Results 1 -
8 of
8
Hardware Architectures for Public Key Cryptography
, 2002
"... This paper presents an overview of hardware implementations for the two commonly used types of Public Key Cryptography, i.e. RSA and Elliptic Curve Cryptography (ECC), both based on modular arithmetic. We first discuss the mathematical background and the algorithms to implement these cryptosystems. ..."
Abstract
-
Cited by 30 (7 self)
- Add to MetaCart
This paper presents an overview of hardware implementations for the two commonly used types of Public Key Cryptography, i.e. RSA and Elliptic Curve Cryptography (ECC), both based on modular arithmetic. We first discuss the mathematical background and the algorithms to implement these cryptosystems. Next an overview is given of the different hardware architectures which have been proposed in the literature.
Information Leakage Attacks Against Smart Card
- in EUROSMART Security Conference
, 2000
"... Abstract. Every practical implementation of a cryptographic algorithm represents a physical device possessing potential side channels not covered by the security models of theoretical cryptography. Hence, even provable secure cryptographic algorithms may be attacked due to leakage of information. Sm ..."
Abstract
-
Cited by 26 (0 self)
- Add to MetaCart
Abstract. Every practical implementation of a cryptographic algorithm represents a physical device possessing potential side channels not covered by the security models of theoretical cryptography. Hence, even provable secure cryptographic algorithms may be attacked due to leakage of information. Smart cards and security ICs are often used as tamper-proof security devices. To prevent an attacker from exploiting easily accessible information like power consumption, running time, input-output behavior under malfunctions caused, i. e., by irregular clocking, radiation, power peaks, special precautions have to be taken. Commonly used countermeasures against information leakage are the reduction of the signal-to-noise ratio using special implementation techniques for hardware and software and the decorrelation of secret internal data from the channels observable by an attacker. In this contribution we survey the basic concepts of known attacks based on information leakage, i. e., timing attack, differential fault analysis, SPA, and DPA, and the countermeasures proposed in the literature. These methods comprise hardware design techniques and the design and implementation of modifications of cryptographic algorithms. 1
Montgomery Exponentiation with no Final Subtractions: Improved Results
- In Cryptographic Hardware and Embedded Systems - CHES 2000, LNCS 1965
"... . The Montgomery multiplication is commonly used as the core algorithm for cryptosystems based on modular arithmetic. With the advent of new classes of attacks (timing attacks, power attacks), the implementation of the algorithm should be carefully studied to thwart those attacks. Recently, Coli ..."
Abstract
-
Cited by 18 (1 self)
- Add to MetaCart
(Show Context)
. The Montgomery multiplication is commonly used as the core algorithm for cryptosystems based on modular arithmetic. With the advent of new classes of attacks (timing attacks, power attacks), the implementation of the algorithm should be carefully studied to thwart those attacks. Recently, Colin D. Walter proposed a constant time implementation of this algorithm [17, 18]. In this paper, we propose an improved (faster) version of this implementation. We also provide figures about the overhead of these versions relatively to a speed optimised version (theoretically and experimentally). Keywords. Montgomery multiplication, modular exponentiation, smart cards, timing attacks, power attacks 1 Introduction In RSA based crypto-systems, modular exponentiations are often computed with Montgomery multiplications [14].The optimisation of this algorithm is consequently very important. Several fast implementations of this algorithm were proposed both in hardware (e.g. [18]) and softwar...
Flexible Hardware Design for RSA and Elliptic Curve Cryptosystems
- Proceedings of Topics in Cryptology - CT-RSA 2004. Lecture Note in Computer Science
, 2004
"... Abstract. This paper presents a scalable hardware implementation of both commonly used public key cryptosystems, RSA and Elliptic Curve Cryptosystem (ECC) on the same platform. The introduced hardware accelerator features a design which can be varied from very small (less than 20 Kgates) targeting w ..."
Abstract
-
Cited by 10 (3 self)
- Add to MetaCart
(Show Context)
Abstract. This paper presents a scalable hardware implementation of both commonly used public key cryptosystems, RSA and Elliptic Curve Cryptosystem (ECC) on the same platform. The introduced hardware accelerator features a design which can be varied from very small (less than 20 Kgates) targeting wireless applications, up to a very big design (more than 100 Kgates) used for network security. In latter option it can include a few dedicated large number arithmetic units each of which is a systolic array performing the Montgomery Modular Multiplication (MMM). The bound on the Montgomery parameter has been optimized to facilitate more secure ECC point operations. Furthermore, we present a new possibility for CRT scheme which is less vulnerable to side-channel attacks.
AN FPGA IMPLEMENTATION OF RIJNDAEL: TRADE-OFFS FOR SIDE-CHANNEL SECURITY
"... Abstract: This work proposes a complete and side-channel proof solution for an ..."
Abstract
-
Cited by 2 (0 self)
- Add to MetaCart
(Show Context)
Abstract: This work proposes a complete and side-channel proof solution for an
unknown title
, 809
"... Side-channel attacks are efficient attacks against cryptographic devices. They use only quantities observable from outside, such as the duration and the power consumption. Attacks against synchronous devices using electric observations are facilitated by the fact that all transitions occur simultane ..."
Abstract
- Add to MetaCart
(Show Context)
Side-channel attacks are efficient attacks against cryptographic devices. They use only quantities observable from outside, such as the duration and the power consumption. Attacks against synchronous devices using electric observations are facilitated by the fact that all transitions occur simultaneously with some global clock signal. Asynchronous control remove this synchronization and therefore makes it more difficult for the attacker to insulate interesting intervals. In addition the coding of data in an asynchronous circuit is inherently more difficult to attack. This article describes the Programmable Logic Block of an asynchronous FPGA resistant against side-channel attacks. Additionally it can implement different styles of asynchronous control and of data representation. 1
On Using Fast Exponentiation Algorithm in PDAs (or: How Secure is the Discrete Logarithm Problem Assumption in PDAs?) (Extended Abstract)
"... Personal Digital Assistants (PDAs) are the miniature of normal size PCs, with a very limited computational power. In this paper, we investigate the security of PDAs when they are used to perform some cryptographic applications. In our context, we investigate the computation y = g x (mod p), for a pr ..."
Abstract
- Add to MetaCart
(Show Context)
Personal Digital Assistants (PDAs) are the miniature of normal size PCs, with a very limited computational power. In this paper, we investigate the security of PDAs when they are used to perform some cryptographic applications. In our context, we investigate the computation y = g x (mod p), for a prime p, which is believed to be secure in the sense of the Discrete Logarithm Problem (DLP) assumption. To be more precise, knowing only p, g and y, it is hard to derive x. We note that this computation is the most important operation in most cryptographic algorithms. However, due to the limited computational power of PDAs, such computation requires some amount of time (and battery life). We show that by observing one of these parameters, we can reduce the hard problem of DLP to be predictable, and hence it is not secure. We also show how to securely generate these kind of computations with PDAs by employing some different techniques, so that they will not reveal any additional information to a passive eavesdropper. In contrast to previous works, we do not assume that the attacker can take the full control of the PDA. This assumption is only applicable to a smart card whenever it is used in a malicious smart card reader.
