Loading…
New single-trace side-channel attacks on a specific class of Elgamal cryptosystem
The so-called $N - 1$N−1 attack is one of the most important order-2 element attacks, as it requires a non-adaptive chosen ciphertext which is considered as a more realistic attack model compared to adaptive chosen ciphertext scenario. To protect the implementation against $N - 1$N−1 attack, several...
Saved in:
Published in: | IET information security 2020-03, Vol.14 (2), p.151-156 |
---|---|
Main Authors: | , , , |
Format: | Article |
Language: | English |
Subjects: | |
Citations: | Items that this one cites |
Online Access: | Request full text |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Summary: | The so-called $N - 1$N−1 attack is one of the most important order-2 element attacks, as it requires a non-adaptive chosen ciphertext which is considered as a more realistic attack model compared to adaptive chosen ciphertext scenario. To protect the implementation against $N - 1$N−1 attack, several literatures propose the simplest solution, i.e. ‘block the special message $N - 1$N−1’. In this study, the authors conduct an in-depth research on the $N - 1$N−1 attack based on the SMA and Montgomery ladder (ML) algorithms. They show that despite the unaccepted ciphertext $N - 1$N−1 countermeasure, other types of $N - 1$N−1 attacks are applicable to specific classes of Elgamal cryptosystems. They propose new chosen-message power-analysis attacks with order-4 elements which utilise a chosen ciphertext c such that $c^2 = - 1\bmod p$c2=−1modp where p is the prime number used as a modulus in Elgamal. Such a ciphertext can be found simply when $p \equiv 1\bmod 4$p≡1mod4. They demonstrate that ML and SMA algorithms are subjected to the new $N - 1$N−1-type attack by utilising a different ciphertext. They implement the proposed attacks on the TARGET Board of the ChipWhisperer CW1173 and the proposed experiments validate the feasibility and effectiveness of the attacks by using only a single power trace. |
---|---|
ISSN: | 1751-8709 1751-8717 1751-8717 |
DOI: | 10.1049/iet-ifs.2019.0044 |