is there safety in numbers against side channel leakage?
DESCRIPTION
Is there Safety in Numbers against Side Channel Leakage?. Colin D. Walter UMIST, Manchester, UK www.co.umist.ac.uk. History. NSA Tempest programme P. Kocher (Crypto 96) Timing attack on implementations of Diffie-Hellman, RSA, DSS, and other systems - PowerPoint PPT PresentationTRANSCRIPT
Is there Safety in Numbers
against Side Channel Leakage?
Colin D. WalterUMIST, Manchester, UK
www.co.umist.ac.uk
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 2
History• NSA Tempest programme• P. Kocher (Crypto 96)
Timing attack on implementations of Diffie-Hellman, RSA, DSS, and other systems
• Dhem,…, Quisquater, et al. (CARDIS 1998)A practical implementation of the Timing Attack
• P. Kocher, J. Jaffe & B. Jun (Crypto 99) Introduction to Differential Power Analysis ….
• Messerges, Dabbish & Sloan (CHES 99) Power Analysis Attacks of Modular Exponentiation in Smartcards
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 3
Recent Attacks
• C. D. Walter & S. Thompson (CT-RSA 2001) Distinguishing Exponent Digits by Observing Modular Subtractions– a timing attack which averaged over a number of
exponentiations with same exponent
• C. D. Walter (CHES 2001) Sliding Windows succumbs to Big Mac Attack – a DPA attack which averaged using
the trace from a single exponentiation
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 4
Security Model
• Smartcard running RSA;
• Unknown modulus M, unknown exponent D;
• Known algorithms;
• Single H/W multiplier;
• Non-invasive, passive attack;
• Attacker unable to read or influence I/O;
• Can observe timing variations in long int ×n;
• Can measure multiplier power usage.
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 5
Context: • AB mod M
• Output from Montgomery modular multiplication: S < 2M
• Require output S < M or < 2n
• So conditional subtraction in S/W– This affects timing, and we assume it
can be observed.
The Timing Attack on RSA
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 6
Partial Product S
• Last step of Montgomery modr multn :
S (S + aB + qM)/r
a = top digit of A, dependent on size of A
q, S effectively randomly distributed
• For random A and fixed B, the average S is a linear function of B, indepnt of A
• Larger B more frequent final subtractions
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 7
Distribution of S
• For a multiply S behaves like random variable 2–nαβ + γ where α, β have the distributions of A, B and γ is uniform.
• For a square S behaves like 2–nα2 + γ.
• Integrating over values of α and β, the probability of S being greater than 2n is: … for multiply, … for square
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 8
Squares vs Multiplies
… for multiply, … for square.
• So probabilities of conditional subtraction of M are different.
• With sufficient observations we can distinguish squares from multiplies.
• ( Care: non-uniform distribution on [0..2n]. )
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 9
The Attack
• Obtain frequencies for each opn by performing many exponentiations;
• Separate squares from multiplications;
• In square-and-multiply exponentiation obtain the bits of the secret key D.
• Careless implementation of Modular Multiplication is dangerous.
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 10
m-ary Exponentiation
• If square-and-multiply leaks,
use m-ary exponentiation. Is it safer?
• Example: 4-ary to compute AD mod M– Each multiply is by one of
A, A2 or A3
• Can these be distinguished?
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 11
Differentiating Multipliers
• Pre-computations of A, A2 and A3 provide observation subsets with completely different distributions, hence different frequencies.
• Form 8 subsets for which the conditional subtraction is / is not made for these.
• Use vector of 8 freqs to identify multiplier and hence the exponent digit.
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 12
Sub in Initial Squaring
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 13
No Sub in Initial Squaring
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 14
Result• In m-ary exponentiation we maymay be
able to discover the bits of secret key D.
• Careless implementation of Modular Multiplication is dangerousdangerous also for m-ary exponentiation.
• Counter-measures:Counter-measures: avoid conditional subtractions oror replace D by D+rφ(M) for fresh, random 32-bit r.
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 15
Longer Keys?
• Frequencies of multipliers & squares are unaffected by key length.
• Exponent digits are equally identifiable.
• If p = prob of correctly assigning exp digit, and t = no. of exp digits then p is independent of key length and pt
= prob of correctly deducing key D.
• pt decreases. So longer key length is safer.
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 16
The DPA Attack on RSA
Summary: Differential Power Analysis (DPA) is used here to determine the secret key D from a single exponentiation.
Assumption: The implementation uses a single, small multiplier whose power consumption is data dependent and measurable.
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 17
Multipliers
• Switching a gate in the H/W requires more power than not doing so;
• On average, a Mult-Acc opn a×b+c has data dependent contributions roughly linear in the Hamming weights of a, b and c;
• Variation occurs because of the state left by the previous mult-acc opn.
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 18
Combining Traces I
• The long integer product A×B in an exponentiation contains a large number of small digit multiply-accumulates: ai×bj+ck
• Identify the power subtraces of each ai×bj+ck
from the power trace of A×B;
• Average the power traces for fixed i as j varies: this gives a trace tri which depends on ai
but only the average of the digits of B.
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 19
Combining Traces
a0b0 a0b1 a0b2 a0b3
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 20
Combining Traces
a0b0
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 21
Combining Traces
a0b0
a0b1
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 22
Combining Traces
a0b0
a0b1
a0b2
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 23
Combining Traces
a0b0
a0b1
a0b2
a0b3
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 24
Combining Traces
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 25
Combining Traces
a0(b0+b1+b2+b3)/4
Average the traces:
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 26
• b is effectively an average random digit;
• So trace is characteristic of a0 only, not B.
tr0
Combining Traces
a0b_
_
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 27
Combining Traces II
• The dependence of tri on B is minimal
if B has enough digits;
• Concatenate the average traces tri for each ai to obtain a trace trA which reflects properties of A much more strongly than those of B;
• The smaller the multiplier or the larger the number of digits (or both) then the more characteristic trA will be.
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 28
Combining Traces
tr0
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 29
Combining Traces
tr0 tr1
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 30
Combining Traces
tr0 tr1 tr2
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 31
Combining Traces
tr0 tr1 tr2 tr3
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 32
• This is the analogue of the freqy vector.
• Question: Is the trace trA sufficiently characteristic to determine repeated use of a multiplier A in an exponentiation routine?
Combining Traces
trA
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 33
Distinguish Digits?
• Averaging over the digits of B has reduced the noise level;
• In m-ary exponentiation we only need to distinguish: – squares from multiplies– the multipliers A(1), A(2), A(3), …, A(m–1)
• For small enough m and large enough number of digits they can be distinguished in a simulation of clean data.
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 34
Distances between Traces
tr0
tr1
d(0,1) = ( i=0(tr0(i)tr1(i))2 )½ n
in0
power
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 35
Simulation
tr0
tr1
d(0,1) = ( i=0(tr0(i)tr1(i))2 )½ n
in0
gate switch count
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 36
Simulation Results
16-bit multiplier, 4-ary expn, 512-bit modulus.
d(i,j) = distance between traces for ith and jth multiplications of expn.
Av d for same multipliers 2428 gates
SD for same multipliers 1183
Av d for different multipliers 23475 gates
SD for different multipliers 481
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 37
Simulation Results
• Equal exponent digits can be identified – their traces are close;
• Unequal exponent digit traces are not close;
• Squares can be distinguished from multns: their traces are not close to any other traces;
• There are very few errors for typical cases.
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 38
Expnt Digit Values
• As in timing case, pre-computations A(i+1) A A(i) mod M
provide traces for known multipliers. So:
• We can determine which multive opns are squares;
• We can determine the exp digit for each multn;
• We can determine the secret exponent D.
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 39
Longer Keys?
• Attack time is polynomial in key length t;
• Longer key means better average in traces and longer concatenated traces; so higher probability pt of correct digits.
• No greater safety against this attack from longer keys if pt
t goes up with t.
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 40
Longer Keys – Simulation
Example: 8-ary expn, 32-bit multiplier.
Double the key length: is p2t2 > pt ?
Key Length t 256 384 512 768 1024
Av to nearest 1529 2366 3750 4501 6246
SD to nearest 885 1403 2386 2535 3612
Av to others 5890 11753 17896 32594 53070SD to others 1108 2412 2279 4646 4581
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 41
Longer Keys?
• Av distance between equal multipliers is linear in key length;
• Av SD between equal multipliers is linear in key length;
• Av distance between different multipliers is not linear in key length: it goes up by a factor of 3 when key length doubles;
• Av SD between equal multipliers is linear in key length.
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 42
Longer Keys?
• So, to be closer to a wrong digit, traces have to be more than:
– 2.2 SDs above average for 256-bit keys
– 3.0 SDs above average for 512-bit keys
– 5.7 SDs above average for 1024-bit keys
• Assuming an approx. normal distribution, the probs pt are then, resp: 0.9861 0.99865 0.9999999943
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 43
Longer Keys? – No Way!
• So, for the simulation, we can deduce two digits more accurately than one when the key length is doubled.
• So the secret key So the secret key isis easier to deduce when easier to deduce when its length is increased.its length is increased.
• The implementation becomes The implementation becomes moremore insecure as key length increases.insecure as key length increases.
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 44
WarningWarning
• With the DPA averaging above,
it may be possible to use a
single exponentiationsingle exponentiation to
obtain the secret key
especially if the key length is increased;
• Using Using DD++rrφ(φ(MM) with random ) with random rr
may be no defence. may be no defence.
RSA Conf, Amsterdam, Oct 2001
C.D. Walter, UMIST 45
Final Conclusion
• Re-think the power of side-channel attacks on the implementation :
• they may become easier when the key length is increased.