Benoit Feix

Horizontal correlation analysis on exponentiation

We introduce in this paper a technique in which we apply correlation analysis using only one execution power curve during an exponentiation to recover the whole secret exponent manipulated by the chip. As in the Big Mac attack from Walter, longer keys may facilitate this analysis and success will depend on the arithmetic coprocessor characteristics. We present the theory of the attack with some practical successful results on an embedded device and analyze the efficiency of classical countermeasures with respect to our attack. Our technique, which uses a single exponentiation curve, cannot be prevented by exponent blinding. Also, contrarily to the Big Mac attack, it applies even in the case of regular implementations such as the square and multiply always or the Montgomery ladder. We also point out that DSA and Diffie-Hellman exponentiations are no longer immune against CPA. Then we discuss the efficiency of known countermeasures, and we finally present some new ones.

Passive and Active Combined Attacks on AES Combining Fault Attacks and Side Channel Analysis

Tamper resistance of hardware products is currently a very popular subject for researchers in the security domain. Since the first Kocher side-channel (passive)attack, the Bellcore researchers and Biham and Shamir fault (active) attacks, many other side-channel and fault attacks have been published. The design of efficient countermeasures still remains a difficult task for IC designers and manufacturers as they must also consider the attacks which combine active and passive threats. It has been shown previously that combined attacks can defeat RSA implementations if side-channel countermeasures and fault protections are developed separately instead of being designed together. This paper demonstrates that combined attacks are also effective on symmetric cryptosystems and shows how they may jeopardize a supposedly state of the art secure AES implementation.

Improved collision-correlation power analysis on first order protected AES

The recent results presented by Moradi et al. on AES at CHES 2010 and Witteman et al. on square-and-multiply always RSA exponentiation at CT-RSA 2011 have shown that collision-correlation power analysis is able to recover the secret keys on embedded implementations. However, we noticed that the attack published last year by Moradi et al. is not efficient on correctly first-order protected implementations. We propose in this paper improvements on collision-correlation attacks which require less power traces than classical second-order power analysis techniques.We present here two new methods and show in practice their real efficiency on two first-order protected AES implementations. We also mention that other symmetric embedded algorithms can be targeted by our new techniques.

ROSETTA for Single Trace Analysis

In most efficient exponentiation implementations, recovering the secret exponent is equivalent to disclosing the sequence of squaring and multiplication operations. Some known attacks on the RSA exponentiation apply this strategy, but cannot be used against classical blinding countermeasures. In this paper, we propose new attacks distinguishing squaring from multiplications using a single side-channel trace. It makes our attacks more robust against blinding countermeasures than previous methods even if both exponent and message are randomized, whatever the quality and length of random masks. We demonstrate the efficiency of our new techniques using simulations in different noise configurations.

Simple power analysis on exponentiation revisited

Power Analysis has been studied since 1998 when P. Kocher et al. presented the first attack. From the initial Simple Power Analysis more complex techniques have been designed and studied during the previous decade such as Differential and Correlation Power Analysis. In this paper we revisit Simple Power Analysis which is at the heart of side channel techniques. We aim at showing its true efficiency when studied rigorously. Based on existing Chosen Message attacks we explain in this paper how particular message values can reveal the secret exponent manipulated during a modular exponentiation with a single power consumption curve. We detail the different ways to achieve this and then show that some blinded exponentiations can still be threatened by Simple Power Analysis depending on the implementation. Finally we will give advice on countermeasures to prevent such enhanced Simple Power Analysis techniques.

Side-Channel Analysis on Blinded Regular Scalar Multiplications

We present a new side-channel attack path threatening state-of-the-art protected implementations of elliptic curves embedded scalar multiplications. Regular algorithms such as the double-and-add-always and the Montgomery ladder are commonly used to protect the scalar multiplication from simple side-channel analysis. Combining such algorithms with scalar and/or point blinding countermeasures lead to scalar multiplications protected from all known attacks. Scalar randomization, which consists in adding a random multiple of the group order to the scalar value, is a popular countermeasure due to its efficiency. Amongst the several curves defined for usage in elliptic curves products, the most used are those standardized by the NIST. As observed in several previous publications, the modulus, hence the orders, of these curves are sparse, primarily for efficiency reasons. In this paper, we take advantage of this specificity to present new attack paths which combine vertical and horizontal side-channel attacks to recover the entire secret scalar in state-of-the-art protected elliptic curve implementations.

Square always exponentiation

Embedded exponentiation techniques have become a key concern for security and efficiency in hardware devices using public key cryptography. An exponentiation is basically a sequence of multiplications and squarings, but this sequence may reveal exponent bits to an attacker on an unprotected implementation. Although this subject has been covered for years, we present in this paper new exponentiation algorithms based on trading multiplications for squarings. Our method circumvents attacks aimed at distinguishing squarings from multiplications at a lower cost than previous techniques. Last but not least, we present new algorithms using two parallel squaring blocks which provide the fastest exponentiation to our knowledge.

Defeating with fault injection a combined attack resistant exponentiation

Since the introduction of the side-channel and fault injection analysis late in the 90s, implementing cryptographic standards on embedded devices has become a difficult challenge. Developers were obliged to add new appropriate countermeasures into their code. To prevent those separate threats, they often implemented countermeasures separately. The side-channel dedicated countermeasures were added to the algorithm when on the other hand specific protections against fault injections, like computation verifications, were implemented. However in 2007 Amiel et al.demonstrated that a single fault injection combined with simple side-channel analysis can defeat such a classical implementation. Then it became obvious that side-channel and fault countermeasures had to be designed together. In that vein Schmidt et al.published at Latincrypt 2010 an efficient exponentiation algorithm supposedly resistant against this combined attack category. Despite the clever design of these algorithms, we present here two new attacks that can defeat its security. Our first attack is a single fault injection scheme requiring only few faulted ciphertexts. The second one requires the combination of a single fault injection with a differential treatment. We also propose a more secure version of this algorithm that thwarts our attacks.

Updated recommendations for blinded exponentiation vs. single trace analysis

Side-channel analysis has become a very powerful tool helpful for attackers trying to recover the secrets embedded in microprocessors such as smartcards. Since the initial publications from Kocher et al. many improvements on side-channel techniques have been proposed. At the same time developers have designed countermeasures to counterfeit those threats. The challenge for securing smart devices remains rough. The most complex techniques like Differential, Correlation and Mutual-information analysis are more studied today than simple side-channel analysis which seems less considered as said less powerful. We revisit in this paper the simple side-channel analysis attacks previously published. Relying on previous leakage models we design two new methods to build chosen message which allows more efficient analysis on blinded exponentiation. We also show that, contrarily to common belief, with our chosen message method simple side-channel analysis can be successful also in some hashed message models. In a second step we introduce a more precise but realistic leakage model for hardware multipliers which leads us to new results on simple side-channel efficiency. Relying on these models we show that even with big base multipliers leakages can be exploited to recover the secret exponent on blinded exponentiations.

Generating provable primes efficiently on embedded devices

This paper introduces new techniques to generate provable prime numbers efficiently on embedded devices such as smartcards, based on variants of Pocklingtons and the Brillhart-Lehmer-Selfridge-Tuckerman-Wagstaff theorems. We introduce two new generators that, combined with cryptoprocessor-specific optimizations, open the way to efficient and tamper-resistant on-board generation of provable primes. We also report practical results from our implementations. Both our theoretical and experimental results show that constructive methods can generate provable primes essentially as efficiently as state-of-the-art generators for probable primes based on Fermat and Miller-Rabin pseudo-tests. We evaluate the output entropy of our two generators and provide techniques to ensure a high level of resistance against physical attacks. This paper intends to provide practitioners with the first practical solutions for fast and secure generation of provable primes in embedded security devices.