DOI QR코드

DOI QR Code

SPA에 안전한 Unsigned Left-to-Right 리코딩 방법

SPA-Resistant Unsigned Left-to-Right Receding Method

  • 김성경 (고려대학교 정보경영공학전문대학원) ;
  • 김호원 (한국전자통신연구원) ;
  • 정교일 (한국전자통신연구원) ;
  • 임종인 (고려대학교 정보경영공학전문대학원) ;
  • 한동국 (한국전자통신연구원)
  • Kim, Sung-Kyoung (Graduate School of Information Management and Security, Korea University) ;
  • Kim, Ho-Won (Electronics and Telecommunications Research Institute) ;
  • Chung, Kyo-Il (Electronics and Telecommunications Research Institute) ;
  • Lim, Jong-In (Graduate School of Information Management and Security, Korea University) ;
  • Han, Dong-Guk (Electronics and Telecommunications Research Institute)
  • 발행 : 2007.02.28

초록

Vuillaume-Okeya는 스칼라 모듈러 지수승 연산에서 SPA공격에 안전한 리코딩 방법을 제안하였다. 제안한 방법은 역원 연산의 비용이 큰 RSA 또는 DSA 같은 시스템에서 효율적으로 구성 될 수 있게 비밀키의 표현을 0을 포함하지 않는 양의 디짓 셋 ${1,2,{\cdots},2^{\omega}-1}$을 이용해 리코딩 하였다. 제안된 방법은 비밀키의 최하위 비트부터 스캔하면서 리코딩하는 Right-to-Left기법이다. 따라서 지수승 연산 전에 리코딩이 연산되고 그 결과를 저장하는 추가적인 공간이 필요하게 된다. 본 논문은 Left-to-Right 방향으로 수행하는 새로운 리코딩 방법들을 제안한다. 본 논문에서 제안하는 방법은 (1) 일반적으로 윈도우 크기가 ${\omega}$인 SPA에 안전한 부호가 없는 Left-to-Right리코딩 방법이고 (2) 윈도우 크기 ${\omega}=1$(즉, {1,2}로 구성된 부호가 없는 이진 표현)인 경우는 일반적인 윈도우 크기 ${\omega}$에 제안된 기법보다 훨씬 간단하게 변형할 수 있다. 또한 (3) 제안된 리코딩 방법은 부호가 없는 comb 방법에도 적용하여 SPA에 안전하게 수행할 수 있고, (4) 기수가 ${\gamma}$인 경우에도 확장하여 SPA에 안전하게 대응할 수 있다. 본 논문에서 제안한 Left-to-Right리코딩 기법들은 메모리의 제약을 받는 장비인 스마트 카드, 센서 노드에 적합하다.

Vuillaume-Okeya presented unsigned receding methods for protecting modular exponentiations against side channel attacks, which are suitable for tamper-resistant implementations of RSA or DSA which does not benefit from cheap inversions. The proposed method was using a signed representation with digits set ${1,2,{\cdots},2^{\omega}-1}$, where 0 is absent. This receding method was designed to be computed only from the right-to-left, i.e., it is necessary to finish the receding and to store the receded string before starting the left-to-right evaluation stage. This paper describes new receding methods for producing SPA-resistant unsigned representations which are scanned from left to right contrary to the previous ones. Our contributions are as follows; (1) SPA-resistant unsigned left-to-right receding with general width-${\omega}$, (2) special case when ${\omega}=1$, i.e., unsigned binary representation using the digit set {1,2}, (3) SPA-resistant unsigned left-to-right Comb receding, (4) extension to unsigned radix-${\gamma}$ left-to-right receding secure against SPA. Hence, these left-to-right methods are suitable for implementing on memory limited devices such as smartcards and sensor nodes

키워드

참고문헌

  1. M. Aydos, T. Yank, and C.K. Koc, 'High-speed implementation of an ECC-based wireless authentication protocol on an ARM microprocessor,' IEE Proceedings Communications, vol. 148, Issue 5, pp. 273-279, Oct., 2001
  2. D.Boneh and M.Franklin, 'Identity Based Encryption from the Weil Pairing,' SIAM J. of Computing, Vol. 32, No. 3, pp. 586-615, 2001 https://doi.org/10.1137/S0097539701398521
  3. P.Barreto, S.Galbraith, C.hEigeartaigh, and M.Scott, 'Efficient Pairing Computation on Supersingular Abelian Varieties,' Cryptology ePrint Archive: Report 2004/375, 2005
  4. G.Bertoni, J.Guajardo, S.Kumar, G.Orlando, C.Paar, and T.Wollinger, 'Efficient GF(pm) Arithmetic Architectures for Cryptographic Applications,' CT-RSA 2003, LNCS 2612, pp. 158-175, 2003
  5. D.Boneh, B.Lynn, and H.Shacham, 'Short Signatures from the Weil Pairing,' ASIACRYPT 2001, LNCS 2248, pp.514-532, 2001
  6. I.Duursma and H-S.Lee, 'Tate Pairing Implementation for Hyperelliptic Curves y2 =xp-x + d,' ASIACRYPT 2003, LNCS 2894, pp. 111-123, 2003
  7. M. Hedabou, P. Pinel, and L. Bebeteau, 'Countermeasures for Preventing Comb Method Against SCA Attacks,' Information Security Practise and Experience Conference, ISPEC'05, LNCS 3439, pp. 85-96, Springer-Verlag, 2005
  8. K.Harrison, D.Page, and N.Smart, 'Software Implementation of Finite Fields of Characteristic Three,' LMS Journal of Computation and Mathematics, Vol.5, pp. 181-193, 2002 https://doi.org/10.1112/S1461157000000747
  9. R.Harasawa, Y.Sueyoshi, and A.Kudo, 'Ate pairing for y2=x5-ax in Characteristic Five,' Cryptology ePrint Archive: Report 2006/202, 2006
  10. A.Joux, 'A one round protocol for tripartite Diffie-Hellman,' ANTS V, LNCS 1838, pp.385-394, 2000
  11. M. Joye and S. Yen, 'Optimal Left-to-Right Binary Signed-Digit Recoding,' IEEE Trans. Computers, vol. 49, pp. 740-748, July, 2000 https://doi.org/10.1109/12.863044
  12. N. Koblitz, 'Elliptic curve cryptosystems,' In Mathematics of Computation, volume 48, pp. 203-209, 1987 https://doi.org/10.2307/2007884
  13. P. Kocher, 'Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems,' Advances in Cryptology-CRYPTO'96, LNCS 1109, pp.104-113, 1996
  14. P. Kocher, J. Jaffe, B. Jun, 'Differential Power Analysis,' Advances in Cryptology-CRYPTO'99, LNCS1666, pp. 388-397, 1999
  15. K. Lauter, 'The advantages of elliptic curve cryptography for wireless security,' IEEE Wireless Communications, vol. 11, Issue 1, pp. 62-67, Feb., 2004
  16. C. Lim, 'A new method for securing elliptic scalar multiplication against side channel attacks,' Information Security and Privacy - ACISP'04, LNCS 3108, pp. 289-300, Springer-Verlag, 2004
  17. C. Lim and P. Lee, 'More Flexible Exponentiation with Precomputation,' Advances in Cryptology-CRYPTO'94, LNCS 839, pp. 95-107, Springer-Verlag, 1994
  18. V.S. Miller, 'Use of elliptic curves in cryptography,' In Advances in Cryptology- CRYPTO'85, LNCS218, pp. 417-426, 1986
  19. B. Mӧller, 'Securing Elliptic Curve Point Multiplication against Side-Channel Attacks,' Information Security-ISC'01, LNCS2200, pp. 24-334, 2001
  20. K. Okeya, K. Schmidt-Samoa, C. Spahn, and T. Takagi, 'igned Binary Representations Revisited,' dvances in Cryptology-CRYP '04, LNCS 3152, pp. 123-139, Springer-Verlag, 2004
  21. K. Okeya and T. Takagi, 'The width-wNAF method provids small memory and fast elliptic scalar multiplications secure against side channel attacks,' Topics in Cryptology-CT-RSA'03, LNCS 2612, pp. 328-343, Springer-Verlag, 2003
  22. D.Page and N.Smart, 'Hardware Implementation of Finite Fields of Characteristic Three,' CHES 2002, LNCS 2523, pp. 529-539, 2002
  23. X. Ruan and R. Katti, 'Left-to-Right Optimal Signed-Binary Representation of a Pair of Integers,' IEEE Trans. Computers, vol. 54, pp. 124-131, July, 2005 https://doi.org/10.1109/TC.2005.27
  24. J.H. Shin, D.J. Park, and P.J. Lee, 'DPA Attack on the Improved Ha-Moon Algorithm,' Workshop on Information Security Applications-WISA 2005, LNCS 3786, pp. 283-291, Springer-Verlag, 2006
  25. N.Smart, and J.Westwood, 'Point Multiplication on Ordinary Elliptic Curves over Fields of Characteristic Three,' Applicable Algebra in Engineering, Communication and Computing, Vol.13, No.6, pp.485-497, 2003 https://doi.org/10.1007/s00200-002-0114-0
  26. N. Theriault 'SPA Resistant Left-to-Right Integer Recodings,' Selected Areas in Cryptography-SAC 2005, LNCS 3897, pp. 345-358, Springer-Verlag, 2006
  27. X. Tian, D. Wong, and R. Zhu, 'Analysis and Improvement of an Authenticated Key Exchange Protocol for Sensor Networks,' IEEE Communications letters, vol. 9, pp. 970-972, November, 2005 https://doi.org/10.1109/LCOMM.2005.11006
  28. C. Vuillaume and K. Okeya, 'Flexible Exponentiation with Resistance to Side Channel Attacks,' Applied Cyptography and Network Security, ACNS 2006, LNCS 3989, pp. 268-283, Springer-Verlag, 2006
  29. S.M. Yen, C.N. Chen, S. Moon, and J. Ha 'Improvement on Ha-Moon Randomized Exponentiation Algorithm,' International Conference on Information Security and Cryptology-ICISC 2004, LNCS 3506, pp. 154-167, Springer-Verlag, 2005