Key bit-dependent attack on protected PKC using a single trace

Abstract

Public key cryptosystems are typically based on scalar multiplication or modular exponentiation algorithms where the key is unknown to an attacker. Such algorithms are vulnerable to side-channel attacks, and various countermeasures have been proposed. However, no combination of countermeasures is effective against single trace attacks. Hence, template and collision attacks have been the focus of research. However, such attacks require complicated pre-processing to eliminate noise. In this paper, we present a single trace attack based on the power consumption properties of the key bit check phase. The proposed attack does not require sophisticated pre-processing. We apply the attack to hardware and software implementations. In hardware implementation, we target the Montgomery-López-Dahab ladder algorithm and determine that private key bits can be extracted at a 100% success rate. In software implementation, we target the key bit check functions of mbedTLS and OpenSSL, and observe that private key bits can be recovered at 96.13% and 96.25% success rates, respectively. Moreover, if we use leakage associated with referred register addresses, the success rate is 100% in both cases. We propose two countermeasures to eliminate these vulnerabilities. Experimental results show that the proposed countermeasures can address these vulnerabilities effectively.