1 research outputs found
New Single-Trace Side-Channel Attacks on a Specific Class of Elgamal Cryptosystem
In 2005, Yen et al. proposed the first attack on the modular exponentiation algorithms such as BRIP and square-and-multiply-always methods. This attack makes use of the ciphertext as a distinguisher of low order to obtain a strong relation between side-channel leakages and secret exponent. The so-called attack is one of the most important order-2 element attacks, as it requires a non-adaptive chosen ciphertext which is considered as a more realistic attack model compared to adaptive chosen ciphertext scenario. To protect the implementation against attack, several literatures propose the simplest solution, i.e. \textquotedblleft block the special message . In this paper, we conduct an in-depth research on the attack based on the square-and-multiply-always (SMA) and Montgomery Ladder (ML) algorithms. We show that despite the unaccepted ciphertext countermeasure, other types of attacks is applicable to specific classes of Elgamal cryptosystems. We propose new chosen-message power-analysis attacks with order-4 elements which utilize a chosen ciphertext such that where is the prime number used as a modulus in Elgamal. Such a ciphertext can be found simply when . We demonstrate that ML and SMA algorithms are subjected to our new -type attack by utilizing a different ciphertext. We implement the proposed attacks on the TARGET Board of the ChipWhisperer CW1173 and our experiments validate the feasibility and effectiveness of the attacks by using only a single power trace