Modified Doubling Attack by Exploiting Chosen Ciphertext of Small Order

Sung-Ming YEN  Wei-Chih LIEN  Chien-Ning CHEN  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E94-A   No.10   pp.1981-1990
Publication Date: 2011/10/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E94.A.1981
Print ISSN: 0916-8508
Type of Manuscript: PAPER
Category: Cryptography and Information Security
doubling attack,  elliptic curve cryptosystem,  power analysis,  RSA,  side-channel analysis,  smart cards,  

Full Text: PDF(337.4KB)>>
Buy this Article

Power analysis can be used to attack many implementations of cryptosystems, e.g., RSA and ECC, and the doubling attack is a collision based power analysis performed on two chosen ciphertexts. In this paper, we introduced a modified doubling attack to threaten RSA and ECC implementations by exploiting only one chosen ciphertext of small order. To attack the RSA implementations we selected an input of order two while to attack the ECC implementations we exploited one chosen invalid point of small order on a cryptographically weak curve rather than on the original curve. We showed that several existing power analysis countermeasures for RSA and ECC implementations are still vulnerable to the proposed attack. To prevent the proposed attack, we suggested countermeasures for RSA as well as for ECC.