The Schindler-Itoh-attack in case of partial information leakage

Abstract

Schindler and Itoh proposed a side-channel attack on implementations of the double-and-add-algorithm with blinded exponents, where dummy additions can be detected with errors. Here this approach is generalized to partial information leakage: If window methods are used, several different types of additions occur. If the attacker can only discriminate between some types of additions, but not between all types, the so-called basic version of the attack is still feasible and the attacker can correct her guessing errors and find out the secret scalar. Sometimes generalized Schindler-Itoh methods can reveal even more bits than leak by SPA. In fact this makes an attack on a 2bit-window-algorithm feasible for a 32-bit randomization, where the attacker can distinguish between additions of different values with error rates up to 0.15, but cannot detect dummy additions. A barrier to applying the so-called enhanced version to partial information leakage is described. © 2012 Springer-Verlag.