Fault Attacks on the Montgomery Powering Ladder
نویسندگان
چکیده
Security-aware embedded devices which are likely to operate in hostile environments need protection against physical attacks. For the RSA public-key algorithm, protected versions of the Montgomery powering ladder have gained popularity as countermeasures for such attacks. In this paper, we present a general fault attack against RSA implementations which use the Montgomery powering ladder. In a first step, we discuss under which realistic fault assumptions our observation can be used to attack basic implementations. In a second step, we extend our attack to a scenario, where the message is blinded at the beginning of the exponentiation algorithm. To the best of our knowledge this is the first fault attack on a blinded Montgomery powering ladder.
منابع مشابه
The Montgomery Powering Ladder
This paper gives a comprehensive analysis of Montgomery powering ladder. Initially developed for fast scalar multiplication on elliptic curves, we extend the scope of Montgomery ladder to any exponentiation in an abelian group. Computationally, the Montgomery ladder has the triple advantage of presenting a Lucas chain structure, of being parallelized, and of sharing a common operand. Furthermor...
متن کاملRandomizing the Montgomery Powering Ladder
In this paper, we present novel randomized techniques to enhance Montgomery powering ladder. The proposed techniques increase the resistance against side-channel attacks and especially recently published correlation collision attacks in the horizontal setting. The first of these operates by randomly changing state such that the difference between registers varies, unpredictably, between two sta...
متن کاملFault Attack revealing Secret Keys of Exponentiation Algorithms from Branch Prediction Misses
Performance monitors are provided in modern day computers for observing various features of the underlying microarchitectures. However the combination of underlying microarchitectural features and performance counters lead to sidechannels which can be exploited for attacking cipher implementations. In this paper, to the best of our knowledge we study for the first time, the combination of branc...
متن کاملFault Attack on Elliptic Curve with Montgomery Ladder Implementation
In this paper, we present a new fault attack on elliptic curve scalar product algorithms. This attack is tailored to work on the classical Montgomery ladder method when the y-coordinate is not used. No weakness has been reported so far on such implementations, which are very efficient and were promoted by several authors. But taking into account the twist of the elliptic curves, we show how, wi...
متن کاملHighly Regular m-Ary Powering Ladders
This paper describes new exponentiation algorithms with applications to cryptography. The proposed algorithms can be seen as m-ary generalizations of the so-called Montgomery ladder. Both left-toright and right-to-left versions are presented. Similarly to Montgomery ladder, the proposed algorithms always repeat the same instructions in the same order, without inserting dummy operations, and so ...
متن کامل