[go: up one dir, main page]

What a lovely hat

Is it made out of tin foil?

Paper 2009/538

Side-Channel Analysis of Cryptographic Software via Early-Terminating Multiplications

Johann Großschädl, Elisabeth Oswald, Dan Page, and Michael Tunstall

Abstract

The design of embedded processors demands a careful trade-off between many conflicting objectives such as performance, silicon area and power consumption. Finding such a trade-off can often ignore the issue of security, which can cause, otherwise secure, software to leak information through so-called micro-architectural side channels. In this paper we show that early-terminating integer multipliers found in many embedded processors (e.g., ARM7TDMI) represent an instance of this problem. The early-termination mechanism causes differences in the time taken to compute a multiplication depending on the magnitude of the operands (e.g., up to three clock cycles on an ARM7TDMI processor), which are observable via variations in execution time and power consumption. Exploiting the early-termination mechanism makes Simple Power Analysis (SPA) attacks relatively straightforward to conduct, and may even allow one to attack implementations with integrated countermeasures that would not leak any information when executed on a processor with a constant-latency multiplier. We describe a number of case studies, including both public-key (RSA, ECIES) and secret-key algorithms (RC6, AES), to demonstrate the threat posed by early-terminating multipliers. Furthermore, we describe an implementation of one such attack on an implementation of AES, where we were able the extract the entire key using just eight power traces.

Metadata
Available format(s)
PDF PS
Category
Implementation
Publication info
Published elsewhere. Unknown where it was published
Keywords
side channel analysiscomputer arithmetic
Contact author(s)
tunstall @ cs bris ac uk
History
2009-11-05: revised
2009-11-05: received
See all versions
Short URL
https://ia.cr/2009/538
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2009/538,
      author = {Johann Großschädl and Elisabeth Oswald and Dan Page and Michael Tunstall},
      title = {Side-Channel Analysis of Cryptographic Software via Early-Terminating Multiplications},
      howpublished = {Cryptology {ePrint} Archive, Paper 2009/538},
      year = {2009},
      url = {https://eprint.iacr.org/2009/538}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.