Keke Wu

Enhanced Correlation Power Analysis Attack on Smart Card

Power analysis attack has been widely used against cryptographic devices such as smart cards. Compared to the origin differential power analysis (DPA) attack, the later developed correlation power analysis (CPA) is advantageous due to its robustness and efficiency. However, the existing CPA power models are defective in principle as they are either based on a power model using Hamming weight or simplified Hamming distance, both are much deviated from the CMOS circuit power consumption theory. This paper presents an improved power model based on probability distribution of Hamming distance. The experiment of CPA analysis on a smart card chip demonstrates that the proposed model can achieve 10% better results compared to existing models.

Electromagnetic Analysis on Elliptic Curve Cryptosystems: Measures and Counter-Measures for Smart Cards

Although the possibility of attacking elliptic curve cryptosystems (ECC) by power analysis repeatedly appears in research papers, there were few electromagnetic analysis papers and conclusive experiments where actual elliptic curve cryptosystems were successfully attacked and prevented. In this paper we describe electromagnetic (EM) analysis experiments conducted on 3 implementations of elliptic curve cryptosystems. They are respectively binary, double-and-add-always and Montgomery methods of point multiplication. The experimental results indicate that using simple electromagnetic analysis (SEMA), the complete key material could be successfully retrieved from binary method, but not from double-and-add-always and Montgomery method.

Quantitative Evaluation of Side-Channel Security

There have been enormous research efforts dedicated to new countermeasures against side-channel attacks. However, very few reports were published about how to quantitatively verify their effectiveness. This paper presents statistical approaches of quantitative evaluation in respect of time disarrangement and side-channel magnitude confusion. The statistical mean value of the cross correlation coefficients measures the effectiveness of time disarrangement. The difference between the highest two correlation factors out of the key guesses is assessed to evaluate the effectiveness of side-channel magnitude confusion. Experiment results demonstrate that the proposed evaluation approaches are accurate and feasible. Eliminating requirement of reference makes the evaluations applicable in objective assessment of various devices by any designers or evaluators.

Countermeasure of ECC against Side-Channel Attacks: Balanced Point Addition and Point Doubling Operation Procedure

Elliptic Curve Cryptography (ECC) has become widely deployed in embedded cryptographic devices. However, power analysis attacks may retrieve secret keys by exploiting the power consumption of ECC devices. This paper proposes a countermeasure with balanced operation procedure of point doubling and addition during the scalar multiplication implementation of ECC algorithms. Experiment results on smart cards demonstrate this balanced method can largely enhance the secure against side-channel attacks.

A randomized binary modular exponentiation based RSA algorithm against the comparative power analysis

In this paper, we propose a binary modular exponentiation RSA countermeasure in order to defend against the comparative power analysis by dividing the private key e into n random parts and randomly choosing one of the parts to do one unit operation each selection till the modular exponentiation of all parts are completed. When the bit length of the private key computed actually is less than 4/3 of the original bit length of the private key, our method is more efficient and has more probability to against the exhaustive attack than the squaring-and-multiply-always right-to-left binary method which was previously considered to be the only effective binary method against the comparative power analysis. Further, the efficiency and security of our algorithm can be improved even more by adopting the parallel computing architecture.

Correlation Power Analysis Attack against Synchronous Stream Ciphers

Power analysis attacks as side channel analysis techniques of cryptographic devices have been mounted against block ciphers and public key but rarely against stream ciphers. There are no reports on correlation power analysis (CPA) attack against stream ciphers so far. This paper proposes a novel CPA against synchronous stream ciphers. Then we present two experiments of CPA attacks on stream ciphers A5/1 and E0. The experimental results indicate that CPA of synchronous stream ciphers is feasible.

Fast and scalable parallel processing of scalar multiplication in elliptic curve cryptosystems

To secure parallel systems in communication networks, in this paper, we propose a fast and scalable parallel scalar multiplication method over generic elliptic curves for elliptic curve cryptosystems, by means of our proposed scalar folding and unfolding techniques. In contrast to previous parallel scalar multiplication methods, our method can be implemented into scalable parallel computers. The optimal time complexity is k point doublings (D) plus log k point additions (A), denoted as kD + (log k)A, where k is the bit length of the scalar. If our method is applied to Koblitz curves, the optimal time complexity can be reduced to (log k)A. Furthermore, previous simple side-channel-protected scalar multiplication methods can be integrated into our method for resisting against simple side-channel attacks. Copyright

Elliptic Curve Isogenies to Resist Differential Side-Channel Analysis Attacks

In this paper, we propose a new randomization method to resist differential side-channel analysis (DSCA) attacks based on elliptic curve isogenies. The basic idea is to map the elliptic curve through random isogenies to conceal the execution of the point multiplication algorithm in elliptic curve cryptosystems (ECC). Differed from the existing countermeasures against DSCA, the proposed secure algorithm does not sacrifice the computational cost of the point multiplication algorithm.

Evaluation metrics of physical non-invasive security

Physical non-invasive security has become crucial for cryptographic modules, which are widely used in pervasive computing. International security evaluation standards, such as U.S. Federal Information Processing Standard (FIPS) 140-3 and Common Criteria (CC) part 3 have added special requirements addressing physical non-invasive security. However, these evaluation standards lack of quantitative metrics to explicitly guide the design and measurement. This paper proposes practice-oriented quantitative evaluation metrics, in which the distinguishability between the key predictions is measured under statistical significance tests. Significant distinguishability between the most possible two key candidates suggests high success rates of the right key prediction, thus indicates a low security degree. The quantitative evaluation results provide high accountability of security performance. The accordance with FIPS 140-3 makes the proposed evaluation metrics a valuable complement to these widely adopted standards. Case studies on various smart cards demonstrate that the proposed evaluation metrics are accurate and feasible.

Retrieving Lost Efficiency of Scalar Multiplications for Resisting against Side-Channel Attacks

At the elliptic curve cryptosystems (ECC) implementation stage, a ma jor concern is securing scalar multiplications against so-called side-channel attacks (SCA). Existing s olutions reach the goal by inserting dummy operations (typically increase 33% computational costs) based on commonly-used binary method , which largely increases the computational costs and prohibits the deployment of ECC in computation resource-restricted devices . In this paper, we for the first time propose a secure scalar multiplication method that does not penalise the computational cost compared to binary method. We partition the bit string of the scalar in half and extract ing the common substring from the two parts based on bit-wise logical operations, so as to save the number of point additions required for the computation of the common substring. Computational results demonstrate th e proposed method remains approximately the same computational cost as binary method. The side-channel experiments prove that the proposed method is secure against SSCA . Also, we use the randomization technique to secure our method against differential SCA (DSCA).