Vol.3 No.1 2010

94/110

Research paper : Secure implementation of cryptographic modules (A. Satoh et al.)−91−Synthesiology - English edition Vol.3 No.1 (2010) Meanwhile, the initial version of SASEBO board obtained the first JCMVP® certification[24] for a hardware module. As a secure implementation example, all of its design information and source codes are available to the public on the SASEBO web site. By the same token, we will attempt to obtain a JCMVP® certification for the SASEBO-GII. 4.3 Simple power analysis on an RSA cipher circuitThis section presents a practical side-channel attack example with the RSA scheme implemented on the SASEBO’s FPGA and LSI and the experimental results from Simple Power Analysis (SPA), which extracts the cryptographic key directly from the power traces (namely, the waveform of power consumption).The modular exponentiation operations expressed in Eq. (1) and Eq. (2) define the RSA scheme encryption and its inversion as the decryption, respectively. The plaintext x, the data before encryption in Eq. (1), will be encrypted with e and n, both of which form the public key, into the ciphertext y, while in Eq. (2) the ciphertext y will be decrypted with the secret key (a.k.a. private key) d into the plaintext x. In these computations, 1,024-bit or longer precision integers are typically used for every variable except e so that it can be computationally difficult to obtain the secret key from the public key, while still theoretically possible. Encryption : y = xe mod n (1) Decryption : x = yd mod n (2)The modular exponentiation operation in the RSA scheme is realized by iterating modular multiplication and modular squaring operations, reflecting the bit pattern of the exponent e or d. SPA attempts to acquire the secret key d by examining the computation times of each operation[21] or the differences in the power traces of each operation. Figure 5 represents an example of the left binary method, which begins the bit-wise test for the exponent d=25=11001(2) from the left end. As the result of each test, a bit ‘0’ involves a modular squaring operation, whereas a bit ‘1’ invokes both modular squaring and multiplication ( × x) operations. If one can distinguish between the power traces of every squaring (S) and multiplication (M), the result represents the secret key directly.However, the difference between squaring and multiplication is not necessarily observable for the intermediate value derived from the input data differing every time. In this regard, some attack methods that enhance the difference of the operations on the power trace by manipulating input data have been studied. Figure 6 depicts parts of the power traces measured for the running RSA circuits on the 130-nm cryptographic LSI (represented as ASIC in the figure) and on the FPGA mounted on the SASEBO-R and SASEBO-G, respectively. It is difficult to distinguish between the power traces of multiplication and squaring on either circuit for random input data. However, by providing the input with the particular value x=2-1024 that is effective for the attack against the 1,024-bit Montgomery multiplication algorithm adopted in the circuits, the results show the clear distinction between multiplication (M) and squaring (S).Fig. 3 SASEBO Board.Fig. 4 Cryptographic LSI.(a) SASEBO-G (b) SASEBO-B(c) SASEBO-R (d) SASEBO-GII(a) 90-nm Version (b) 130-nm VersionFig. 5 SPA against RSA implemented with the left binary method.Fig. 6 SPA against RSA implemented on SASEBO-R and SASEBO-G (x=2-1024).Squ.Squ.Squ.Squ.Mul.Mul.1100x25 = x11001(2) = (((x2×x)2)2)2×x mod n(a) ASIC (b) FPGA

※このページを正しく表示するにはFlashPlayer9以上が必要です