
For FullText PDF, please login, if you are a member of IEICE,
or go to Pay Per View on menu list, if you are a nonmember of IEICE.

A Simple Power Attack on a Randomized AdditionSubtraction Chains Method for Elliptic Curve Cryptosystems
Katsuyuki OKEYA Kouichi SAKURAI
Publication
IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences
Vol.E86A
No.5
pp.11711180 Publication Date: 2003/05/01
Online ISSN:
DOI:
Print ISSN: 09168508 Type of Manuscript: Special Section PAPER (Special Section on Discrete Mathematics and Its Applications) Category: Keyword: elliptic curve cryptosystems, side channel attacks, randomized additionsubtraction chains countermeasure, SPA attack, timing attack,
Full Text: PDF(319.8KB)>>
Summary:
We show that a randomized additionsubtraction chains countermeasure against side channel attacks is vulnerable to an SPA attack, which is a kind of side channel attack, under distinguishability between addition and doubling. The side channel attack takes advantage of information leaked during execution of a cryptographic procedure. The randomized additionsubtraction chains countermeasure was proposed by OswaldAigner, and is based on a random decision inserted into computations. However, the question of its immunity to side channel attacks is still controversial. The randomized additionsubtraction chains countermeasure has security flaw in timing attacks, another kind of side channel attack. We have implemented the proposed attack algorithm, whose input is a set of AD sequences, which consist of the characters "A" and "D" to indicate addition and doubling, respectively. Our program has clarified the effectiveness of the attack. The attack algorithm could actually detect secret scalars for given AD sequences. The average time to detect a 160bit scalar was about 6 milliseconds, and only 30 AD sequences were enough to detect such a scalar. Compared with other countermeasures against side channel attacks, the randomized additionsubtraction chains countermeasure is much slower.

