Horizontal Correlation Analysis on Exponentiation

Christophe Clavier; Benoit Feix; Georges Gagnerot; Mylène Roussellet; Vincent Verneuil

HAL : inria-00540384, version 1

Horizontal Correlation Analysis on Exponentiation
Clavier C., Feix B., Gagnerot G., Roussellet M., Verneuil V.
Dans Twelfth International Conference on Information and Communications Security - Twelfth International Conference on Information and Communications Security, Barcelona : Espagne (2010) - http://hal.inria.fr/inria-00540384

Type de publication :

Communications avec actes

Domaine :

Informatique/Cryptographie et sécurité

Titre :

Horizontal Correlation Analysis on Exponentiation

Auteur(s) :

Christophe Clavier (

) ¹, Benoit Feix (

) ², Georges Gagnerot (

) ^1, 2, Mylène Roussellet (

) ², Vincent Verneuil (

) ^2, 3

Projet(s) / laboratoire(s) :

1 :	XLIM (XLIM)

	http://www.xlim.fr

	CNRS : UMR6172 – Université de Limoges

	123 Avenue Albert THOMAS 87060 LIMOGES CEDEX

	France

2 :	Inside Contactless

	Inside Contactless

	41, Parc Club du Golf 13856 Aix en Provence cedex 3

	France

3 :	LFANT (INRIA Bordeaux - Sud-Ouest)

	INRIA – Université de Bordeaux – CNRS : UMR5251

	France

Équipe de recherche (sauf Inria) :

DMI

Résumé :

We introduce in this paper a technique in which we apply correlation analysis using only one execution power curve during an exponentiation to recover the whole secret exponent manipulated by the chip. As in the Big Mac attack from Walter, longer keys may facilitate this analysis and success will depend on the arithmetic coprocessor characteristics. We present the theory of the attack with some practical successful results on an embedded device and analyze the eﬃciency of classical countermeasures with respect to our attack. Our technique, which uses a single exponentiation curve, cannot be prevented by exponent blinding. Also, contrarily to the Big Mac attack, it applies even in the case of regular implementations such as the square and multiply always or the Montgomery ladder. We also point out that DSA and Diﬃe-Hellman exponentiations are no longer immune against CPA. Then we discuss the eﬃciency of known countermeasures, and we ﬁnally present some new ones.

Langue du document :

Anglais

Date de publication :

12/2010

Audience :

internationale

Titre conférence :

Twelfth International Conference on Information and Communications Security

Ville :

Barcelona

Pays :

Espagne

Date conférence :

15/12/2010

Date conférence (fin) :

17/12/2010

Organisateur :

Universitat Politècnica de Catalunya

Editeur(s) scientifique(s) :

Juan Hernández-Serrano

Editeur commercial :

Springer

Collection :

LNCS

Pagination :

tbd

Date de rédaction :

2010

Collaboration(s) :

LFANT

Liste des fichiers attachés à ce document :

PDF

Horizontal_Correlation_Analysis_on_Exponentiation.pdf

(1.1 MB)


inria-00540384, version 1
http://hal.inria.fr/inria-00540384
oai:hal.inria.fr:inria-00540384
Contributeur : Vincent Verneuil <>
Soumis le : Lundi 29 Novembre 2010, 14:10:46
Dernière modification le : Jeudi 6 Janvier 2011, 23:21:42