Frédéric Valette

The Doubling Attack - Why Upwards Is Better than Downwards

The recent developments of side channel attacks have lead implementers to use more and more sophisticated countermeasures in critical operations such as modular exponentiation, or scalar multiplication in the elliptic curve setting. In this paper, we propose a new attack against a classical implementation of these operations that only requires two queries to the device. The complexity of this so-called “doubling attack” is much smaller than previously known ones. Furthermore, this approach defeats two of the three countermeasures proposed by Coron at CHES ’99.

On the Security of Randomized CBC-MAC Beyond the Birthday Paradox Limit: A New Construction

In this paper, we study the security of randomized CBC-MACs and propose a new construction that resists birthday paradox attacks and provably reaches full security. The size of the MAC tags in this construction is optimal, i.e., exactly twice the size of the block cipher. Up to a constant, the security of the proposed randomized CBC-MAC using an n-bit block cipher is the same as the security of the usual encrypted CBC-MAC using a 2n-bit block cipher. Moreover, this construction adds a negligible computational overhead compared to the cost of a plain, non-randomized CBC-MAC. We give a full standard proof of our construction using one pass of a block-cipher with 2n-bit keys but there also is a proof for n-bit keys block-ciphers in the random oracle model.

Fault Attack on Elliptic Curve Montgomery Ladder Implementation

In this paper, we present a new fault attack on elliptic curve scalar product algorithms. This attack is tailored to work on the classical Montgomery ladder method when the y-coordinate is not used. No weakness has been reported so far on such implementations, which are very efficient and were promoted by several authors. But taking into account the twist of the elliptic curves, we show how, with few faults (around one or two faults), we can retrieve the full secret exponent even if classical countermeasures are employed to prevent fault attacks. It turns out that this attack has not been anticipated as the security of the elliptic curve parameters in most standards can be strongly reduced. Especially, the attack is meaningful on some NIST or SECG parameters.

Blockwise-Adaptive Attackers: Revisiting the (In)Security of Some Provably Secure Encryption Models: CBC, GEM, IACBC

In this paper, we show that the natural and most common way of implementing modes of operation for cryptographic primitives often leads to insecure implementations. We illustrate this problem by attacking several modes of operation that were proved to be semantically secure against either chosen plaintext or chosen ciphertext attacks.The problem stems from the simple following fact: in the definition and proofs of semantic security, messages are considered as atomic objects that cannot be split; however, in most practical implementations, messages are subdivided into smaller chunks than can be easily manipulated. Depending on the implementation, each chunk may consist of one or several blocks of the underlying primitive. The key point here is that upon reception of a processed chunk, the attacker can now adapt his choice for the next chunk. Since the possibility of adapting within a single message is not taken into account in the current security models, this leaves room for unexpected attacks.We illustrate this new paradigm by attacking three symmetric and hybrid encryption schemes based on the chaining mode in spite of their security proofs.

Enhancing Collision Attacks

Side Channel Attacks (SCA) have received a huge interest in the last 5 years. These new methods consider non-cryptographic sources of information (like timing or power consumption) in addition to traditional techniques. Consequently block ciphers must now resist a variety of SCAs, among which figures the class of “collision attacks”. This recent technique combines side channel information with tools originally developed for block cipher or hash function cryptanalysis, like differential cryptanalysis for instance.

Power attack on small RSA public exponent

In this paper, we present a new attack on RSA when the public exponent is short, for instance 3 or 2 16 +1, and when the classical exponent randomization is used. This attack works even if blinding is used on the messages. From a Simple Power Analysis (SPA) we study the problem of recovering the RSA private key when non consecutive bits of it leak from the implementation. We also show that such information can be gained from sliding window implementations not protected against SPA.

SCARE of the DES

Side-Channel Analysis for Reverse Engineering (SCARE) is a new field of application for Side-Channel Attacks (SCA), that was recently introduced, following initial results on the GSM A3/A8 algorithm. The principle of SCARE is to use side-channel information (for instance, power consumption) as a tool to reverse-engineer some secret parts of a cryptographic implementation. SCARE has the advantage of being discrete and non-intrusive, so it appears to be a promising new direction of research. In this paper, we apply the concepts of SCARE in the case of the block cipher DES. We measure the power consumption of a software DES executed on a target smart card and propose new methods to exploit this information. We manage to retrieve many details about the underlying device, including some constants used by the algorithm (e.g. permutation tables for the round function and for the key scheduling), but also interesting implementation choices (e.g. registers where subkeys are loaded). Of course some information was already known in our case, but situations can be envisaged where the designer would like to keep it secret. An application of these methods is to reverse-engineer a proprietary algorithm, provided some information about its basic structure is know. Hence it illustrates the power of SCARE and demonstrates yet again the accuracy of Kerckhoffs principle. In addition, a better understanding of a cryptographic implementation can be a first step to mount more sophisticated Side Channel Attacks.

Authenticated On-Line Encryption

In this paper, we investigate the authenticated encryption paradigm, and its security against blockwise adaptive adversaries, mounting chosen ciphertext attacks on on-the-fly cryptographic devices. We remark that most of the existing solutions are insecure in this context, since they provide a decryption oracle for any ciphertext. We then propose a generic construction called Decrypt-Then-Mask, and prove its security in the blockwise adversarial model. The advantage of this proposal is to apply minimal changes to the encryption protocol. In fact, in our solution, only the decryption protocol is modified, while the encryption part is left unchanged. Finally, we propose an instantiation of this scheme, using the encrypted CBC-MAC algorithm, a secure pseudorandom number generator and the Delayed variant of the CBC encryption scheme.

Defeating any secret cryptography with SCARE attacks

This article aims at showing that side-channel analyses constitute powerful tools for reverse-engineering applications. We present two new attacks that only require known plaintext or ciphertext. The first one targets a stream cipher and points out how an attacker can recover unknown linear parts of an algorithm which is in our case the parameters of a Linear Feedback Shift Register. The second technique allows to retrieve an unknown non-linear function such as a substitution box. It can be applied on every kind of symmetric algorithm (typically Feistel or Substitution Permutation Network) and also on stream ciphers. Twelve years after the first publication about side-channel attacks, we show that the potential of these analyses has been initially seriously under-estimated. Every cryptography, either public or secret, is indeed at risk when implemented in a device accessible by an attacker. This illustrates how vulnerable cryptography is without a trusted tamperproof hardware support.

SCARE of an Unknown Hardware Feistel Implementation

Physical attacks based on Side Channel Analysis (SCA) or on Fault Analysis (FA) target a secret usually manipulated by a public algorithm. SCA can also be used for Reverse Engineering (SCARE) against the software implementation of a private algorithm. In this paper, we claim that an unknown Feistel scheme with an hardware design can be recovered with a chosen plaintexts SCA attack. First, we show that whatever is the input of the unknown Feistel function, its one-round output can be guessed by SCA. Using this relation, two attacks for recovering the algorithm are proposed : an expensive interpolation attack on a generic Feistel scheme and an improved attack on a specific but commonly used scheme. Then, a countermeasure is proposed.