Combined Implementation Attack Resistant Exponentiation

Jörn-Marc Schmidt, Michael Tunstall, Roberto Maria Avanzi, Ilya Kizhvatov, Timo Kasper, David Oswald

Springer LNCS 6112, LATINCRYPT 2010, Puebla, Mexico.


Di?erent types of implementation attacks, like those based on side channel leakage and active fault injection, are often considered as separate threats. Countermeasures are, therefore, often developed and implemented accordingly. However, Amiel et al. showed that an adversary can successfully combine two attack methods to overcome such countermeasures. In this paper, we consider instances of these combined attacks applied to RSA and elliptic curve-based cryptosystems. We show how previously proposed countermeasures may fail to thwart these attacks, and propose a countermeasure that protects the variables in a generic exponentiation algorithm in the same scenario.

[pdf] [bib]

tags: Combined Implementation Attacks, countermeasures, ECC., Infective Computation, RSA