Sciweavers

CHES
2004
Springer

Defeating Countermeasures Based on Randomized BSD Representations

14 years 5 months ago
Defeating Countermeasures Based on Randomized BSD Representations
Abstract. The recent development of side channel attacks has lead implementers to use increasingly sophisticated countermeasures in critical operations such as modular exponentiation, or scalar multiplication on elliptic curves. A new class of countermeasures is based on inserting random decisions when choosing one representation of the secret scalar out of a large set of representations of the same value. For instance, this is the case of countermeasures proposed by Oswald and Aigner, or Ha and Moon, both based on randomized Binary Signed Digit (BSD) representations. Their advantage is to offer excellent speed performances. However, the first countermeasure and a simplified version of the second one were already broken using Markov chain analysis. In this paper, we take a different approach to break the full version of HaMoon’s countermeasure using a novel technique based on detecting local collisions in the intermediate states of computation. We also show that randomized BSD re...
Pierre-Alain Fouque, Frédéric Muller
Added 01 Jul 2010
Updated 01 Jul 2010
Type Conference
Year 2004
Where CHES
Authors Pierre-Alain Fouque, Frédéric Muller, Guillaume Poupard, Frédéric Valette
Comments (0)