1. Resilience of Randomized RNS Arithmetic with Respect to Side-Channel Leaks of Cryptographic Computation
- Author
-
Lokman A. Abbas-Turki, Jean-Claude Bajard, Jerome Courtois, ALgorithms for coMmunicAtion SecuriTY (ALMASTY), LIP6, Sorbonne Université (SU)-Centre National de la Recherche Scientifique (CNRS)-Sorbonne Université (SU)-Centre National de la Recherche Scientifique (CNRS), Laboratoire de Probabilités, Statistiques et Modélisations (LPSM (UMR_8001)), Université Paris Diderot - Paris 7 (UPD7)-Sorbonne Université (SU)-Centre National de la Recherche Scientifique (CNRS), ANR-15-CE39-0002,ARRAND,Arithmétiques Randomisées(2015), and Laboratoire de Probabilités, Statistique et Modélisation (LPSM (UMR_8001))
- Subjects
information leakage ,moduli randomization ,Computer science ,Computation ,Cryptography ,02 engineering and technology ,Residue number system ,Scalar multiplication ,side channel ,Theoretical Computer Science ,Moduli ,Hamming distance ,0202 electrical engineering, electronic engineering, information engineering ,Code (cryptography) ,ECC ,[INFO]Computer Science [cs] ,Side channel attack ,Arithmetic ,Elliptic curve cryptography ,Hamming weight ,Maximum Likelihood Estimator ! ,Monte Carlo ,060201 languages & linguistics ,business.industry ,DPA ,Index Terms-RNS ,06 humanities and the arts ,CPA ,Elliptic curve ,Power analysis ,Computational Theory and Mathematics ,Hardware and Architecture ,0602 languages and literature ,Information leakage ,020201 artificial intelligence & image processing ,business ,Hamming code ,Software - Abstract
International audience; In this paper, we want to promote the influence of randomized arithmetic on the leaks during a code execution. When somebody wants to extract some specific information from these leaks, one can observe different emanations of the device like power consumption. These leaks mostly come from the variations of the Hamming distances of the successive states of the system. This phenomenon is particularly critical for cryptographic devices. Our work evaluates the resilience of randomized moduli in Residue Number System (RNS) against Correlation Power Analysis (CPA), Differential Power Analysis (DPA). Our analysis is illustrated through the evaluation of scalar multiplication on an elliptic curve using the Montgomery Powering Ladder (MPL) algorithm which protects from Simple Power Analysis (SPA). We also propose an evaluation based on the Maximum Likelihood Estimator (MLE), which crosses the information of the whole state vector, instead of analysing only the current state like with CPA or DPA. Furthermore, MLE gives better performance and smooths the results allowing a better evaluation of the behaviour of the leakage. Our experimental evaluation suggests that the number of observations, needed to perform exploitable information leakage, is proportional to the number of possible RNS bases.
- Published
- 2019
- Full Text
- View/download PDF