現今許多密碼硬體設備如智慧卡已在日常生活中被廣泛使用,然而,近幾年的研究指出實作不周嚴的密碼系統並無法抵擋實體密碼分析的攻擊。以公開金鑰密碼系統而言,指數與純量乘法演算法分別為實體密碼分析兩個主要的攻擊目標,而由於模指數與純量乘法運算是許多公開金鑰系統的核心運算,因此,這些密碼演算法在實作上是否能對抗實體密碼分析的攻擊開始受到重視。 在本論文的前半部分,我們首先證明Joye在 2009 年所提出之指數運算防禦法會遭受一種強大的能量分析攻擊,並且我們提出兩種較安全的指數運算防禦機制消除Joye防禦法的安全性弱點,此兩種指數運算防禦法在效能上與Joye的防禦法幾乎沒有差異。 而在論文的後半部分,我們將分析由張等人在 2008 年所提出之純量乘法防禦法的安全性。由於張等人的防禦法會遭受記憶體安全錯誤攻擊法(memory safe-error attack)的攻擊,因此,我們提出兩種有效率的純量乘法運算防禦機制抵擋包含記憶體安全錯誤攻擊法在內的數種實體密碼分析攻擊。藉由嚴謹的安全性及效能分析,此兩種純量乘法運算防禦法相較於張等人的防禦法來的更有效率,安全性也較高。Nowadays many cryptographic hardware devices such as smart cards are widely used in our daily lives. However, recent development of physical cryptanalysis points out that the naive implementation of cryptographic algorithms does not provide security anymore. There are two victims of the physical attacks in many public-key cryptosystems: the modular exponentiation and scalar multiplication algorithms. Since both the modular exponentiation and scalar multiplication are the important and main operations in various public-key cryptosystems, much attention has recently been paid regarding the security issues of these algorithms against physical cryptanalysis. In the first half of this thesis, we first introduce Joye's downward exponentiation countermeasure, and then show that Joye's method is still vulnerable to one powerful power analysis attack. Furthermore, we propose two more secure exponentiation countermeasures to eliminate the security weakness of Joye's method. The performance of both improved countermeasures is almost same as Joye's. In the second half of this thesis, we analyze the vulnerability of Zhang et al's scalar multiplication countermeasure under the memory safe-error attack. Then two better countermeasures against physical attacks including memory safe-error attack are proposed. Compared with Zhang et al's countermeasure, two proposed countermeasures both achieve higher security and better performance.
