Timing attacks break a cryptosystem by time measurement to recover keys. Most available countermeasures protect block ciphers based on the safety of modules. This paper gives a complete definition of timing attacks and studies the vulnerability of operations and modules on timing attacks. We present a method to transfer the security of the algorithm to that of secure operations by reduction. As a result, we hopefully tend to reconcile the provable security notions and modem cryptography with real-world implementations of block ciphers.
Scalar multiplication [n]P is the kernel and the most time-consuming operation in elliptic curve cryptosystems. In order to improve scalar multiplication, in this paper, we propose a tripling algorithm using Lopez and Dahab projective coordinates, in which there are 3 field multiplications and 3 field squarings less than that in the Jacobian projective tripling algorithm. Furthermore, we map P to(φε^-1(P), and compute [n](φε^-1(P) on elliptic curve Eε, which is faster than computing [n]P on E, where φε is an isomorphism. Finally we calculate (φε([n]φε^-1(P)) = [n]P. Combined with our efficient point tripling formula, this method leads scalar multiplication using double bases to achieve about 23% improvement, compared with Jacobian projective coordinates.
Precise zero-knowledge was introduced by Micali and Pass in STOC06. This notion captures the idea that the view of a verifier can be reconstructed in almost same time. Following the notion, they constructed some precise zero-knowledge proofs and arguments, in which the communicated messages are polynomial bits. In this paper, we employ the new simulation technique introduced by them to provide a precise simulator for a modified Kilian's zero-knowledge arguments with poly-logarithmic efficiency (this modification addressed by Rosen), and as a result we show this protocol is a precise zero-knowledge argument with poly-logaxithmic efficiency. We also present an alternative construction of the desired protocols.
Substitution permutation network (SPN) is one important structure of block cipher cryptosystems. Prior work has shown different fault analyses on SPN. The formalization of fault analysis of both attack and protect on SPN have been given. The overhead and time tolerance of fault detection have been discussed. The pseudo-blinding method to detect fault attack is introduced, and the balance of the security, overhead and time tolerance based on the evaluation could be made.
Precise zero-knowledge was introduced by Micali and Pass in STOC'06.This notion captures the idea that the view of any verifier in interaction can be reconstructed in almost time.Pass also obtained a sequential composition lemma for precise zero-knowledge protocols.However,this lemma doesn't provide tight precisions for composed protocols.In this paper we further obtain a sequential composition lemma for a subclass of precise zero-knowledge protocols,which all satisfy a property:their simulators use the code of verifier in almost the black-box way.We call such subclass emulated black-box zero-knowledge protocols.Our lemma provides better precisions for sequential composition of such protocols.
Based on the structure of the side channel attacks (SCAs) to RSA cryptosystem can resist the fault attack and combine with the randomization method for the message and secret exponent, a new implementation scheme of CRT-based (the Chinese remained theorem) RSA is proposed. The proposed scheme can prevent simple power analysis (SPA), differential power analysis (DPA) and time attack, and is compatible with the existing RSA-CRT cryptosystem as well. In addition, an improvement for resisting fault attack is proposed, which can reduce extra computation time.
