姓名 吳明勳(Ming-Hsun Wu) 畢業系所 資訊工程學系
論文名稱 RSA公開金鑰系統之實體密碼分析研究
(The Research of RSA Implementations against Physical Cryptanalysis)
摘要(中) 隨著網路科技的快速進步,過去繁瑣的溝通程序都可以藉由網路的便利性來快速完成,也刺激了人們對資訊安全的重視。然而,從今日的角度來觀察,傳統密碼學的架構並不能完全符合網路環境的需求。無疑地,在網路的環境下,公開金鑰系統是傳統密碼學的最佳替代方案,它不只提供保護資料隱密的加密機制,也提供驗證身份的簽章機制。因此,保障公開金鑰系統的安全性是目前學者努力的課題之ㄧ。
本論文的另一重點主要是分析由Coron所提出之簡單能量防禦法(square-and-multiply always method)的安全性。由於Coron的簡單能量防禦法會遭受安全錯誤攻擊法(safe error attack)的攻擊,因此,本論文將提出兩個防禦安全錯誤攻擊法的防禦機制,這兩個防禦機制只需要額外一個模乘法的運算複雜度。最後將提出地防禦機制延伸到能量攻擊法的防禦法中,並且討論其效能及安全性。
摘要(英) The rapid development of network technology
stimulates a strong demand for information security. However, the
conventional cryptography is not able to meet some requirements
for network environment. Undoubtedly, public-key systems are the
most adaptive replacement for conventional cryptosystems. They
provide not only traditional cryptographic applications, but also
authentication. Thus, to guarantee the security of public-key
systems has became an essential issue in modern cryptography.
pq Besides, in the past half-decade, physical cryptanalyses have
also attracted more and more attentions, especially if the
cryptographic operations run on temper resistant devices, such as
smart cards. Various types of physical cryptanalysis were
introduced and a large number of researches was devoted to power
analysis attacks. In this thesis, we help the robustness of the
RSA algorithm, which is the most widespread public-key system
nowadays, against physical cryptanalysis.
pq One consideration of this thesis is to prevent the RSA
exponentiation from power analysis attacks. An efficient
countermeasure against power analysis attacks is proposed. It is
shown that this countermeasure is more efficient and requires less
memory spaces than the previous works.
pq Another is to analyze the weakness of the square-and-multiply
always method, which is one sort of SPA countermeasure, under safe
error attacks. Two simple methods against safe error attacks are
suggested. Finally, an extension of the proposed countermeasure is
given along with the completed security and efficiency
關鍵字(中) ★ 錯誤攻擊法
★ 能量攻擊法
★ 公開金鑰系統
★ 實體密碼分析
★ 防禦
關鍵字(英) ★ power analysis attack
★ fault-based cryptanalysis
★ countermeasure
★ physical cryptanalysis
論文目次 Contents
1 Introduction 1
1.1 Motivation.......................................................1
1.2 Overview of the Thesis...........................................2
2 Review of RSA Algorithm 5
2.1 Principles of Public-Key Cryptosystems...........................5
2.1.1 Framework of public-key cryptosystems..........................6
2.1.2 Applications for public-key cryptosystems......................7
2.2 The RSA Algorithm................................................8
2.2.1 Description of RSA................ ............................9
2.2.2 Exponentiation algorithms.....................................10
3 Review of Power Analysis Attack against RSA 14
3.1 Overview of Power Analysis Attack...............................14
3.2 Simple Power Analysis-SPA.......................................15
3.2.1 Cryptanalysis procedures......................................15
3.2.2 Possible countermeasures......................................16
3.3 Differential Power Analysis-DPA.................................18
3.3.1 Cryptanalysis procedures......................................19
3.3.2 Possible countermeasures......................................19
3.4 Address-bit Differential Power Analysis-ADPA....................23
3.4.1 Cryptanalysis procedures......................................23
3.4.2 Possible countermeasures......................................24
4 Randomized Exponentiation Algorithm 27
4.1 Motivation......................................................27
4.2 Proposed Countermeasure.........................................27
4.2.1 Randomly swap variables.......................................28
4.2.2 Randomly split exponent.......................................29
4.2.3 A countermeasure against power analysis.......................30
4.2.4 Apply to L-to-R RSA algorithm.................................33
4.3 Security Analysis...............................................34
4.4 Comparison......................................................35
4.5 Summary.........................................................37
5 An Improvement of the SPA Resistant Algorithms....................40
5.1 Motivation......................................................40
5.2 Vulnerability of the Square-and-multiply Always Method..........41
5.2.1 Memory safe error attack......................................41
5.2.2 Computational safe error attack...............................42
5.2.3 A conclusion of safe error attack.............................42
5.3 An Improvement against M-SEA ...................................43
5.4 An Improvement against C-SEA....................................45
5.5 Extension of Randomized Exponentiation Algorithm................46
5.5.1 The extended countermeasure...................................46
5.5.2 Security analysis on the Montgomery power ladder..............48
5.5.3 Comparisons...................................................49
5.6 Summary.........................................................50
6 Conclusions 52
6.1 Brief Review of Main Contributions..............................52
6.2 Further Research Topics and Directions..........................53
指導教授 顏嵩銘(Sun-Ming Yen) 審核日期 2004-6-24
