Asymmetric Leakage from Multiplier and Collision-Based Single-Shot Side-Channel Attack

Takeshi SUGAWARA  Daisuke SUZUKI  Minoru SAEKI  

IEICE TRANSACTIONS on Fundamentals of Electronics, Communications and Computer Sciences   Vol.E99-A   No.7   pp.1323-1333
Publication Date: 2016/07/01
Online ISSN: 1745-1337
DOI: 10.1587/transfun.E99.A.1323
Type of Manuscript: Special Section PAPER (Special Section on Design Methodologies for System on a Chip)
RSA,  side-channel attack,  collision attack,  Montgomery multiplication,  

Full Text: PDF(1.7MB)>>
Buy this Article

The single-shot collision attack on RSA proposed by Hanley et al. is studied focusing on the difference between two operands of multiplier. It is shown that how leakage from integer multiplier and long-integer multiplication algorithm can be asymmetric between two operands. The asymmetric leakage is verified with experiments on FPGA and micro-controller platforms. Moreover, we show an experimental result in which success and failure of the attack is determined by the order of operands. Therefore, designing operand order can be a cost-effective countermeasure. Meanwhile we also show a case in which a particular countermeasure becomes ineffective when the asymmetric leakage is considered. In addition to the above main contribution, an extension of the attack by Hanley et al. using the signal-processing technique of Big Mac Attack is presented.