Homework Help is Here – Start Your Trial Now!
Engineering
Computer Science
EXAMPLE: Kocher’s timing attacks on cryptosystems illustrate this [1084]. Kocher notes that the instructions executed by implementations of cryptosystems depend on the setting of bits in the key. For example, the algorithm in Figure 9–7 implements a fast modular exponentiation function. If a bit is 1, two multiplications occur; otherwise, one multiplication occurs. The extra multiplication takes extra time. Kocher determines bits of the confidential exponent by measuring computation time   x:= 1; atmp := a; for 1 := 0 to k-1 do begin If Zi = 1 then x := (x * atmp) mod n; atmp := )atmp * atmp) mod n; end; result := x; Figure 9–7 A fast modular exponentiation routine. This routine computes x = az mod n. The bits of z are zk–1... z0. Kocher’s attack derives information about the computation from the characteristic of time. As a cryptographic key is confidential, this is a side channel attack. This is an example of a passive side channel attack, because results are derived only from observations. The adversary simply monitors the system, and can record and analyze the observations offline if needed. In an active side channel attack, the adversary disrupts the system in some way, causing it to react to the disruption. The adversary measures the reaction, and from that deduces the desired information. Consider again the algorithm in Figure 9–7. The power used is another side channel for most instantiations of this algorithm. Explain how this side channel works. How might you add sufficient noise to it to render it unusable?

EXAMPLE: Kocher’s timing attacks on cryptosystems illustrate this [1084]. Kocher notes that the instructions executed by implementations of cryptosystems depend on the setting of bits in the key. For example, the algorithm in Figure 9–7 implements a fast modular exponentiation function. If a bit is 1, two multiplications occur; otherwise, one multiplication occurs. The extra multiplication takes extra time. Kocher determines bits of the confidential exponent by measuring computation time   x:= 1; atmp := a; for 1 := 0 to k-1 do begin If Zi = 1 then x := (x * atmp) mod n; atmp := )atmp * atmp) mod n; end; result := x; Figure 9–7 A fast modular exponentiation routine. This routine computes x = az mod n. The bits of z are zk–1... z0. Kocher’s attack derives information about the computation from the characteristic of time. As a cryptographic key is confidential, this is a side channel attack. This is an example of a passive side channel attack, because results are derived only from observations. The adversary simply monitors the system, and can record and analyze the observations offline if needed. In an active side channel attack, the adversary disrupts the system in some way, causing it to react to the disruption. The adversary measures the reaction, and from that deduces the desired information. Consider again the algorithm in Figure 9–7. The power used is another side channel for most instantiations of this algorithm. Explain how this side channel works. How might you add sufficient noise to it to render it unusable?

Systems Architecture
Systems Architecture
7th Edition
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Stephen D. Burd
Chapter8: Data And Network Communication Technology
Section: Chapter Questions
Problem 41VE
See similar textbooks
icon
Related questions
Question

EXAMPLE: Kocher’s timing attacks on cryptosystems illustrate this [1084]. Kocher notes that the instructions executed by implementations of cryptosystems depend on the setting of bits in the key. For example, the algorithm in Figure 9–7 implements a fast modular exponentiation function. If a bit is 1, two multiplications occur; otherwise, one multiplication occurs. The extra multiplication takes extra time. Kocher determines bits of the confidential exponent by measuring computation time

 

  1. x:= 1; atmp := a;

    for 1 := 0 to k-1 do begin

    If Zi = 1 then

    x := (x * atmp) mod n;

    atmp := )atmp * atmp) mod n;

    end;

    result := x;

Figure 9–7 A fast modular exponentiation routine. This routine computes x = az mod n. The bits of z are zk–1... z0.

Kocher’s attack derives information about the computation from the characteristic of time. As a cryptographic key is confidential, this is a side channel attack.

This is an example of a passive side channel attack, because results are derived only from observations. The adversary simply monitors the system, and can record and analyze the observations offline if needed. In an active side channel attack, the adversary disrupts the system in some way, causing it to react to the disruption. The adversary measures the reaction, and from that deduces the desired information.

Consider again the algorithm in Figure 9–7. The power used is another side channel for most instantiations of this algorithm. Explain how this side channel works. How might you add sufficient noise to it to render it unusable?

Expert Solution
trending now

Trending now

This is a popular solution!

steps

Step by step

Solved in 3 steps

SEE SOLUTIONCheck out a sample Q&A here
Blurred answer
Knowledge Booster
Public key encryption
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Similar questions
  • SEE MORE QUESTIONS
Recommended textbooks for you
Systems Architecture
Systems Architecture
Computer Science
ISBN:
9781305080195
Author:
Stephen D. Burd
Publisher:
Cengage Learning
SEE MORE TEXTBOOKS