368 Marc Joye
We assume that the attacker already knows d
k−1
,...,d
k−n+1
. Her goal is to recover
the value of the next bit, d
k−n
.
1. The attacker guesses that d
k−n
= 1.
2. Next, the attacker randomly chooses t messages, m
1
,...,m
t
, and prepares two
sets of messages, S
0
and S
1
,givenby
S
0
=
+
m
i
| Montgomery multiplication R
0
←R
0
·R
1
in Line 4 of
Algorithm 5 does not induce a subtraction for j = k −n
,
and
S
1
=
+
m
i
| Montgomery multiplication R
0
←R
0
·R
1
in Line 4 of
Algorithm 5 induces a subtraction for j = k −n
,
.
3. For each message in set S
0
, the attacker requests the signature and measures the
computation time to get it. She does the same for messages in set S
1
.Let
¯
τ
0
and
¯
τ
1
denote the average time (per signature request) for messages in S
0
and S
1
,
respectively.
4. If
¯
τ
1
≈
¯
τ
0
then the guess of the attacker was wrong and d
k−n
= 0. If
¯
τ
1
¯
τ
0
(more precisely, if the time difference between
¯
τ
1
and
¯
τ
0
is roughly the time of a
subtraction) then the attacker correctly guessed that d
k−n
= 1.
5. Now that the attacker knows d
k−1
,...,d
k−n+1
,d
k−n
, she iterates the attack to re-
cover the value of d
k−n−1
andsoon.
It is worth noting that if d
n−k
= 0thentwosets,S
0
and S
1
,behaveastwo
random sets and so the average computation time for messages in S
0
and S
1
will
be roughly the same.
The previous attack can be improved in a number of ways. In particular, the
knowledge of public exponent e = d
−1
mod
φ
(N) and lattice basis reduction tech-
niques may help to speed up the recovery of d [4].
13.3 Simple Power Analysis
The power consumption of cryptographic devices, such as smart cards, depends on
the manipulated data and of the executed instructions. It can be monitored on an
oscilloscope by inserting a resistor in series with the ground or power supply pin.
The so-obtained measurement is called a power trace.
Simple power analysis (SPA) [7] is a technique that involves direct interpretation
of a power trace. This section presents some applications of simple power analysis.
We show how to reverse-engineer the code of a program, namely how to recover
an unknown instruction. The two other applications are actually attacks. We mount
key recovery attacks against implementations of a private RSA exponentiation and
a DES key schedule [11], as alluded in [8, Section 11].
剩余15页未读,继续阅读
tpu01yzx
- 粉丝: 3
- 资源: 15
我的内容管理
展开
最新资源
- 多模态联合稀疏表示在视频目标跟踪中的应用
- Kubernetes资源管控与Gardener开源软件实践解析
- MPI集群监控与负载平衡策略
- 自动化PHP安全漏洞检测:静态代码分析与数据流方法
- 青苔数据CEO程永:技术生态与阿里云开放创新
- 制造业转型: HyperX引领企业上云策略
- 赵维五分享:航空工业电子采购上云实战与运维策略
- 单片机控制的LED点阵显示屏设计及其实现
- 驻云科技李俊涛:AI驱动的云上服务新趋势与挑战
- 6LoWPAN物联网边界路由器:设计与实现
- 猩便利工程师仲小玉:Terraform云资源管理最佳实践与团队协作
- 类差分度改进的互信息特征选择提升文本分类性能
- VERITAS与阿里云合作的混合云转型与数据保护方案
- 云制造中的生产线仿真模型设计与虚拟化研究
- 汪洋在PostgresChina2018分享:高可用 PostgreSQL 工具与架构设计
- 2018 PostgresChina大会:阿里云时空引擎Ganos在PostgreSQL中的创新应用与多模型存储
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
