Further security analysis of XTR

Dong Guk Han, Tsuyoshi Takagi, Jong In Lim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Abstract

In Crypto 2000 and 2003, Lenstra-Verheul and Rubin-Silverberg proposed XTR public key system and torus based public key cryptosystem CEILIDH, respectively. The common main idea of XTR and CEILIDH is to shorten the bandwidth of transmission data. Due to the contribution of Granger et al., that is the comparison result of the performance of CEILIDH and XTR, XTR is an excellent alternative to either RSA or ECC in some applications, where computational power and memory capacity are both very limited, such as smart-cards. Among the family of XTR algorithm, Improved XTR Single Exponentiation (XTR-ISE) is the most efficient one, which computes single exponentiation. However, there are few papers investigating the side channel attacks of XTR-ISE, even though the memory constraint devices suffer most from vulnerability to side channel attacks. Chung-Hasan and Page-Stam tried to analyze XTR-ISE with the known simple power analysis, but unfortunately their approach were not practically feasible. Recently, Han et al. proposed new collision attack on it with analysis complexity O(240) when the key size is 160-bit. In this paper we analyze XTR-ISE from other point of view, namely differential power analysis (DPA). One straightforward result is that XTR-ISE can be free from the original DPA. However, a non-trivial result is that an enhancing DPA proposed in this paper threatens XTR-ISE. Furthermore, we show several weak points of the structure of XTR-ISE. From our simulation results, we show the proposed attack requires about 584 times queries to DPA_Oracle to detect the whole 160-bit secret value. This result shows that XTR-ISE is vulnerable to the proposed enhancing DPA.

Original languageEnglish
Title of host publicationLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Pages33-44
Number of pages12
Volume3903 LNCS
DOIs
Publication statusPublished - 2006 Jul 10
Event2nd International Conference on Information Security Practice and Experience, ISPEC 2006 - Hangzhou, China
Duration: 2006 Apr 112006 Apr 14

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3903 LNCS
ISSN (Print)03029743
ISSN (Electronic)16113349

Other

Other2nd International Conference on Information Security Practice and Experience, ISPEC 2006
CountryChina
CityHangzhou
Period06/4/1106/4/14

Fingerprint

Exponentiation
Security Analysis
Differential Power Analysis
Side Channel Attacks
Data storage equipment
Smart cards
Collision Attack
Public-key Cryptosystem
Power Analysis
Smart Card
Systems Analysis
Complexity Analysis
Power (Psychology)
Comparison Result
Public key
Data communication systems
Cryptography
Data Transmission
Vulnerability
Torus

Keywords

  • Differential power analysis
  • XTR public key system
  • XTR-ISE

ASJC Scopus subject areas

  • Computer Science(all)
  • Biochemistry, Genetics and Molecular Biology(all)
  • Theoretical Computer Science

Cite this

Han, D. G., Takagi, T., & Lim, J. I. (2006). Further security analysis of XTR. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 3903 LNCS, pp. 33-44). (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3903 LNCS). https://doi.org/10.1007/11689522_4

Further security analysis of XTR. / Han, Dong Guk; Takagi, Tsuyoshi; Lim, Jong In.

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 3903 LNCS 2006. p. 33-44 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics); Vol. 3903 LNCS).

Research output: Chapter in Book/Report/Conference proceedingConference contribution

Han, DG, Takagi, T & Lim, JI 2006, Further security analysis of XTR. in Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). vol. 3903 LNCS, Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), vol. 3903 LNCS, pp. 33-44, 2nd International Conference on Information Security Practice and Experience, ISPEC 2006, Hangzhou, China, 06/4/11. https://doi.org/10.1007/11689522_4
Han DG, Takagi T, Lim JI. Further security analysis of XTR. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 3903 LNCS. 2006. p. 33-44. (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)). https://doi.org/10.1007/11689522_4
Han, Dong Guk ; Takagi, Tsuyoshi ; Lim, Jong In. / Further security analysis of XTR. Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics). Vol. 3903 LNCS 2006. pp. 33-44 (Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)).
@inproceedings{b1e58db20b894e6d8c78af742e495199,
title = "Further security analysis of XTR",
abstract = "In Crypto 2000 and 2003, Lenstra-Verheul and Rubin-Silverberg proposed XTR public key system and torus based public key cryptosystem CEILIDH, respectively. The common main idea of XTR and CEILIDH is to shorten the bandwidth of transmission data. Due to the contribution of Granger et al., that is the comparison result of the performance of CEILIDH and XTR, XTR is an excellent alternative to either RSA or ECC in some applications, where computational power and memory capacity are both very limited, such as smart-cards. Among the family of XTR algorithm, Improved XTR Single Exponentiation (XTR-ISE) is the most efficient one, which computes single exponentiation. However, there are few papers investigating the side channel attacks of XTR-ISE, even though the memory constraint devices suffer most from vulnerability to side channel attacks. Chung-Hasan and Page-Stam tried to analyze XTR-ISE with the known simple power analysis, but unfortunately their approach were not practically feasible. Recently, Han et al. proposed new collision attack on it with analysis complexity O(240) when the key size is 160-bit. In this paper we analyze XTR-ISE from other point of view, namely differential power analysis (DPA). One straightforward result is that XTR-ISE can be free from the original DPA. However, a non-trivial result is that an enhancing DPA proposed in this paper threatens XTR-ISE. Furthermore, we show several weak points of the structure of XTR-ISE. From our simulation results, we show the proposed attack requires about 584 times queries to DPA_Oracle to detect the whole 160-bit secret value. This result shows that XTR-ISE is vulnerable to the proposed enhancing DPA.",
keywords = "Differential power analysis, XTR public key system, XTR-ISE",
author = "Han, {Dong Guk} and Tsuyoshi Takagi and Lim, {Jong In}",
year = "2006",
month = "7",
day = "10",
doi = "10.1007/11689522_4",
language = "English",
isbn = "3540330526",
volume = "3903 LNCS",
series = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",
pages = "33--44",
booktitle = "Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)",

}

TY - GEN

T1 - Further security analysis of XTR

AU - Han, Dong Guk

AU - Takagi, Tsuyoshi

AU - Lim, Jong In

PY - 2006/7/10

Y1 - 2006/7/10

N2 - In Crypto 2000 and 2003, Lenstra-Verheul and Rubin-Silverberg proposed XTR public key system and torus based public key cryptosystem CEILIDH, respectively. The common main idea of XTR and CEILIDH is to shorten the bandwidth of transmission data. Due to the contribution of Granger et al., that is the comparison result of the performance of CEILIDH and XTR, XTR is an excellent alternative to either RSA or ECC in some applications, where computational power and memory capacity are both very limited, such as smart-cards. Among the family of XTR algorithm, Improved XTR Single Exponentiation (XTR-ISE) is the most efficient one, which computes single exponentiation. However, there are few papers investigating the side channel attacks of XTR-ISE, even though the memory constraint devices suffer most from vulnerability to side channel attacks. Chung-Hasan and Page-Stam tried to analyze XTR-ISE with the known simple power analysis, but unfortunately their approach were not practically feasible. Recently, Han et al. proposed new collision attack on it with analysis complexity O(240) when the key size is 160-bit. In this paper we analyze XTR-ISE from other point of view, namely differential power analysis (DPA). One straightforward result is that XTR-ISE can be free from the original DPA. However, a non-trivial result is that an enhancing DPA proposed in this paper threatens XTR-ISE. Furthermore, we show several weak points of the structure of XTR-ISE. From our simulation results, we show the proposed attack requires about 584 times queries to DPA_Oracle to detect the whole 160-bit secret value. This result shows that XTR-ISE is vulnerable to the proposed enhancing DPA.

AB - In Crypto 2000 and 2003, Lenstra-Verheul and Rubin-Silverberg proposed XTR public key system and torus based public key cryptosystem CEILIDH, respectively. The common main idea of XTR and CEILIDH is to shorten the bandwidth of transmission data. Due to the contribution of Granger et al., that is the comparison result of the performance of CEILIDH and XTR, XTR is an excellent alternative to either RSA or ECC in some applications, where computational power and memory capacity are both very limited, such as smart-cards. Among the family of XTR algorithm, Improved XTR Single Exponentiation (XTR-ISE) is the most efficient one, which computes single exponentiation. However, there are few papers investigating the side channel attacks of XTR-ISE, even though the memory constraint devices suffer most from vulnerability to side channel attacks. Chung-Hasan and Page-Stam tried to analyze XTR-ISE with the known simple power analysis, but unfortunately their approach were not practically feasible. Recently, Han et al. proposed new collision attack on it with analysis complexity O(240) when the key size is 160-bit. In this paper we analyze XTR-ISE from other point of view, namely differential power analysis (DPA). One straightforward result is that XTR-ISE can be free from the original DPA. However, a non-trivial result is that an enhancing DPA proposed in this paper threatens XTR-ISE. Furthermore, we show several weak points of the structure of XTR-ISE. From our simulation results, we show the proposed attack requires about 584 times queries to DPA_Oracle to detect the whole 160-bit secret value. This result shows that XTR-ISE is vulnerable to the proposed enhancing DPA.

KW - Differential power analysis

KW - XTR public key system

KW - XTR-ISE

UR - http://www.scopus.com/inward/record.url?scp=33745620716&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=33745620716&partnerID=8YFLogxK

U2 - 10.1007/11689522_4

DO - 10.1007/11689522_4

M3 - Conference contribution

AN - SCOPUS:33745620716

SN - 3540330526

SN - 9783540330523

VL - 3903 LNCS

T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

SP - 33

EP - 44

BT - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)

ER -