• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.25 no.6
• /
• pp.1319-1326
• /
• 2015

The symmetric key encryption algorithms, such as the AES or the ARIA, generate round keys by the key expansion mechanism. While the algorithm is executed, key expansion mechanism emits information about the secret key by the power consumption. The vulnerability exists that can reduce significantly the candidate of the secret key by the simple power analysis attack using a small number of the power traces. Therefore, we'll have to study about the attack and the countermeasure to prevent information leakage. While a simple power analysis attack on the AES key expansion has been studied since 2002, ARIA is insufficient. This paper presents a simple power analysis attack on 8-bit implementations of the ARIA-128 key expansion. The presented attack efficiently utilizes this information leakage to substantially reduce the key space that needs to be considered in a brute-force search for the secret key. We show that ARIA is vulnerable to a SPA attack based on hamming weight leakage.

• Journal of Communications and Networks
• /
• v.12 no.1
• /
• pp.1-4
• /
• 2010

As a countermeasure to simple power attack, the unified point addition codes for the elliptic curve cryptosystem were introduced. However, some authors proposed a different kind of power attacks to the codes. This power attack uses the observation that some internal operations in the codes behave differently for addition and doubling. In this paper, we propose a new countermeasure against such an attack. The basic idea of the new countermeasure is that, if one of the input points of the codes is transformed to an equivalent point over the underlying finite field, then the code will behave in the same manner for addition and doubling. The new countermeasure is highly efficient in that it only requires 27(n-1)/3 extra ordinary integer subtractions (in average) for the whole n-bit scalar multiplication. The timing analysis of the proposed countermeasure is also presented to confirm its SPA resistance.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.14 no.4
• /
• pp.135-140
• /
• 2004

The ID-based cryptosystem and Power Analysis Attack are attracting many researchers and have been developed aggressively to date. Especially, DPA (Differential Power Analysis) attack has been considered to be the most powerful attack against low power devices, such as smart cards. However, these two leading topics are researched independently and have little hewn relations with each other. In this paper, we investigate the effect of power analysis attack against ID based cryptosystem. As a result, we insist that ID-based cryptosystem is secure against DPA and we only need to defend against SPA (Simple Power Analysis).

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.23 no.4
• /
• pp.585-591
• /
• 2013

Recently, the combined attack which is a combination of side channel analysis and fault attack has been developed to extract the secret key during the cryptographic processes using a security device. Unfortunately, an attacker can find the private key of RSA cryptosystem through one time fault injection and power signal analysis. In this paper, we diagnosed SPA/FA resistant BNP(Boscher, Naciri, and Prouff) exponentiation algorithm as having threats to a similar combined attack. And we proposed a simple countermeasure to resist against this combined attack by randomizing the private key using error infective method.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.3
• /
• pp.439-448
• /
• 2017

It is news from nowhere that post-quantum cryptography has side-channel analysis vulnerability. Side-channel analysis attack method and countermeasures for code-based McEliece cryptosystem and lattice-based NTRU cryptosystem have been investigated. Unfortunately, the investigation of the ring-LWE cryptosystem in terms of side-channel analysis is as yet insufficient. In this paper, we propose a chosen ciphertext simple power analysis attack that can be applied when ring-LWE cryptography operates on 8-bit devices. Our proposed attack can recover the key only with [$log_2q$] traces. q is a parameter related to the security level. It is used 7681 and 12289 to match the common 128 and 256-bit security levels, respectively. We identify the vulnerability through experiment that can reveal the secret key in modular add while the ring-LWE decryption performed on real 8-bit devices. We also discuss the attack that uses a similarity measurement method for two vectors to reduce attack time.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.27 no.5
• /
• pp.1001-1011
• /
• 2017

A lattice-based cryptography is known as one of the post-quantum cryptographies. Ring-LWE problem is an algebraic variant of LWE, which operates over elements of polynomial rings instead of vectors. It is already known that post-quantum cryptography has side-channel analysis vulnerability. In 2016, Park et al. reported a SPA vulnerability of the public key cryptosystem, which is proposed by Roy et al., based on the ring-LWE problem. In 2015 and 2016, Reparaz et al. proposed DPA attack and countermeasures against Roy cryptosystem. In this paper, we show that the chosen ciphertext SPA attack is also possible for Lyubashevsky cryptosystem which does not use NTT. And then we propose a countermeasure against CCSPA(Chosen Ciphertext SPA) attack and we also show through experiment that our proposed countermeasure is secure.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2014.05a
• /
• pp.221-223
• /
• 2014

Power analysis attack on cryptographic hardware device aims to study the power consumption while performing operations using secrets keys. Power analysis is a form of side channel attack which allow an attacker to compute the key encryption from algorithm using Simple Power Analysis (SPA), Differential Power Analysis (DPA) or Correlation Power Analysis (CPA). The theoretical weaknesses in algorithms or leaked informations from physical implementation of a cryptosystem are usually used to break the system. This paper describes how power analysis work and we provide an overview of countermeasures against power analysis attacks.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.17 no.2
• /
• pp.115-123
• /
• 2007

In cryptographic devices like a smart-card whose computing ability and memory are limited, cryptographic algorithms should be performed efficiently. Scalar multiplication is very important operation in Elliptic Curve Cryptosystems, and so must be constructed in safety against side channel attack(SCA). But several countermeasures proposed against SCA are exposed weaknesses by new un-dreamed analysis. 'Double-and-add always scalar multiplication' algorithm adding dummy operation being known to secure against SPA is exposed weakness by Doubling Attack. But Doubling Attack cannot apply to sABS receding proposed by Hedabou, that is another countermeasure against SPA. Our paper proposes new strengthened Doubling Attacks that can break sABS receding SPA-countermeasure and a detailed method of our attacks through experimental result.

• International Journal of Internet, Broadcasting and Communication
• /
• v.16 no.1
• /
• pp.17-28
• /
• 2024

As listed as one of the most important requirements for Post-Quantum Cryptography standardization process by National Institute of Standards and Technology, the resistance to various side-channel attacks is considered very critical in deploying cryptosystems in practice. In fact, cryptosystems can easily be broken by side-channel attacks, even though they are considered to be secure in the mathematical point of view. The timing attack(TA) and the simple power analysis attack(SPA) are such side-channel attack methods which can reveal sensitive information by analyzing the timing behavior or the power consumption pattern of cryptographic operations. Thus, appropriate measures against such attacks must carefully be considered in the early stage of cryptosystem's implementation process. The Montgomery multiplier is a commonly used and classical gadget in implementing big-number-based cryptosystems including RSA and ECC. And, as recently proposed as an alternative of building blocks for implementing post quantum cryptography such as lattice-based cryptography, the big-number multiplier including the Montgomery multiplier still plays a role in modern cryptography. However, in spite of its effectiveness and wide-adoption, the multiplier is known to be vulnerable to TA and SPA. And this paper proposes a new countermeasure for the Montgomery multiplier against TA and SPA. Briefly speaking, the new measure first represents a multiplication operand without 0 digits, so the resulting multiplication operation behaves in a very regular manner. Also, the new algorithm removes the extra final reduction (which is intrinsic to the modular multiplication) to make the resulting multiplier more timing-independent. Consequently, the resulting multiplier operates in constant time so that it totally removes any TA and SPA vulnerabilities. Since the proposed method can process multi bits at a time, implementers can also trade-off the performance with the resource usage to get desirable implementation characteristics.

• Journal of the Korea Institute of Information Security & Cryptology
• /
• v.32 no.6
• /
• pp.1059-1068
• /
• 2022

A Post-Quantum Cryptographic algorithm NTRU, which is designed by considering the computational power of quantum computers, satisfies the mathematically security level. However, it should consider the characteristics of side-channel attacks such as power analysis attacks in hardware implementation. In this paper, we verify that the private key can be recovered by analyzing the power signal generated during the decryption process of NTRU. To recover the private keys, the Simple Power Analysis (SPA), Correlation Power Analysis (CPA) and Differential Deep Learning Analysis (DDLA) were all applicable. There is a shuffling technique as a basic countermeasure to counter such a power side-channel attack. Neverthe less, we propose a more effective method. The proposed method can prevent CPA and DDLA attacks by preventing leakage of power information for multiplication operations by only performing addition after accumulating each coefficient, rather than performing accumulation after multiplication for each index.