Yong-Je Choi

Hyperelliptic curve coprocessors on a FPGA

Cryptographic algorithms are used in a large variety of different applications to ensure security services. It is, thus, very interesting to investigate various implementation platforms. Hyperelliptic curve schemes are cryptographic primitives to which a lot of attention was recently given due to the short operand size compared to other algorithms. They are specifically interesting for special-purpose hardware. This paper provides a comprehensive investigation of high-efficient HEC architectures. We propose a genus-2 hyperelliptic curve cryptographic coprocessor using affine coordinates. We implemented a special class of hyperelliptic curves, namely using the parameter h(x)=x and f=x5+f1x+f0 and the base field GF(289). In addition, we only consider the most frequent case in our implementation and assume that the other cases are handled, e.g. by the protocol. We provide three different implementations ranging from high speed to moderate area. Hence, we provide a solution for a variety of applications. Our high performance HECC coprocessor is 78.5% faster than the best previous implementation and our low area implementation utilizes only 22.7% of the area that the smallest published design uses. Taking into account both area and latency, our coprocessor is an order of magnitude more efficient than previous implementations. We hope that the work at hand provides a step towards introducing HEC systems in practical applications.

Low power implementation of SHA-1 algorithm for RFID system

In this paper, we implemented the low power and small area hardware of SHA-1 hash function for RFID tag. For small area design we optimized operation logics and for low power design we minimized data transitions of register memory. It is implemented with 10,641 gates at Samsung 0.25 mum CMOS technology and it needs 330 operation clocks for one hash function of 160-bit data. Its power consumption is 19.5 muW at 100 kHz operation clock

Low-cost Cryptographic Circuits for Authentication in Radio Frequency Identification Systems

We present a new architecture of Advanced Encryption Standard (AES) cryptographic circuit which can be used as cryptographic primitives supporting privacy and authentication for radio frequency identification (RFID). RFID is a technology to identify goods or person containing the tags. While it is a convenient way to track items, it also provides chances to track people and their activities through their belongings. For these reasons, privacy and authentication are a major concern with RFID system and many solutions have been proposed. M. Feldhofer, S. Dominikus, and J. Wolkerstorfer introduced the Interleaved Protocol which serves as a means of authenticating RFID tag to reader devices in M. Feldhofer et al., 2004. They designed very small AES hardware circuit as a cryptographic primitive. The proposed circuit requires about 1,000 clock cycles to encrypt a 128-bit block of data. In this contribution, we introduce a novel method to increase the operating speed of previous method for low-cost AES cryptographic circuits. Our low-cost AES cryptographic circuit can encrypt 128-bit data block within 870 clock cycles using less than 4000 gates on a 0.25 mum CMOS process

Side Channel Attacks on Cryptographic Module: EM and PA Attacks Accuracy Analysis

Extensive research on modern cryptography ensures significant mathematical immunity to conventional cryptographic attacks. However, different side channel techniques such as power analysis and electromagnetic attacks are such a powerful tool to extract the secret key from cryptographic devices. These techniques bring serious threat on hardware implementations of cryptographic algorithms. In this paper an extensive analysis of side channel analysis on cryptographic device is presented where we study on the EM and PA attacks methods as sideways attacks on the hardware implementation of the crypto-module. Finally we establish a comparison table among different attacks tools methods for the accuracy analysis.

Implementing Side Channel Analysis Evaluation Boards of KLA-SCARF system

ABSTRACT With increasing demands for security evaluation of side-channel resistance for crypto algorithm implementations, many equipments are developed at various research institutes. Indeed, commercial products came out for the purpose of evaluation and certification tool of security products. However, various types of security products exclusive a smart card make it difficult to implement a security evaluation system for them. In this paper, we describe implementation and characteristic of the side-channel evaluation boards of the KLA-SCARF, which is the p roject to develop domestic side-channel evaluation system. This report would be helpful for following researchers who inte nd to develop side-channel evaluation boards for other security devices.Keywords: Side Channel Analysis, KLA-SCARF, Security Evaluation Board접수일(2013년 12월 26일), 수정일(2014년 2월 3일), 게재확정일(2014년 2월 3일)* 본 연구는 ETRI의 연구개발 과제인 KLA-SCARF( 프로젝트로 수행하였음(암호키 누출 검증 및 방지 원천 기술 연구), www.k-scarf.or.kr, KLA-SCARF(Key Leakage Analysis - Side Channel Analysis Resistant Framework) †주저자, choiyj@etri.re.kr‡교신저자, jcryou@home.cnu.ac.kr (Corresponding author)

A secure exponentiation algorithm resistant to a combined attack on RSA implementation

Because two types of side-channel attacks, namely passive information leakages and active fault injections, are considered separate implementation threats to cryptographic modules, most countermeasures against these attacks have been independently developed. However, Amiel et al. demonstrated that a fault injection combined with a simple power analysis (SPA) can break such a classical Rivest, Shamir, and Adelman (RSA) system implementation. In this paper, we show that this combined attack (CA) can be applied to the Boscher, Naciri, and Prouff algorithm, which is an SPA/fault attack (FA)-resistant exponentiation method for RSA implementation. Furthermore, this paper proposes a novel exponentiation algorithm resistant to power analysis and an FA as well as to the CA. The proposed exponentiation algorithm can be employed for secure Chinese remainder theorem-RSA implementation. In addition, the paper presents some experimental results of an SPA under the assumption of a successful fault injection.

A Differential Power Analysis Attack of Block Cipher based on the Hamming Weight of Internal Operation Unit

Power analysis attack, which was introduced by Kocher et al. in 1999, was known as the most threatening physical attack against low power device such as smart-card. The essential reason that allows an attacker to implement a power analysis attack on a cryptosystem is leakage information, which is leaked during the operation of the cryptosystems encryption/decryption process and related to internal secret information. The general and efficient power analysis attack method proposed in this paper is based on an internally divided operation unit. As such, the proposed power analysis attack is implemented to expose the weakness of the operation of a symmetric key encryption algorithm in a smart-card

An Improved Square-always Exponentiation Resistant to Side-channel Attacks on RSA Implementation

AbstractMany cryptographic algorithms embedded in security devices have been used to strengthen home- land defense capability and protect critical information from cyber attacks. The RSA cryptosystem with the naive implementation of an exponentiation may reveal a secret key by two types of side-channel attacks, namely passive leakage information analysis and active fault injection attacks. Recently, a square-always exponentiation algorithm in which the multiplication is traded for squarings has been proposed. This novel algorithm for RSA implementation is faster than other regularity-based countermeasures and is resistant to SPA (simple power analysis) and fault injection attacks. This paper shows that the right-to-left version of square-always exponentiation algorithm is vulnerable to several side-channel attacks, namely collision distance-based doubling, chosen-message CPA (collision power analysis), and horizontal CPA-based combined attacks. Furthermore, an improved right-to-left square-always algorith...

Implementation of Side Channel Analysis Evaluation Boards for Cryptographic Software of Embedded Systems

Side channel analysis is a powerful cryptanalytic method to reveal secret information of cryptographic devices such as smart cards, USB tokens, OTP devices and secure embedded devices. To prevent side channel attacks we must implement countermeasures against it and evaluate security of these implementations. However, secure embedded devices except smart cards are not easy to evaluate security of them against SCA owing to their complicated components and circumstances. In this paper we designed boards for SCA evaluation of software implementations and tested them with block cipher algorithms.

Side-Channel Analysis Based on Input Collisions in Modular Multiplications and its Countermeasure

ABSTRACT The power analysis attack is a cryptanalytic technique to retri eve an users secret key using the side-channel power leakage occurred during the execution of cryptographic algorithm embedd ed on a physical device. Especially, many power analysis attacks have targeted on an exponentiation algorithm which is c omposed of hundreds of squarings and multiplications and adopted in public key cryptosystem such as RSA. Recently, a new correlation power attack, which is tried when two modular multiplications have a same input, is proposed in order to reco ver secret key. In this paper, after reviewing the principle of side-channel attack based on input collisions in modular multip lications, we analyze the vulnerability of some exponentiation algorithms having regularity property. Furthermore, we present an improved exponentiation countermeasure to resist against the input collision-based CPA(Correlation Power Analysis) attack an d existing side channel attacks and compare its security with other countermeasures.Keywords: Power Analysis Attack, Exponentiation Algorithm, Modular Multi plication, Input Collision-based CPA