side-channel attacks. Recently, a novel square-always exponentiation algorithm based on trading multiplications for squarings is proposed. This algorithm for RSA implementation is faster than existing regular countermeasures against side-channel attacks. This paper su...
متن کاملCorrelated Extra-Reductions Defeat Blinded Regular Exponentiation - Extended Version
Walter & Thomson (CT-RSA ’01) and Schindler (PKC ’02) have shown that extra-reductions allow to break RSA-CRT even with message blinding. Indeed, the extra-reduction probability depends on the type of operation (square, multiply, or multiply with a constant). Regular exponentiation schemes can be regarded as protections since the operation sequence does not depend on the secret. In this article...
متن کاملOn Set Systems Having Paradoxical Covering Properties
1. R2-phenomena . Our set theoretic notation will be standard with one exception . Since this paper is largely concerned with powers of ordinals, the symbol ~" will always denote ordinal exponentiation for ordinals ~, 11 . Thus, in particular, if fl--a, then cos is an ordinal <coy+1 . When we use cardinal exponentiation we shall either say so or, if there is no danger of confusion, we write 2 1...
متن کاملHorizontal Correlation Analysis on Exponentiation
We introduce in this paper a technique in which we apply correlation analysis using only one execution power curve during an exponentiation to recover the whole secret exponent manipulated by the chip. As in the Big Mac attack from Walter, longer keys may facilitate this analysis and success will depend on the arithmetic coprocessor characteristics. We present the theory of the attack with some...
متن کاملFinite Field Arithmetic
11.1 Prime fields of odd characteristic 201 Representations and reductions • Multiplication • Inversion and division • Exponentiation • Squares and square roots 11.2 Finite fields of characteristic 2 213 Representation • Multiplication • Squaring • Inversion and division • Exponentiation • Square roots and quadratic equations 11.3 Optimal extension fields 229 Introduction • Multiplication • Exp...
متن کامل