Linear Discriminant Analysis-Based Template Attack for Masked Im‍ple‍mentation of Modular Exponentiation

HAN Xu-cang; CHEN Bo-tao; CAO Wei-qiong; CHEN Hua; LI Hao-yuan

doi:10.12263/DZXB.20230419

您当前的位置：

首页 >

文章列表页 >

Linear Discriminant Analysis-Based Template Attack for Masked Im‍ple‍mentation of Modular Exponentiation

PAPERS | 更新时间：2025-12-08

- Linear Discriminant Analysis-Based Template Attack for Masked Im‍ple‍mentation of Modular Exponentiation
- ACTA ELECTRONICA SINICA Vol. 51, Issue 11, Pages: 3024-3032(2023)
- 作者机构：
  
  1.中国科学院软件研究所可信计算与信息保障实验室,北京 100190
  2.中国科学院大学,北京 100049
  3.北京中电华大电子设计有限责任公司,北京 102209
- 作者简介：
- 基金信息：
  
  National Natural Science Foundation of China(62172395)
- DOI：10.12263/DZXB.20230419
  CLC： TN918;TP309
- Received：10 May 2023，
  
  Revised：2023-08-30，
  
  Published：25 November 2023
- 稿件说明：
移动端阅览
韩绪仓,陈波涛,曹伟琼等.基于线性判别分析的模幂掩码模板攻击方法[J].电子学报,2023,51(11):3024-3032.

HAN Xu-cang,CHEN Bo-tao,CAO Wei-qiong,et al.Linear Discriminant Analysis-Based Template Attack for Masked Im‍ple‍mentation of Modular Exponentiation[J].ACTA ELECTRONICA SINICA,2023,51(11):3024-3032.
韩绪仓,陈波涛,曹伟琼等.基于线性判别分析的模幂掩码模板攻击方法[J].电子学报,2023,51(11):3024-3032. DOI： 10.12263/DZXB.20230419.

HAN Xu-cang,CHEN Bo-tao,CAO Wei-qiong,et al.Linear Discriminant Analysis-Based Template Attack for Masked Im‍ple‍mentation of Modular Exponentiation[J].ACTA ELECTRONICA SINICA,2023,51(11):3024-3032. DOI： 10.12263/DZXB.20230419.

摘要

掩码在模幂安全实现中被广泛采用，其抵抗侧信道分析的能力已被充分证明.本文发现模乘运算中读操作数的功耗将泄露操作数的地址，进而提出了一种基于线性判别分析的模板攻击方法，可对模幂掩码实现进行攻击.相比以往基于操作数的泄露，读操作数的功耗泄露将不受掩码的影响，对常见的带掩码防护的模幂实现仍有效.本文提出的方法首先将测试向量泄露检测技术应用于泄露特征提取，降低了无关点对攻击的影响；然后将线性判别分析扩展用于对曲线的分类和降维，提升了曲线的类可分离性.最后，本文以硬件模幂掩码实现为实验对象，通过实验验证了基于读取操作数的泄露分布在整个模乘运算中，且对不同类型模乘分类的准确率可达到99.98%.

Abstract

Masking is widely used in secure implementations of modular exponentiation

and its ability of side-channel resilient has been well-demonstrated. During the modular multiplication in modular exponentiation

we discovered that there are several fetch operations

and variations in the power consumption

which revealed the address of the operands

and then proposed a template attack based on linear discriminant analysis aiming at this vulnerability. In contrast to operand-based leakage

fetch-based leakage is not affected by mask and thus can be effective in attacking masking-based modular exponentiation. In our analysis

we extended testing vector leakage detection to the extraction of leaked features

which reduced the influence of irrelevant points. Second

linear discriminant analysis was utilized to trace classification and reduced the dimensionality of traces

which improved the ability of trace separability. Finally

an attack was conducted on a hardware implementation of masking-based modular exponentiation. Results showed that fetch-based leakage was distributed in the entire modular multiplication operation

and the correct ratio of modulo multiplication identification is up to 99.98%.

关键词

Keywords

references

MESSERGES T S , DABBISH E A , SLOAN R H . Power analysis attacks of modular exponentiation in smartcards [C ] // Cryptographic Hardware and Embedded Systems . Berlin : Springer , 1999 : 144 - 157 .

SCHINDLER W , ITOH K . Exponent blinding does not always lift (partial) spa resistance to higher-level security [C ] // Applied Cryptography and Network Security . Berlin : Springer , 2011 : 73 - 90 .

HOMMA N , MIYAMOTO A , AOKI T , et al . Collision-based power analysis of modular exponentiation using chosen-message pairs [C ] // Cryptographic Hardware and Embedded Systems—CHES 2008 . Berlin : Springer , 2008 : 15 - 29 .

AMIEL F , FEIX B , TUNSTALL M , et al . Distinguishing multiplications from squaring operations [C ] // Selected Areas in Cryptography . Berlin : Springer , 2009 : 346 - 360 .

WITTEMAN M F , VAN WOUDENBERG J G J , MENARINI F . Defeating RSA multiply-always and message blinding countermeasures [C ] // Topics in Cryptology—CT-RSA 2011 . Berlin : Springer , 2011 : 77 - 88 .

CLAVIER C , FEIX B , GAGNEROT G , et al . ROSETTA for single trace analysis [C ] // Progress in Cryptology-INDOCRYPT 2012: 13th International Conference on Cryptology in India . Berlin : Springer , 2012 : 140 - 155 .

CLAVIER C , FEIX B , GAGNEROT G , et al . Horizontal correlation analysis on exponentiation [C ] // Information and Communications Security . Berlin : Springer , 2010 : 46 - 61 .

COURRÈGE JC , FEIX B , ROUSSELLET M . Simple power analysis on exponentiation revisited [C ] // Smart Card Research and Advanced Application : 9th IFIP WG 8 .8/11.2 International Conference, CARDIS 2010 . Berlin : Springer , 2010: 65 - 79 .

BAUER A , JAULMES E , PROUFF E , et al . Horizontal and vertical side-channel attacks against secure RSA implementations [C ] // Topics in Cryptology—CT-RSA 2013 . Berlin : Springer , 2013 : 1 - 17 .

HANLEY N , KIM H , TUNSTALL M . Exploiting collisions in addition chain-based exponentiation algorithms using a single trace [C ] // Lecture Notes in Computer Science . Cham : Springer International Publishing , 2015 : 431 - 448 .

BATINA L , CHMIELEWSKI Ł , PAPACHRISTODOULOU L , et al . Online template attacks [J ] . Journal of Cryptographic Engineering , 2019 , 9 ( 1 ): 21 - 36 .

DUGARDIN M , PAPACHRISTODOULOU L , NAJM Z , et al . Dismantling real-world ECC with horizontal and vertical template attacks [C ] // Constructive Side-Channel Analysis and Secure Design: 7th International Workshop , COSADE 2016 . Cham : Springer International Publishing , 2016: 88 - 108 .

HHEYSZL J , IBING A , MANGARD S , et al . Clustering algorithms for non-profiled single-execution attacks on exponentiations [M ] // Smart Card Research and Advanced Applications . Cham : Springer International Publishing , 2014 : 79 - 93 .

PERIN G , CHMIELEWSKI Ł . A semi-parametric approach for side-channel attacks on protected RSA implementations [M ] // Smart Card Research and Advanced Applications . Cham : Springer International Publishing , 2016 : 34 - 53 .

MAGHREBI H , PORTIGLIATTI T , PROUFF E . Breaking cryptographic implementations using deep learning techniques [M ] // Security, Privacy, and Applied Cryptography Engineering . Cham : Springer International Publishing , 2016 : 3 - 26 .

CARBONE M , CONIN V , CORNÉLIE M A , et al . Deep learning to evaluate secure RSA implementations [J ] . IACR Transactions on Cryptographic Hardware and Embedded Systems , 2019 , 2019( 2 ): 132 - 161 .

ZAID G , BOSSUET L , HABRARD A , et al . Efficiency through diversity in ensemble models applied to side-channel attacks [J ] . IACR Transactions on Cryptographic Hardware and Embedded Systems , 2021 , 2021( 3 ): 60 - 96 .

PERIN G , CHMIELEWSKI Ł , BATINA L , et al . Keep it unsupervised: Horizontal attacks meet deep learning [J ] . IACR Transactions on Cryptographic Hardware and Embedded Systems , 2020 , 2021 ( 1 ): 343 - 372 .

SAITO K , ITO A , UENO R , et al . One truth prevails: A deep-learning based single-trace power analysis on RSA—CRT with windowed exponentiation [J ] . IACR Transactions on Cryptographic Hardware and Embedded Systems , 2022 , 2022( 4 ): 490 - 526 .

周志华 . 机器学习 [M ] . 北京 : 清华大学出版社 , 2016 : 60 - 63 .

ZHOU Z H . Machine Learning [M ] . Beijing : Tsinghua University Press , 2016 : 60 - 63 . (in Chinese)

GOODWILL G , JUN B , JAFFE J , et al . A testing methodology for side-channel resistance validation [C ] // NIST Non-Invasive Attack Testing Workshop (NIAT2011) . Gaithersburg : NIST , 2011 : 115 - 136 .

KAYA KOC C , ACAR T , KALISKI B S . Analyzing and comparing Montgomery multiplication algorithms [J ] . IEEE Micro , 1996 , 16 ( 3 ): 26 - 33 .

Views

下载量

CSCD

Alert me when the article has been cited

提交

Tools

Publicity Resources

An Attack Method Against the Modular Reduction Within a RSA-CRT Implementation Based on Template Attack

Source Cell-Phone Identification Under Background Noise Based on Low-Dimensional Deep Features

Global and Local Preserving Based Semi-supervised Support Vector Machine

Related Author

WU Li-ji

MA Xiang-liang

WANG Hong

ZHANG Xiang-min

HUANG Ke-zhen

LIU Yu-ling

SU Zhao-pin

WU Zhang-qian

Related Institution

School of Integrated Circuits， Tsinghua University

Beijing National Research Center for Information Science and Technology， Tsinghua University

School of Integrated Circuits， Beijing University of Posts and Telecommunications

National Research Center for Information Technology Security

Institute of Information Engineering， Chinese Academy of Sciences

⁰