TY - GEN
T1 - A countermeasure against one physical cryptanalysis may benefit another attack
AU - Yen, Sung Ming
AU - Kim, Seungjoo
AU - Lim, Seongan
AU - Moon, Sangjae
N1 - Publisher Copyright:
© Springer-Verlag Berlin Heidelberg 2002.
Copyright:
Copyright 2015 Elsevier B.V., All rights reserved.
PY - 2002
Y1 - 2002
N2 - Recently, many research works have been reported about how physical cryptanalysis can be carried out on cryptographic devices by exploiting any possible leaked information through side channels. In this paper, we demonstrate a new type of safe-error based hardware fault cryptanalysis which is mounted on a recently reported countermeasure against simple power analysis attack. This safe-error based attack is developed by inducing a temporary random computational fault other than a temporary memory fault which was explicitly assumed in the first published safe-error based attack (in which more precisions on timing and fault location are assumed) proposed by Yen and Joye. Analysis shows that the new safe-error based attack proposed in this paper is powerful and feasible because the cryptanalytic complexity (especially the computational complexity) is quite small and the assumptions made are more reasonable. Existing research works considered many possible countermeasures against each kind of physical cryptanalysis. This paper and a few previous reports clearly show that a countermeasure developed against one physical attack does not necessarily thwart another kind of physical attack. However, almost no research has been done on dealing the possible mutual relationship between different kinds of physical cryptanalysis when choosing a specific countermeasure. Most importantly, in this paper we wish to emphasize that a countermeasure developed against one physical attack if not carefully examined may benefit another physical attack tremendously. This issue has never been explicitely noticed previously but its importance can not be overlooked because of the attack found in this paper. Notice that almost all the issues considered in this paper on a modular exponentiation also applies to a scalar multiplication over an elliptic curve.
AB - Recently, many research works have been reported about how physical cryptanalysis can be carried out on cryptographic devices by exploiting any possible leaked information through side channels. In this paper, we demonstrate a new type of safe-error based hardware fault cryptanalysis which is mounted on a recently reported countermeasure against simple power analysis attack. This safe-error based attack is developed by inducing a temporary random computational fault other than a temporary memory fault which was explicitly assumed in the first published safe-error based attack (in which more precisions on timing and fault location are assumed) proposed by Yen and Joye. Analysis shows that the new safe-error based attack proposed in this paper is powerful and feasible because the cryptanalytic complexity (especially the computational complexity) is quite small and the assumptions made are more reasonable. Existing research works considered many possible countermeasures against each kind of physical cryptanalysis. This paper and a few previous reports clearly show that a countermeasure developed against one physical attack does not necessarily thwart another kind of physical attack. However, almost no research has been done on dealing the possible mutual relationship between different kinds of physical cryptanalysis when choosing a specific countermeasure. Most importantly, in this paper we wish to emphasize that a countermeasure developed against one physical attack if not carefully examined may benefit another physical attack tremendously. This issue has never been explicitely noticed previously but its importance can not be overlooked because of the attack found in this paper. Notice that almost all the issues considered in this paper on a modular exponentiation also applies to a scalar multiplication over an elliptic curve.
KW - Cryptography
KW - Exponentiation
KW - Hardware fault cryptanalysis
KW - Physical cryptanalysis
KW - Power analysis attack
KW - Side channel attack
KW - Square-multiply exponentiation
KW - Timing attack
UR - http://www.scopus.com/inward/record.url?scp=84949979593&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=84949979593&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:84949979593
SN - 3540433198
SN - 9783540433194
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 414
EP - 427
BT - Information Security and Cryptology - ICISC 2001 - 4th International Conference, Proceedings
A2 - Kim, Kwangjo
PB - Springer Verlag
T2 - 4th International Conference on Information Security and Cryptology, ICISC 2001
Y2 - 6 December 2001 through 7 December 2001
ER -