ECC计时攻击研究与仿真

doi:10.11959/j.issn.2909-109x.2016.00025

Abstract

Abstract:

Based on the hidden Markov model (HMM) idea,a timing attack on the elliptic curve digital signature system,which adopted the “double-and-add” scalar multiplication,was proposed.Simulation experiments on the secure Koblitz curve which released by the National Institute of Standards Technology (NIST) were implemented and four secure Koblitz curves except the K-571 were attacked successfully.The experiment results show that the attack can recover almost all the key bits in a few minutes by collecting only once time data,and is easy to imple-ment at a high success rate.

Key words: side channel attack, timing attack, hidden Markov model, elliptic curve cryptography

CLC Number:

TP309.7

Hui-hui JIA,Chao WANG,Jian GU,Hao-hao SONG,Di TANG. Research and simulation of timing attacks on ECC[J]. Chinese Journal of Network and Information Security, 2016, 2(4): 56-63.

Figures/Tables 6

References 21

[1]	KOBLIZ N . Elliptic curve cryptosystems[J]. Mathematics of Com-puting American Mathematical Society, 1987,48 (48):203-309.
[2]	KOCHER P C. . Timing attacks on implementations of diffie-hellman,RSA,DSS and other systems[C]// nternational Cryptology Confer-ence on Advances in Cryptology.c 1996:104-113.
[3]	KOCHER P , JAFFE J , JUN B . Differential power analysis[C]// The 19th Annual International Cryptology Conference on Advances in Cryptology.c 1999:388-397.
[4]	QUISQUATER J J , SAMYDE D . Electromagnetic analysis (EMA):measuresand counter measures for smart cards[C]// The Interna-tional Conference on Research in Smart Cards:Smart Card Pro-gramming and Security.c 2001:200-210.
[5]	PADE D . Theoretical use of cache memory as a cryptanalytic side-channel[R]. Department of Computer Science,University of Bristol, 2002.
[6]	赵新杰, 郭世泽, 王韬 . 针对AES和CLEFIA的改进Cache踪迹驱动攻击[J]. 通信学报 2011,32(8):101-110.
	ZHAO X J , GUO S Z , WANG T , et al . Improved cache trace driven attack on AES and CLEFIA[J]. Journal on Communications, 2011,32(8):101-110.
[7]	BONEH D , DEMILLO R A , LIPON R J . On the importance of checking cryptographic protocols for faults[J]. Journal of Cryptol-ogy, 2001,14(2): 101-119.
[8]	张金中, 寇应展, 王韬 . 针对滑动窗口算法的椭圆曲线密码故障分析[J]. 通信学报 2012,33(1):71-78.
	ZHANG J Z , KOU Y Z , WANG T , et al . Elliptic curve cryptosystem fault analysis on the sliding window algorithm[J]. Journal on Communications, 2012,33(1):71-78.
[9]	YANF B , WU K J , KARRI R . Scan-based side-channel attack on dedicated hardware implementations of data encryption stan-dard[C]// IEEE International Test Conference (ITC).c 2004:339-344.
[10]	SCHINDLER W . A timing attack RSA with the Chinese remainder theorem[C]// Lecture Notes in Computer Science (LNCS).c 2000:109-124.
[11]	BRUMLEY D , BONEH D . Remote timing attacks are practical[J]. Computer Networks, 2005,48(5):701-716.
[12]	CANVEL B , HILTGEN A , VAUDENAY S . Password interception in a SSL/TLS channel[J]. Information Technology Journal, 2003,2729(3): 583-599.
[13]	CATHALO J , KOEUNE F , QUISQUATER J J . A new type of timing attack:application to GPS[M]// Berlin Heidelberg: Springer, 2003:291-303.
[14]	SAKURAI K , TAKAGI T . A reject timing attack on an IND-CCA2 public-key cryptosystem[C]// The 5th International Conference on Information Security and Cryptology.c 2002:359-373.
[15]	LEVINE B N , REITER M K , WANG C , et al . Timing attacks in low-latency mix systems[M]// Berlin Heidelberg: Springer, 2004:251-265.
[5]	TOTH R , FAIGL Z , SZALAY M . An advanced timing attack scheme on RSA[C]// The 13th International IEEE Telecommunica-tions Network Strategy and Planning Symposium.c 2008:1-24.
[17]	KARLOF C , WAGNER D . Hidden Markov model cryptanaly-sis[C]// Lecture Notes in Computer Science (LNCS).c 2004:17-34.
[18]	GREEN P J , NOAD R , SMART N P . Further hidden Markov model crytannalysis[M]// Berlin Heidelberg: Springer, 2005:61-74.
[19]	BRUMLEY B B , HAKALA R M . Cache-timing template at-tacks[C]// Lecture Notes in Computer Science (LNCS).c 2009:667-684.
[20]	RABINER L R . A tutorial on hidden Markov models and selected applications in speech recognition[J]. Proceedings of the IEEE, 1989,77 (2):257-289.
[21]	GROVER L . A fast quantum mechanical algorithm for database search[C]// ACM Symposium on Theory of Computing.c 2008:212-219.

Metrics

Recommended 0

No Suggested Reading articles found!

参数	描述
状态数N	状态有限集合S={S₁,S₂,?,S_N}
观测数M	观察值有限集合V ={v₁ ,v₂ ,?,v_M}
初始状态分布π_i=(π_i )	π_i=P (q_i=S_i )
状态转移概率A={a_i}j	a_ij=P(q_t+1=S_j\|q_t=S_i )
输出概率B={bj (k)}	b_j (k)=P(O_t=v_k\|q_t=S_j )

Research and simulation of timing attacks on ECC

RichHTML

PDF下载

Knowledge

Abstract

Cite this article

share this article

Figures/Tables 6

References 21

Related Articles 5

Metrics

Recommended 0

[1]	Jiahao QIU, Weidong QIU, Yangde WANG, Yan ZHA, Yuming XIE, Yan LI. Intellectualized forensic technique for Android pattern locks [J]. Chinese Journal of Network and Information Security, 2022, 8(1): 118-127.
[2]	Ding LI, Yuefei ZHU, Bin LU, Wei LIN. Survey of side channel attack on encrypted network traffic [J]. Chinese Journal of Network and Information Security, 2021, 7(4): 114-130.
[3]	Qirun PAN,Kaizhi HUANG,Wei YOU. Network slicing deployment method based on isolation level [J]. Chinese Journal of Network and Information Security, 2020, 6(2): 96-105.
[4]	Fanyu KONG,Yong QIAO,Pengtao LIU,Xiaodong LIU,Dashui ZHOU. Fault-injection attack on countermeasure algorithms of RSA-CRT cryptosystem [J]. Chinese Journal of Network and Information Security, 2019, 5(1): 30-36.
[5]	Jun REN,Jin-bo XIONG,Zhi-qiang YAO. Security control scheme for cloud data copy based on differential privacy model [J]. Chinese Journal of Network and Information Security, 2017, 3(5): 38-46.

K-283曲线参数
f(z)=z²⁸³+z¹²+z⁷+z⁵+1,a=0,b=1,h=4
Gx=0x0503213F78CA44883F1A3B8162F188E553CD265F23C156
7A16876913B0C2AC2458492836
Gy=0x01CCDA380F1C9E318D90F95D07E5426FE87E45C0E8184
698E45962364E34116177DD2259