A countermeasure against one physical cryptanalysis may benefit another attack

Sung Ming Yen; Seung-Joo Kim; Seongan Lim; Sangjae Moon

A countermeasure against one physical cryptanalysis may benefit another attack

Sung Ming Yen, Seung-Joo Kim, Seongan Lim, Sangjae Moon

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Recently, many research works have been reported about how physical cryptanalysis can be carried out on cryptographic devices by exploiting any possible leaked information through side channels. In this paper, we demonstrate a new type of safe-error based hardware fault cryptanalysis which is mounted on a recently reported countermeasure against simple power analysis attack. This safe-error based attack is developed by inducing a temporary random computational fault other than a temporary memory fault which was explicitly assumed in the first published safe-error based attack (in which more precisions on timing and fault location are assumed) proposed by Yen and Joye. Analysis shows that the new safe-error based attack proposed in this paper is powerful and feasible because the cryptanalytic complexity (especially the computational complexity) is quite small and the assumptions made are more reasonable. Existing research works considered many possible countermeasures against each kind of physical cryptanalysis. This paper and a few previous reports clearly show that a countermeasure developed against one physical attack does not necessarily thwart another kind of physical attack. However, almost no research has been done on dealing the possible mutual relationship between different kinds of physical cryptanalysis when choosing a specific countermeasure. Most importantly, in this paper we wish to emphasize that a countermeasure developed against one physical attack if not carefully examined may benefit another physical attack tremendously. This issue has never been explicitely noticed previously but its importance can not be overlooked because of the attack found in this paper. Notice that almost all the issues considered in this paper on a modular exponentiation also applies to a scalar multiplication over an elliptic curve.

Original language	English
Title of host publication	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Publisher	Springer Verlag
Pages	414-427
Number of pages	14
Volume	2288
ISBN (Print)	3540433198, 9783540433194
Publication status	Published - 2002
Externally published	Yes
Event	4th International Conference on Information Security and Cryptology, ICISC 2001 - Seoul, Korea, Republic of Duration: 2001 Dec 6 → 2001 Dec 7

Publication series

Name	Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume	2288
ISSN (Print)	03029743
ISSN (Electronic)	16113349

Other

Other	4th International Conference on Information Security and Cryptology, ICISC 2001
Country	Korea, Republic of
City	Seoul
Period	01/12/6 → 01/12/7

Fingerprint

Keywords

Cryptography
Exponentiation
Hardware fault cryptanalysis
Physical cryptanalysis
Power analysis attack
Side channel attack
Square-multiply exponentiation
Timing attack

ASJC Scopus subject areas

Computer Science(all)
Theoretical Computer Science

Cite this

Yen, S. M., Kim, S-J., Lim, S., & Moon, S. (2002). A countermeasure against one physical cryptanalysis may benefit another attack. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 2288, pp. 414-427). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2288). Springer Verlag.

A countermeasure against one physical cryptanalysis may benefit another attack. / Yen, Sung Ming; Kim, Seung-Joo; Lim, Seongan; Moon, Sangjae.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 2288 Springer Verlag, 2002. p. 414-427 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 2288).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Yen, SM, Kim, S-J, Lim, S & Moon, S 2002, A countermeasure against one physical cryptanalysis may benefit another attack. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 2288, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 2288, Springer Verlag, pp. 414-427, 4th International Conference on Information Security and Cryptology, ICISC 2001, Seoul, Korea, Republic of, 01/12/6.

Yen SM, Kim S-J, Lim S, Moon S. A countermeasure against one physical cryptanalysis may benefit another attack. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 2288. Springer Verlag. 2002. p. 414-427. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

Yen, Sung Ming ; Kim, Seung-Joo ; Lim, Seongan ; Moon, Sangjae. / A countermeasure against one physical cryptanalysis may benefit another attack. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 2288 Springer Verlag, 2002. pp. 414-427 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).

@inproceedings{65b20db0267a4c51a264868bff983f9c,

title = "A countermeasure against one physical cryptanalysis may benefit another attack",

abstract = "Recently, many research works have been reported about how physical cryptanalysis can be carried out on cryptographic devices by exploiting any possible leaked information through side channels. In this paper, we demonstrate a new type of safe-error based hardware fault cryptanalysis which is mounted on a recently reported countermeasure against simple power analysis attack. This safe-error based attack is developed by inducing a temporary random computational fault other than a temporary memory fault which was explicitly assumed in the first published safe-error based attack (in which more precisions on timing and fault location are assumed) proposed by Yen and Joye. Analysis shows that the new safe-error based attack proposed in this paper is powerful and feasible because the cryptanalytic complexity (especially the computational complexity) is quite small and the assumptions made are more reasonable. Existing research works considered many possible countermeasures against each kind of physical cryptanalysis. This paper and a few previous reports clearly show that a countermeasure developed against one physical attack does not necessarily thwart another kind of physical attack. However, almost no research has been done on dealing the possible mutual relationship between different kinds of physical cryptanalysis when choosing a specific countermeasure. Most importantly, in this paper we wish to emphasize that a countermeasure developed against one physical attack if not carefully examined may benefit another physical attack tremendously. This issue has never been explicitely noticed previously but its importance can not be overlooked because of the attack found in this paper. Notice that almost all the issues considered in this paper on a modular exponentiation also applies to a scalar multiplication over an elliptic curve.",

keywords = "Cryptography, Exponentiation, Hardware fault cryptanalysis, Physical cryptanalysis, Power analysis attack, Side channel attack, Square-multiply exponentiation, Timing attack",

author = "Yen, {Sung Ming} and Seung-Joo Kim and Seongan Lim and Sangjae Moon",

year = "2002",

language = "English",

isbn = "3540433198",

volume = "2288",

series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

publisher = "Springer Verlag",

pages = "414--427",

booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

note = "4th International Conference on Information Security and Cryptology, ICISC 2001 ; Conference date: 06-12-2001 Through 07-12-2001",

}

TY - GEN

T1 - A countermeasure against one physical cryptanalysis may benefit another attack

AU - Yen, Sung Ming

AU - Kim, Seung-Joo

AU - Lim, Seongan

AU - Moon, Sangjae

PY - 2002

Y1 - 2002

N2 - Recently, many research works have been reported about how physical cryptanalysis can be carried out on cryptographic devices by exploiting any possible leaked information through side channels. In this paper, we demonstrate a new type of safe-error based hardware fault cryptanalysis which is mounted on a recently reported countermeasure against simple power analysis attack. This safe-error based attack is developed by inducing a temporary random computational fault other than a temporary memory fault which was explicitly assumed in the first published safe-error based attack (in which more precisions on timing and fault location are assumed) proposed by Yen and Joye. Analysis shows that the new safe-error based attack proposed in this paper is powerful and feasible because the cryptanalytic complexity (especially the computational complexity) is quite small and the assumptions made are more reasonable. Existing research works considered many possible countermeasures against each kind of physical cryptanalysis. This paper and a few previous reports clearly show that a countermeasure developed against one physical attack does not necessarily thwart another kind of physical attack. However, almost no research has been done on dealing the possible mutual relationship between different kinds of physical cryptanalysis when choosing a specific countermeasure. Most importantly, in this paper we wish to emphasize that a countermeasure developed against one physical attack if not carefully examined may benefit another physical attack tremendously. This issue has never been explicitely noticed previously but its importance can not be overlooked because of the attack found in this paper. Notice that almost all the issues considered in this paper on a modular exponentiation also applies to a scalar multiplication over an elliptic curve.

AB - Recently, many research works have been reported about how physical cryptanalysis can be carried out on cryptographic devices by exploiting any possible leaked information through side channels. In this paper, we demonstrate a new type of safe-error based hardware fault cryptanalysis which is mounted on a recently reported countermeasure against simple power analysis attack. This safe-error based attack is developed by inducing a temporary random computational fault other than a temporary memory fault which was explicitly assumed in the first published safe-error based attack (in which more precisions on timing and fault location are assumed) proposed by Yen and Joye. Analysis shows that the new safe-error based attack proposed in this paper is powerful and feasible because the cryptanalytic complexity (especially the computational complexity) is quite small and the assumptions made are more reasonable. Existing research works considered many possible countermeasures against each kind of physical cryptanalysis. This paper and a few previous reports clearly show that a countermeasure developed against one physical attack does not necessarily thwart another kind of physical attack. However, almost no research has been done on dealing the possible mutual relationship between different kinds of physical cryptanalysis when choosing a specific countermeasure. Most importantly, in this paper we wish to emphasize that a countermeasure developed against one physical attack if not carefully examined may benefit another physical attack tremendously. This issue has never been explicitely noticed previously but its importance can not be overlooked because of the attack found in this paper. Notice that almost all the issues considered in this paper on a modular exponentiation also applies to a scalar multiplication over an elliptic curve.

KW - Cryptography

KW - Exponentiation

KW - Hardware fault cryptanalysis

KW - Physical cryptanalysis

KW - Power analysis attack

KW - Side channel attack

KW - Square-multiply exponentiation

KW - Timing attack

UR - http://www.scopus.com/inward/record.url?scp=84949979593&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=84949979593&partnerID=8YFLogxK

M3 - Conference contribution

AN - SCOPUS:84949979593

SN - 3540433198

SN - 9783540433194

VL - 2288

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 414

EP - 427

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

PB - Springer Verlag

T2 - 4th International Conference on Information Security and Cryptology, ICISC 2001

Y2 - 6 December 2001 through 7 December 2001

ER -

A countermeasure against one physical cryptanalysis may benefit another attack

Abstract

Publication series

Other

Fingerprint

Keywords

ASJC Scopus subject areas

Cite this

Access to Document