On the Importance of Protecting Δ in SFLASH against Side Channel Attacks(Tamper-Resistance)(<Special Section>Cryptography and Information Security)
スポンサーリンク
概要
- 論文の詳細を見る
SFLASH was chosen as one of the final selection of the NESSIE project in 2003. It is one of the most efficient digital signature scheme and is suitable for implementation on memory-constrained devices such as smartcards. Side channel attacks (SCA) are a serious threat to memory-constrained devices. If the implementation on them is careless, the secret key may be revealed. In this paper, we experimentally analyze the effectiveness of a side channel attack on SFLASH. There are two different secret keys for SFLASH, namely the proper secret key (s, t) and the random seed Δ used for the hash function SHA-1. Whereas many papers discussed the security of (s, t), little is known about that of Δ. Steinwandt et al. proposed a theoretical DPA for finding Δ by observing the XOR operations. We propose another DPA on Δ using the addition operation modulo 2^<32>, and present an experimental result of the DPA. After obtaining the secret key Δ, the underlying problem of SFLASH can be reduced to the C^* problem broken by Patarin. From our simulation, about 1408 pairs of messages and signatures are needed to break SFLASH. Consequently, SHA-1 must be carefully implemented in order to resist SCA on SFLASH^*
- 社団法人電子情報通信学会の論文
- 2005-01-01
著者
-
OKEYA Katsuyuki
Systems Development Laboratory, Hitachi Ltd.
-
Okeya Katsuyuki
Systems Development Laboratory Hitachi Ltd.
-
Vuillaume Camille
Fachbereich Informatik Technische Universitat Darmstadt
-
TAGAKI Tsuyoshi
Fachbereich Informatik, Technische Universitat Darmstadt
-
Tagaki Tsuyoshi
Fachbereich Informatik Technische Universitat Darmstadt
関連論文
- Recursive Double-Size Modular Multiplications from Euclidean and Montgomery Multipliers
- Recursive Double-Size Modular Multiplications from Euclidean and Montgomery Multipliers
- Faster Double-Size Bipartite Multiplication out of Montgomery Multipliers
- Montgomery Multiplication with Twice the Bit-Length of Multipliers
- Use of Montgomery Trick in Precomputation of Multi-Scalar Multiplication in Elliptic Curve Cryptosystems(Special Section on Cryptography and Information Security)
- SCA-Resistant and Fast Elliptic Scalar Multiplication Based on wNAF (Asymmetric Cipher) (Cryptography and Information Security)
- Defeating Simple Power Analysis on Koblitz Curves(Discrete Mathematics and Its Applications)
- Security Analysis of the SPA-Resistant Fractional Width Method(Elliptic Curve Cryptography, Cryptography and Information Security)
- Cryptanalysis of Ha-Moon's Countermeasure of Randomized Signed Scalar Multiplication(Discrete Mathematics and Its Applications)
- Side Channel Attacks against Hash-Based MACs with PGV Compression Functions
- On the Importance of Protecting Δ in SFLASH against Side Channel Attacks(Tamper-Resistance)(Cryptography and Information Security)
- A New Upper Bound for the Minimal Density of Joint Representations in Elliptic Curve Cryptosystems(Discrete Mathematics and Its Applications)