由於網路的使用率增加,目前大多數的通訊傳遞皆經由電子通道傳送。一些隨著網路興起的應用,例如小額電子付費、線上購物和其他交易型的應用仰賴一種防篡改的設備 (例如智慧卡)。這些智慧卡嵌入了密碼的運算功能以致於提供高度的安全性,並且通常了包含了擁有者的身份資訊以及一些關於擁有者的秘密訊息。 自從公開金鑰密碼系統的發明以來,使多數位簽章方法相繼的被提出。在這些方法當中,RSA公開金鑰密碼系統是被認為最普遍方法由於其高度的安全性以及容易的實作。因此,藉由實作RSA或其他數位簽章方法到智慧卡內,這些智慧卡就能夠提供身份認證的功能。 自從Kocher提出了能量攻擊法來對抗智慧卡及其他密碼硬體設備的實作,許多密碼系統的設計者不只關心於密碼系統在數學上的安全性並且也關心於實作方面。相對於先前的主動式攻擊,例如錯誤攻擊法,能量攻擊法是一種被動式攻擊並且更容易實作。因此,許多的研究人員一直致力於發展一種安全並且有效率的防禦法來對抗能量攻擊法以及其他實體攻擊法。 在相關的文獻當中,有些防禦法仍然是具有爭議的並且無法對抗更進階的實體攻擊法。在本篇論文當中,我們將提出三種新的實體攻擊法來指出目前存在的一些防禦法並不安全。首先,藉由結合錯誤攻擊法以及簡單能量攻擊法,我們提出了一種攻擊於Montgomery的指數演算法,其原本是用來防禦簡單能量攻擊法以及一些錯誤攻擊法。第二,我們提出了一種更有力的能量攻擊法來攻擊一種以隨機編碼的方式來對抗差分能量攻擊法的防禦法。第三,我們擴展了目前一種存在的攻擊法來攻擊Montgomery的指數演算法。所提出的三種攻擊法皆以實際的實驗來證明攻擊法的可行性。 The recent communications are mostly through the electronic channel due to the increasingly usage of the Internet. Some applications such as micro-payment systems, on-line shopping, and other transaction applications employ temper-proof devices such as smart cards. These cards are embedded a cryptographic computation function so as to providing highly security, and they usually contain owner's identification and some secret information related to the owner. Since the introduction of the public-key cryptography, plenty of digital signature schemes are then proposed. Among these schemes, the RSA public-key cryptosystem is considered as the most popular scheme due to its highly security and easily implementation. Therefore, by deploying RSA or other signature schemes into smart cards, these temper-proof devices can be used to providing authentication and identification. Since Kocher proposed the power analysis attacks against the implementation of smart cards or other cryptographic hardware devices, many of cryptosystem designers concern not only the mathematic security of cryptography but also the implementation of smart cards. Contrary to the previously active attack such as the fault attack, power analysis attacks are passive attacks and more easier to mount. Therefore, many researchers have focusing on developing a secure and efficient countermeasure against power analysis attacks and some other physical attacks. In the related literatures, some of the countermeasures are still controversial and insecure in advanced physical attacks. In this thesis, we pointed out some of the existent countermeasures are insecure by the proposed three new physical attacks. First of all, by combining fault attack and simple power analysis, we proposed an attack on Montgomery ladder which was originally proposed to defeat simple power analysis and some fault-based attacks. Second, we proposed a more powerful power analysis attack against a countermeasure which was based on a randomized binary sign digit representation to defeat differential power analysis. Third, we extended the existent attack to develop a new type of attack against Montgomery ladder. Three attacks are then confirmed either by experimental result or by simulation result.
