Combined implementation attack resistant exponentiation

Jörn Marc Schmidt, Michael Tunstall, Roberto Avanzi, Ilya Kizhvatov, Timo Kasper, David Oswald

Research output: Chapter in Book/Report/Conference proceedingConference contributionpeer-review

Abstract

Different types of implementation attacks, like those based on side channel leakage and active fault injection, are often considered as separate threats. Countermeasures are, therefore, often developed and implemented accordingly. However, Amiel et al. showed that an adversary can successfully combine two attack methods to overcome such countermeasures. In this paper, we consider instances of these combined attacks applied to RSA and elliptic curve-based cryptosystems. We show how previously proposed countermeasures may fail to thwart these attacks, and propose a countermeasure that protects the variables in a generic exponentiation algorithm in the same scenario.

Original languageEnglish
Title of host publicationProgress in Cryptology - LATINCRYPT 2010 - First International Conference on Cryptology and Information Security in Latin America, Proceedings
Pages305-322
Number of pages18
DOIs
StatePublished - 2010
Externally publishedYes
Event1st International Conference on Cryptology and Information Security in Latin America, LATINCRYPT 2010 - Puebla, Mexico
Duration: 8 Aug 201011 Aug 2010

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume6212 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349

Conference

Conference1st International Conference on Cryptology and Information Security in Latin America, LATINCRYPT 2010
Country/TerritoryMexico
CityPuebla
Period8/08/1011/08/10

Keywords

  • Combined Implementation Attacks
  • Countermeasures
  • ECC
  • Infective Computation
  • RSA

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science

Fingerprint

Dive into the research topics of 'Combined implementation attack resistant exponentiation'. Together they form a unique fingerprint.

Cite this