Similar operation template attack on RSA-CRT as a case study (original) (raw)

Abstract

A template attack, the most powerful side-channel attack methods, usually first builds the leakage profiles from a controlled profiling device, and then uses these profiles to recover the secret of the target device. It is based on the fact that the profiling device shares similar leakage characteristics with the target device. In this study, we focus on the similar operations in a single device and propose a new variant of the template attack, called the similar operation template attack (SOTA). SOTA builds the models on public variables (e.g., input/output) and recovers the values of the secret variables that leak similar to the public variables. SOTA’s advantage is that it can avoid the requirement of an additional profiling device. In this study, the proposed SOTA method is applied to a straightforward RSA-CRT implementation. Because the leakage is (almost) the same in similar operations, we reduce the security of RSA-CRT to a hidden multiplier problem (HMP) over GF(q), which can be solved byte-wise using our proposed heuristic algorithm. The effectiveness of our proposed method is verified as an entire prime recovery procedure in a practical leakage scenario.

Access this article

Log in via an institution

Subscribe and save

• Starting from 10 chapters or articles per month
• Access and download chapters and articles from more than 300k books and 2,500 journals
• Cancel anytime View plans

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Similar content being viewed by others

References

1. Kocher P C, Jaffe J, Jun B. Differential power analysis. In: Advances in Cryptology — CRYPTO’99. Berlin: Springer, 1999. 15–19
   Google Scholar
2. Brier E, Clavier C, Olivier F. Correlation power analysis with a leakage model. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2004. 16–29
   Google Scholar
3. Gierlichs B, Batina L, Tuyls P. Mutual information analysis. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2008. 426–442
   Google Scholar
4. Batina L, Gierlichs B, Lemke-Rust K. Differential cluster analysis. In: Cryptographic Hardware and Embedded Systems–CHE 2009 Lausanne. Berlin: Springer, 2009. 112–127
   Chapter Google Scholar
5. Chari S, Rao J R, Rohatgi P. Template attacks. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2002. 13–28
   Google Scholar
6. Amiel F, Feix B, Villegas K. Power analysis for secret recovering and reverse engineering of public key algorithms. In: Proceedings of International Workshop on Selected Areas in Cryptography. Berlin: Springer, 2007. 110–125
   Chapter Google Scholar
7. Balasch J, Gierlichs B, Reparaz O, et al. DPA, bitslicing and masking at 1 GHz. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2015. 599–619
   Google Scholar
8. Tang M, Qiu Z L, Peng H B, et al. Toward reverse engineering on secret S-boxes in block ciphers. Sci China Inf Sci, 2014, 57: 032208
   MATH Google Scholar
9. Genkin D, Adi Shamir A, Tromer E. RSA Key Extraction via low-bandwidth acoustic cryptanalysis. In: Proceedings of Advances in Cryptology — CRYPTO 2014. Berlin: Springer, 2014. 444–461
   Chapter Google Scholar
10. Genkin D, Pipman I, Tromer E. Get your hands off my laptop: physical side-channel key-extraction attacks on PCs. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2014. 242–260
    Google Scholar
11. Genkin D, Pachmanov L, Pipman I, et al. Stealing keys from PCs using a radio: cheap electromagnetic attacks on windowed exponentiation. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2015. 207–228
    Google Scholar
12. Genkin D, Pachmanov L, Pipman I, et al. ECDSA key extraction from mobile devices via nonintrusive physical side channels. In: Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, 2016. 1626–1638
    Google Scholar
13. Belgarric P, Fouque P A, Macario-Rat G, et al. Side-channel analysis of Weierstrass and Koblitz curve ECDSA on Android smartphones. In: Proceedings of the Cryptographers’ Track at the RSA Conference 2016. Cham: Springer, 2016. 236–252
    Google Scholar
14. Coppersmith D. Small solutions to polynomial equations, and low exponent RSA vulnerabilities. J Cryptol, 1997, 10: 233–260
    Article MathSciNet MATH Google Scholar
15. Joye M, Yen S M. The montgomery powering ladder. In: Proceedings of Cryptographic Hardware and Embedded Systems, Redwood Shores, 2002. 291–302
    Google Scholar
16. Chevallier-Mames B, Ciet M, Joye M. Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity. IEEE Trans Comp, 2004, 53: 760–768
    Article MATH Google Scholar
17. Brier É, Joye M. Weierstraß Elliptic curves and side-channel attacks. In: Proceedings of International Workshop on Public Key Cryptography. Berlin: Springer, 2002. 2274: 335–345
    Chapter Google Scholar
18. Sinha Roy S, Järvinen K, Verbauwhede I. Lightweight coprocessor for Koblitz curves: 283-Bit ECC including scalar conversion with only 4300 gates. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2015. 102–122
    Google Scholar
19. Witteman M. A DPA attack on RSA in CRT mode. Riscure Technical Report, 2009. https://www.riscure.com/archive/DPA attack on RSA in CRT mode.pdf.
    Google Scholar
20. Aldaya A C, Sarmiento A J C, Sánchez-Solano S. SPA vulnerabilities of the binary extended Euclidean algorithm. J Cryp Eng, 2016, 7: 273–285
    Article Google Scholar
21. Walter C D. Sliding windows succumbs to big Mac attack. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2001. 286–299
    Google Scholar
22. Montminy D P, Baldwin R O, Temple M A, et al. Improving cross-device attacks using zero-mean unit-variance normalization. J Cryp Eng, 2013, 3: 99–110
    Article Google Scholar
23. Standaert F X, Archambeau C. Using subspace-based template attacks to compare and combine power and electromagnetic information leakages. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2008. 411–425
    Google Scholar
24. Archambeau C, Peeters E, Standaert F X, et al. Template attacks in principal subspaces. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2006. 1–14
    Google Scholar
25. Hospodar G, Gierlichs B, De Mulder E, et al. Machine learning in side-channel analysis: a first study. J Cryp Eng, 2011, 1: 293–305
    Article Google Scholar
26. Lerman L, Bontempi G, Markowitch O, et al. Power analysis attack: an approach based on machine learning. Int J Appl Cryp, 2014, 3: 97–115
    Article MathSciNet MATH Google Scholar
27. Choudary O, Kuhn M G. Template attacks on different devices. In: Proceedings of International Workshop on Constructive Side-Channel Analysis and Secure Design. Cham: Springer, 2014. 179–198
    Google Scholar
28. Whitnall C, Oswald E. Robust profiling for DPA-style attacks. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2015. 3–21
    Google Scholar
29. Rivest R L, Shamir A, Adleman LM. A method for obtaining digital signatures and public-key cryptosystems. Commun ACM, 1983, 21: 96–99
    Article MathSciNet MATH Google Scholar
30. Quisquater J J. Fast decipherment algorithm for RSA public-key cryptosystem. Electron Lett, 2007, 18: 905–907
    Article Google Scholar
31. Choudary O, Kuhn M G. Efficient template attacks. In: Proceedings of International Conference on Smart Card Research and Advanced Applications. Cham: Springer, 2013. 253–270
    Google Scholar
32. Belaïd S, Fouque P A, Gérard B. Side-channel analysis of multiplications in GF(2128)-application to AES-GCM. In: Proceedings of International Conference on the Theory and Application of Cryptology and Information Security. Berlin: Springer, 2014. 306–325
    Google Scholar
33. Belaïd S, Coron J S, Fouque P A, et al. Improved side-channel analysis of finite-field multiplication. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems. Berlin: Springer, 2015. 395–415
    Google Scholar
34. Merino Del Pozo S, Standaert F X. Blind source separation from single measurements using singular spectrum analysis. In: Proceedings of International Workshop on Cryptographic Hardware and Embedded Systems, Saint-Malo, 2015. 42–59
    Google Scholar
35. Renauld M, Standaert F X, Veyrat-Charvillon N, et al. A formal study of power variability issues and side-channel attacks for nanoscale devices. In: Advances in Cryptology — EUROCRYPT 2011. Berlin: Springer, 2011. 109–128
    Chapter Google Scholar

Download references

Acknowledgements

This work was supported by Major State Basic Research Development Program (973 Program) (Grant No. 2013CB338004), National Natural Science Foundation of China (Grant Nos. U1536103, 61402286, 61472249, 61602239, 61572192, 61472250), Minhang District Cooperation Plan (Grant No. 2016MH310), and Natural Science Foundation of Jiangsu Province (Grant No. BK20160808).

Author information

Authors and Affiliations

1. Department of Computer Science and Engineering, Shanghai Jiao Tong University, Shanghai, 200240, China
   Sen Xu, Xiangjun Lu, Kaiyu Zhang, Lei Wang, Weijia Wang, Zheng Guo, Junrong Liu & Dawu Gu
2. College of Computer Science and Technology, Nanjing University of Aeronautics and Astronautics, Nanjing, 211106, China
   Yang Li
3. Wanda Internet Technology Group, Shanghai, 200127, China
   Haihua Gu
4. Shanghai Institute for Advanced Communication and Data Science, Shanghai, 200241, China
   Dawu Gu

Authors

1. Sen Xu
2. Xiangjun Lu
3. Kaiyu Zhang
4. Yang Li
5. Lei Wang
6. Weijia Wang
7. Haihua Gu
8. Zheng Guo
9. Junrong Liu
10. Dawu Gu

Corresponding authors

Correspondence toYang Li or Dawu Gu.

Rights and permissions

About this article

Cite this article

Xu, S., Lu, X., Zhang, K. et al. Similar operation template attack on RSA-CRT as a case study.Sci. China Inf. Sci. 61, 032111 (2018). https://doi.org/10.1007/s11432-017-9210-3

Download citation

• Received: 13 May 2017
• Revised: 05 July 2017
• Accepted: 19 July 2017
• Published: 18 January 2018
• Version of record: 18 January 2018
• DOI: https://doi.org/10.1007/s11432-017-9210-3

Keywords