[Resource Topic] 2004/123: On security of XTR public key cryptosystems against Side Channel Attacks

Welcome to the resource topic for 2004/123

Title:
On security of XTR public key cryptosystems against Side Channel Attacks

Authors: Dong-Guk Han, Jongin Lim, Kouichi Sakurai

Abstract:

The XTR public key system was introduced at Crypto 2000.
Application of XTR in cryptographic protocols leads to substantial
savings both in communication and computational overhead without
compromising security. It is regarded that XTR is suitable for a
variety of environments, including low-end smart cards, and XTR is
the excellent alternative to either RSA or ECC. In
\cite{LV00a,SL01}, authors remarked that XTR single exponentiation
(XTR-SE) is less susceptible than usual exponentiation routines to
environmental attacks such as timing attacks and Differential
Power Analysis (DPA). In this paper, however, we investigate the
security of side channel attack (SCA) on XTR. This paper shows
that XTR-SE is immune against simple power analysis (SPA) under
assumption that the order of the computation of XTR-SE is
carefully considered. However we show that XTR-SE is vulnerable to
Data-bit DPA (DDPA)\cite{Cor99}, Address-bit DPA
(ADPA)\cite{IIT02}, and doubling attack \cite{FV03}. Moreover, we
propose two countermeasures that prevent from DDPA and a
countermeasure against ADPA. One of the countermeasures using
randomization of the base element proposed to defeat DDPA, i.e.,
randomization of the base element using field isomorphism, could
be used to break doubling attack. Thus if we only deal with SPA,
DDPA, ADPA, and doubling attack as the attack algorithm for
XTR-SE, XTR-SE should be added following countermeasures:
randomization of the base element using field isomorphism (DDPA
and doubling attack) + randomized addressing (ADPA). But the
proposed countermeasure against doubling attack is very
inefficient. So to maintain the advantage of efficiency of XTR a
good countermeasure against doubling attack is actually necessary.

ePrint: https://eprint.iacr.org/2004/123

See all topics related to this paper.

Feel free to post resources that are related to this paper below.

Example resources include: implementations, explanation materials, talks, slides, links to previous discussions on other websites.

For more information, see the rules for Resource Topics .