This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: A Survey on Passive Side-Channel Attacks and their Countermeasures for the NESSIE Public-Key Cryptosystems Elisabeth Oswald ∗ Bart Preneel † Abstract Public-key cryptosystems are one of the basic building blocks of modern cryptographic systems. Therefore, it is important that they allow to be implemented resistant to several types of side-channel attacks. In this survey paper, we give an overview of the possible vulnerabilities of implementations of public-key cryptosystems that have been submitted to the NESSIE project and we additionally discuss some of the suggested countermeasures. 1 Introduction With public-key cryptography, many tasks which are diﬃcult to perform with just symmetric- key cryptography, can be performed in an elegant way. The distribution of secret keys and the generation of digital signatures are the most prominent examples. Digital signature schemes become more and more important in our every day’s life. E- Government and e-commerce require such schemes for their eﬃcient and secure realization. Of course, as soon as cryptographic algorithms get implemented in real life applications, not only their security against theoretical attacks are important, but also the security of their implementations. If an algorithm can only be implemented very ineﬃciently (in terms of speed or size) in a secure way, it is less attractive than algorithms which can be implemented securely and eﬃciently. This is the motivation to investigate the vulnerabilities to implementation attacks of some of the asymmetric NESSIE primitives. In section 2 we introduce the concepts of passive side-channel attacks and identify the vulnerable parts of some of the asymmetric NESSIE candidates. In section 3 we present an overview on the suggested countermeasures, their advantages and disadvantages. Section 4 concludes the investigations of this paper. 2 Vulnerabilities Unprotected software or hardware implementations offer various possibilities for side-channel attacks. A passive side-channel attack (or information leakage attack) in general, utilizes the leakage of a certain side-channel information to determine the private key which is used inside the device. Side-channels that can be eﬃciently exploited today are the power consumption, the timing characteristics and the electromagnetic emanations of a device. In a simple side- channel attack the information of a single measurement of the side-channel is typically used ∗ IAIK, Graz University of Technology and, COSIC, KU Leuven † COSIC, KU Leuven 1 for an attack. Such an attack can only be successful if the signal, which the attacker wants to exploit, is already strongly present in one obtained measurement. If this is not the case, i.e. if the signal which an attacker wants to exploit is covered by a lot of noise, several measurements have to be taken and statistical procedures have to be applied on them. These types of side-channel attacks are usually referred to as differential side-channel attacks...
View Full Document
This note was uploaded on 02/02/2011 for the course SECURITY 2354 taught by Professor Morganjones during the Spring '11 term at Ucla Venezuela.
- Spring '11