M. Petrvalsky, Tania Richmond, M. Drutarovský, Pierre-Louis Cayrel, V. Fischer
{"title":"针对嵌入式mcelece密码系统的SPA攻击的对策","authors":"M. Petrvalsky, Tania Richmond, M. Drutarovský, Pierre-Louis Cayrel, V. Fischer","doi":"10.1109/RADIOELEK.2015.7129055","DOIUrl":null,"url":null,"abstract":"In this paper, we present a novel countermeasure against a simple power analysis based side channel attack on a software implementation of the McEliece public key cryptosystem. First, we attack a straightforward C implementation of the Goppa codes based McEliece decryption running on an ARM Cortex-M3 microprocessor. Next, we demonstrate on a realistic example that using a “chosen ciphertext attack” method, it is possible to recover the complete secret permutation matrix. We show that this matrix can be completely recovered by an analysis of a dynamic power consumption of the microprocessor. Then, we estimate the brute-force attack complexity reduction depending on the knowledge of the permutation matrix. Finally, we propose an efficient software countermeasure having low computational complexity. Of course, we provide all the necessary details regarding the attack implementation and all the consequences of the proposed countermeasure especially in terms of power consumption.","PeriodicalId":193275,"journal":{"name":"2015 25th International Conference Radioelektronika (RADIOELEKTRONIKA)","volume":"19 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2015-04-21","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Countermeasure against the SPA attack on an embedded McEliece cryptosystem\",\"authors\":\"M. Petrvalsky, Tania Richmond, M. Drutarovský, Pierre-Louis Cayrel, V. Fischer\",\"doi\":\"10.1109/RADIOELEK.2015.7129055\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In this paper, we present a novel countermeasure against a simple power analysis based side channel attack on a software implementation of the McEliece public key cryptosystem. First, we attack a straightforward C implementation of the Goppa codes based McEliece decryption running on an ARM Cortex-M3 microprocessor. Next, we demonstrate on a realistic example that using a “chosen ciphertext attack” method, it is possible to recover the complete secret permutation matrix. We show that this matrix can be completely recovered by an analysis of a dynamic power consumption of the microprocessor. Then, we estimate the brute-force attack complexity reduction depending on the knowledge of the permutation matrix. Finally, we propose an efficient software countermeasure having low computational complexity. Of course, we provide all the necessary details regarding the attack implementation and all the consequences of the proposed countermeasure especially in terms of power consumption.\",\"PeriodicalId\":193275,\"journal\":{\"name\":\"2015 25th International Conference Radioelektronika (RADIOELEKTRONIKA)\",\"volume\":\"19 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2015-04-21\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2015 25th International Conference Radioelektronika (RADIOELEKTRONIKA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/RADIOELEK.2015.7129055\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2015 25th International Conference Radioelektronika (RADIOELEKTRONIKA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/RADIOELEK.2015.7129055","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Countermeasure against the SPA attack on an embedded McEliece cryptosystem
In this paper, we present a novel countermeasure against a simple power analysis based side channel attack on a software implementation of the McEliece public key cryptosystem. First, we attack a straightforward C implementation of the Goppa codes based McEliece decryption running on an ARM Cortex-M3 microprocessor. Next, we demonstrate on a realistic example that using a “chosen ciphertext attack” method, it is possible to recover the complete secret permutation matrix. We show that this matrix can be completely recovered by an analysis of a dynamic power consumption of the microprocessor. Then, we estimate the brute-force attack complexity reduction depending on the knowledge of the permutation matrix. Finally, we propose an efficient software countermeasure having low computational complexity. Of course, we provide all the necessary details regarding the attack implementation and all the consequences of the proposed countermeasure especially in terms of power consumption.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
