Defeating Countermeasures Based on Randomized BSD Representations

Abstract : The recent development of side channel attacks has lead implementers to use increasingly sophisticated countermeasures in critical operations such as modular exponentiation, or scalar multiplication on elliptic curves. A new class of countermeasures is based on inserting random decisions when choosing one representation of the secret scalar out of a large set of representations of the same value. For instance, this is the case of countermeasures proposed by Oswald and Aigner, or Ha and Moon, both based on randomized Binary Signed Digit (BSD) representations. Their advantage is to offer excellent speed performances. However, the first countermeasure and a simplified version of the second one were already broken using Markov chain analysis. In this paper, we take a different approach to break the full version of Ha-Moons countermeasure using a novel technique based on detecting local collisions in the intermediate states of computation. We also show that randomized BSD representations present some fundamental problems and thus recommend not to use them as a protection against side-channel attacks.
Document type :
Conference papers
Complete list of metadatas

https://hal.inria.fr/inria-00563963
Contributor : Pierre-Alain Fouque <>
Submitted on : Monday, February 7, 2011 - 4:29:00 PM
Last modification on : Tuesday, April 24, 2018 - 5:20:13 PM

Links full text

Identifiers

Collections

Citation

Pierre-Alain Fouque, Frédéric Muller, Guillaume Poupard, Frédéric Valette. Defeating Countermeasures Based on Randomized BSD Representations. Cryptographic Hardware and Embedded Systems - CHES 2004: 6th International Workshop, 2004, Cambridge, MA, United States. pp.312-327, ⟨10.1007/978-3-540-28632-5_23⟩. ⟨inria-00563963⟩

Share

Metrics

Record views

64