Showing papers on "Timing attack published in 2000"

Timing attacks on Web privacy

Abstract: We describe a class of attacks that can compromise the privacy of users’ Web-browsing histories. The attacks allow a malicious Web site to determine whether or not the user has recently visited some other, unrelated Web page. The malicious page can determine this information by measuring the time the user’s browser requires to perform certain operations. Since browsers perform various forms of caching, the time required for operations depends on the user’s browsing history; this paper shows that the resulting time variations convey enough information to compromise users’ privacy. This attack method also allows other types of information gathering by Web sites, such as a more invasive form of Web “cookies”. The attacks we describe can be carried out without the victim’s knowledge, and most “anonymous browsing” tools fail to prevent them. Other simple countermeasures also fail to prevent these attacks. We describe a way of reengineering browsers to prevent most of them.

A timing attack against RSA with the Chinese Remainder Theorem

Abstract: We introduce a new type of timing attack which enables the factorization of an RSA-modulus if the exponentiation with the secret exponent uses the Chinese Remainder Theorem and Montgomery's algorithm Its standard variant assumes that both exponentiations are carried out with a simple square and multiply algorithm However, although its efficiency decreases, our attack can also be adapted to more advanced exponentiation algorithms The previously known timing attacks do not work if the Chinese Remainder Theorem is used

A practical implementation of the timing attack

Abstract: When the running time of a cryptographic algorithm is non-constant, timing measurements can leak information about the secret key. This idea, first publicly introduced by Kocher, is developed here to attack an earlier version of the CASCADE smart card(1). We propose several improvements on Kocher's ideas, leading to a practical implementation that is able to break a 512-bit key in few hours, provided we, are able to collect 300 000 timing measurements (128-bit keys can be recovered in few seconds using a personal computer and less than 10 000 samples). We therefore show that the timing attack represents an important threat against cryptosystems, which must be very seriously taken into account.

Montgomery Exponentiation with no Final Subtractions: Improved Results

Abstract: The Montgomery multiplication is commonly used as the core algorithm for cryptosystems based on modular arithmetic. With the advent of new classes of attacks (timing attacks, power attacks), the implementation of the algorithm should be carefully studied to thwart those attacks. Recently, Colin D. Walter proposed a constant time implementation of this algorithm [17,18]. In this paper, we propose an improved (faster) version of this implementation. We also provide figures about the overhead of these versions relatively to a speed optimised version (theoretically and experimentally).

Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack

Abstract: We apply power analysis on known elliptic curve cryptosystems, and consider an exact implementation of scalar multiplication on elliptic curves for resisting against power attacks Our proposed algorithm does not decrease the computational performance compared to the conventional scalar multiplication algorithm, whereas previous methods did cost the performance or fail to protect against power analysis attacks

Countermeasure to power attack and timing attack on cryptographic operations

Abstract: A cryptography circuit provides secure processing of data by utilizing countermeasures that combat timing and power attacks. Superfluous operations such as multiplication operations, modular reductions by an integer, storage of data to memory are available for use by a processor to disguise the amount of power usage and the amount of time required to perform a cryptographic operation. A cryptographic key is available for use in order to trigger when these emulated operations occur. The occurrences of the emulated operations in controlled by the user to provide the preferred tradeoff between security and use of resources.

A Timing Attack against RSA with the Chinese Remainder Theorem

Abstract: We introduce a new type of timing attack which enables the factorization of an RSA-modulus if the exponentiation with the secret exponent uses the Chinese Remainder Theorem and Montgomery's algorithm. Its standard variant assumes that both exponentiations are carried out with a simple square and multiply algorithm. However, although its efficiency decreases, our attack can also be adapted to more advanced exponentiation algorithms. The previously known timing attacks do not work if the Chinese Remainder Theorem is used.

Timing attack: what can be achieved by a powerful adversary?

Abstract: Implementations of cryptographic algorithms often perform computations in non-constant time, due to performance optimizations. If such operations involve secret parameters, these timing variations can leak some information and, provided enough knowledge of the implementation is at hand, a careful statistical analysis could even lead to the total recovery of these secret parameters. This idea, due to Kocher [Koc96], was developed in [DKL98], were a timing attack against an actual smart card implementation of the RSA was conducted. The paper’s conclusion was that, however impressive, the obtained results could be improved even further in several aspects, especially regarding the errorcorrection policy. The paper first presents the basic principle of the timing attack, then briefly discusses several error-correction policies and describes the results we obtain implementing them on a parallel architecture of 4 processors PA8000 @ 180Mhz with 4 Gbytes RAM.

A Design for Modular Exponentiation Coprocessor in Mobile Telecommunication Terminals

Abstract: Following requirements are necessary when implementing public key cryptography in a mobile telecommunication terminal. (1) simultaneous highspeed double modular exponentiation calculation, (2) small size and low power consumption, (3) resistance to side channel attacks. We have developed a coprocessor that provides these requirements. In this coprocessor, right-to-left binary exponentiation algorithm was extended for double modular exponentiations by designing new circuit configuration and new schedule control methods. We specified the desired power consumption of the circuit at the initial design stage. Our proposed method resists side channel attacks that extract secret exponent by analyzing the target's power consumption and calculation time.

How to Explain Side-Channel Leakage to Your Kids

Abstract: This paper will attempt to explain some of the side-channel attack techniques in a fashion that is easily comprehensible by the layman. What follows is a presentation of three different attacks (power, timing and fault attacks) that can be carried out on cryptographic devices such as smart-cards. For each of the three attacks covered, a puzzle and it's solution will be given, which will act as an analogy to the attack. How these attacks can be applied to real devices will also be discussed.

Cryptographic hardware and embedded systems - CHES 2000 : second international workshop, Worcester, MA, USA, August 17-18, 2000 : proceedings

Abstract: Invited Talk.- Software Implementation of Elliptic Curve Cryptography over Binary Fields.- Implementation of Elliptic Curve Cryptosystems.- Implementation of Elliptic Curve Cryptographic Coprocessor over GF(2m) on an FPGA.- A High-Performance Reconfigurable Elliptic Curve Processor for GF(2m).- Fast Implementation of Elliptic Curve Defined over GF(pm) on CalmRISC with MAC2424 Coprocessor.- Power and Timing Analysis Attacks.- Protecting Smart Cards from Passive Power Analysis with Detached Power Supplies.- Smartly Analyzing the Simplicity and the Power of Simple Power Analysis on Smartcards.- Power Analysis Attacks and Algorithmic Approaches to their Countermeasures for Koblitz Curve Cryptosystems.- A Timing Attack against RSA with the Chinese Remainder Theorem.- Hardware Implementation of Block Ciphers.- A Comparative Study of Performance of AES Final Candidates Using FPGAs.- A Dynamic FPGA Implementation of the Serpent Block Cipher.- A 12 Gbps DES Encryptor/Decryptor Core in an FPGA.- A 155 Mbps Triple-DES Network Encryptor.- Hardware Architectures.- An Energy Efficient Reconfigurable Public-Key Cryptography Processor Architecture.- High-Speed RSA Hardware Based on Barret's Modular Reduction Method.- Data Integrity in Hardware for Modular Arithmetic.- A Design for Modular Exponentiation Coprocessor in Mobile Telecommunication Terminals.- Invited Talk.- How to Explain Side-Channel Leakage to Your Kids.- Power Analysis Attacks.- On Boolean and Arithmetic Masking against Differential Power Analysis.- Using Second-Order Power Analysis to Attack DPA Resistant Software.- Differential Power Analysis in the Presence of Hardware Countermeasures.- Arithmetic Architectures.- Montgomery Multiplier and Squarer in GF(2m).- A Scalable and Unified Multiplier Architecture for Finite Fields GF(p) and GF(2m).- Montgomery Exponentiation with no Final Subtractions: Improved Results.- Physical Security and Cryptanalysis.- Physical Security Devices for Computer Subsystems: A Survey of Attacks and Defenses.- Software-Hardware Trade-Offs: Application to A5/1 Cryptanalysis.- New Schemes and Algorithms.- MiniPASS: Authentication and Digital Signatures in a Constrained Environment.- Efficient Generation of Prime Numbers.