TY - GEN
T1 - Practical modifications of leadbitter et al.'s repeated-bits side-channel analysis on (EC)DSA
AU - Takashima, Katsuyuki
PY - 2005
Y1 - 2005
N2 - In this paper, we will report practical modifications of the side-channel analysis to (EC)DSA [1,2,4,31] that Leadbitter et al. have proposed in [12]. To apply the analyses, we assume that the window method is used in the exponentiation (EC scalar multiplication) calculation and the side-channel information described in Section 2 can be collected. So far, the method in [12] haven't been effective when q is 160 bit long and the window size w < 9, We show that the modified method we propose in this paper is effective even when q is 160 bit long and w = 4, that is, in the case of frequent implementation. First, we estimate the window size w necessary for the proposed analyses (attacks) to succeed. Then by experiment of the new method, we show that private keys of (EC)DSA can be obtained under the above assumptions, in practical time and with sufficient success rate. The result raises the necessity of countermeasures against the analyses (attacks) in the window method based implementation of (EC)DSA.
AB - In this paper, we will report practical modifications of the side-channel analysis to (EC)DSA [1,2,4,31] that Leadbitter et al. have proposed in [12]. To apply the analyses, we assume that the window method is used in the exponentiation (EC scalar multiplication) calculation and the side-channel information described in Section 2 can be collected. So far, the method in [12] haven't been effective when q is 160 bit long and the window size w < 9, We show that the modified method we propose in this paper is effective even when q is 160 bit long and w = 4, that is, in the case of frequent implementation. First, we estimate the window size w necessary for the proposed analyses (attacks) to succeed. Then by experiment of the new method, we show that private keys of (EC)DSA can be obtained under the above assumptions, in practical time and with sufficient success rate. The result raises the necessity of countermeasures against the analyses (attacks) in the window method based implementation of (EC)DSA.
KW - (EC)DSA
KW - Lattice basis reduction algorithm
KW - Side-channel analysis (attack)
KW - Window method
UR - http://www.scopus.com/inward/record.url?scp=33744945303&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=33744945303&partnerID=8YFLogxK
M3 - Conference contribution
AN - SCOPUS:33744945303
SN - 3540310126
SN - 9783540310129
T3 - Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
SP - 259
EP - 270
BT - Information Security Applications - 6th International Workshop, WISA 2005, Revised Selected Papers
T2 - 6th International Workshop on Information Security Applications, WISA 2005
Y2 - 22 August 2005 through 24 August 2005
ER -