Abstract
In this paper we present a novel, powerful attack on a recently introduced randomized scalar multiplication algorithm based on covering systems of congruences. Our attack can recover the whole key with very few traces, even when those only provide partial information on the sequence of operations. In an attempt to solve the issues raised by the broken algorithm, we designed a constant-time version with no secret dependent branching nor memory access based on the so-called mixed-radix number system. We eventually present our conclusions regarding the use of mixed-radix representations as a randomization setting.
This is a preview of subscription content, log in via an institution.
Buying options
Tax calculation will be finalised at checkout
Purchases are for personal use only
Learn about institutional subscriptionsNotes
- 1.
When \(a_i = b_i = 0\), register \(R_1\) is wrongly updated. A possible workaround would be to perform a dummy operation when both \(a_i\) and \(b_i\) are equal to zero (in [3, Fig. 3], add a fourth register \(R_4\) and replace the instruction \(R_b {{\,\mathrm{\leftarrow }\,}}R_b + R_c\) with \(R_{4b} {{\,\mathrm{\leftarrow }\,}}R_b + R_c\)) but the resulting algorithm would then be subject to fault attacks.
- 2.
\(240+241+\dots +255 = 3960\) exactly.
References
Bernstein, D.J.: Differential addition chains (2006). https://cr.yp.to/ecdh/diffchain-20060219.pdf
Bernstein, D.J., Lange, T.: Topics in computational number theory inspired by Peter L. Montgomery, Chap. Montgomery Curves and the Montgomery Ladder, pp. 82–115. Cambridge University Press (2017). https://eprint.iacr.org/2017/293
Ciet, M., Joye, M.: (Virtually) free randomization techniques for elliptic curve cryptography. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 348–359. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-39927-8_32
Ebeid, N., Hasan, M.A.: On binary signed digit representations of integers. Des. Codes Crypt. 42(1), 43–65 (2007)
Fouque, P.-A., Muller, F., Poupard, G., Valette, F.: Defeating countermeasures based on randomized BSD representations. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 312–327. Springer, Heidelberg (2004). https://doi.org/10.1007/978-3-540-28632-5_23
Granlund, T., Montgomery, P.L.: Division by invariant integers using multiplication. In: Proceedings of the ACM SIGPLAN 1994 Conference on Programming Language Design and Implementation (PLDI 1994). ACM SIGPLAN Notices, vol. 29, pp. 61–72. ACM (1994)
Guerrini, E., Imbert, L., Winterhalter, T.: Randomized mixed-radix scalar multiplication. IEEE Trans. Comput. 67(3), 418–431 (2017). https://doi.org/10.1109/TC.2017.2750677
Cheol Ha, J., Jae Moon, S.: Randomized signed-scalar multiplication of ECC to resist power attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 551–563. Springer, Heidelberg (2003). https://doi.org/10.1007/3-540-36400-5_40
Karlof, C., Wagner, D.: Hidden Markov model cryptanalysis. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 17–34. Springer, Heidelberg (2003). https://doi.org/10.1007/978-3-540-45238-6_3
Méloni, N., Hasan, M.A.: Random digit representation of integers. In: Proceedings of the 23rd IEEE Symposium on Computer Arithmetic, ARITH23, pp. 118–125. IEEE Computer Society (2016)
Oswald, E., Aigner, M.: Randomized addition-subtraction chains as a countermeasure against power attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 39–50. Springer, Heidelberg (2001). https://doi.org/10.1007/3-540-44709-1_5
Strauss, E.G.: Addition chains of vectors (problem 5125). Am. Math. Mon. 70, 806–808 (1964)
Acknowledgments
The authors would like to thank the anonymous referees for their careful reading and constructive comments, as well as Victor Lomne and Thomas Roche (https://ninjalab.io/team) for their support and invaluable suggestions.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Detrey, J., Imbert, L. (2019). Breaking Randomized Mixed-Radix Scalar Multiplication Algorithms. In: Schwabe, P., Thériault, N. (eds) Progress in Cryptology – LATINCRYPT 2019. LATINCRYPT 2019. Lecture Notes in Computer Science(), vol 11774. Springer, Cham. https://doi.org/10.1007/978-3-030-30530-7_2
Download citation
DOI: https://doi.org/10.1007/978-3-030-30530-7_2
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-30529-1
Online ISBN: 978-3-030-30530-7
eBook Packages: Computer ScienceComputer Science (R0)