傳統的密碼安全研究,只著重於密碼系統中的各類元件(primitive)在數學上的安全性。然而,實體密碼安全(physical security)的觀念被提出後,密碼系統的實作的安全分析開始受到重視,各類型的攻擊法及對應的防禦法相繼被提出。而指數運算是多數公開金鑰密碼系統的核心運算,因此對於公開金鑰密碼系統的實體密碼分析,多半著重於其中的指數運算演算法。 在此論文中,我們首先利用multi-exponentiation 及side-channel atomicity 的觀念,提出了一個高效率的指數運算防禦法。此指數運算防禦法可同時抵抗目前 已知的簡單能量攻擊法(SPA)及差分能量攻擊法(DPA),同時此指數運算防禦法未 使用填充運算(dummy operation),因此提出的指數運算防禦法也可抵抗計算安全錯誤攻擊法(C safe-error attack)。 根據相關文獻,有些防禦法的安全性仍然是有爭論的,隨著新的實體攻擊法相繼被提出,有些防禦法已無法防禦這些新的攻擊法。在此論文中,我們提出了一個新的能量攻擊法,利用統計上的差異,攻擊一種可抵抗差分攻擊法的從左到右隨機編碼防禦法。 The security of classical cryptography depends on the difficult mathematical problems. However, when physical security is proposed, many researchers turn their attention to the implementations of cryptosystems, and related attacks and corre-sponding countermeasures are also proposed. In many public-key cryptosystems, modular exponentiation is the main operation. Hence, the physical cryptanalysis about public-key cryptosystems always focus on modular exponentiation algorithm. In this thesis, firstly, both techniques of multi-exponentiation and side-channel atomicity are employed to propose a more efficient exponentiation countermeasure. The proposed countermeasure can resist against SPA and DPA at the same time, and we also notice that the proposed countermeasure can be free from well known C safe-error attack. According to related lectures, some countermeasures are still controversial and insecure in advanced physical attacks. Hence, we point out one of the existent countermeasure is still insecure by the proposed new power analysis. In this thesis, we propose a new power analysis against left-to-right Ha-Moon's countermeasure which is based on a randomized binary signed digit representation to resist against differential power analysis.
