Updated Recommendations for Blinded Exponentiation vs. Single Trace Analysis

• Published in: Constructive Side-Channel Analysis and Secure Design pp. 80 - 98
• Main Authors: Clavier, Christophe, Feix, Benoit
• Format: Book Chapter
• Language: English
• Published: Berlin, Heidelberg Springer Berlin Heidelberg
• Series: Lecture Notes in Computer Science
• Subjects: arithmetic coprocessor; exponentiation; long integer algorithms; padding; side-channel analysis
• ISBN: 3642400256; 9783642400254
• ISSN: 0302-9743; 1611-3349
• DOI: 10.1007/978-3-642-40026-1_6

Side-channel analysis has become a very powerful tool helpful for attackers trying to recover the secrets embedded in microprocessors such as smartcards. Since the initial publications from Kocher et al. many improvements on side-channel techniques have been proposed. At the same time developers have designed countermeasures to counterfeit those threats. The challenge for securing smart devices remains rough. The most complex techniques like Differential, Correlation and Mutual-information analysis are more studied today than simple side-channel analysis which seems less considered as said less powerful. We revisit in this paper the simple side-channel analysis attacks previously published. Relying on previous leakage models we design two new methods to build chosen message which allows more efficient analysis on blinded exponentiation. We also show that, contrarily to common belief, with our chosen message method simple side-channel analysis can be successful also in some hashed message models. In a second step we introduce a more precise but realistic leakage model for hardware multipliers which leads us to new results on simple side-channel efficiency. Relying on these models we show that even with big base multipliers leakages can be exploited to recover the secret exponent on blinded exponentiations.