Resilience of Randomized RNS Arithmetic with Respect to Side-Channel Leaks of Cryptographic Computation

Abstract

In this paper, we want to promote the influence of randomized arithmetic on the leaks during a code execution. When somebody wants to extract some specific information from these leaks, one can observe different emanations of the device like power consumption. These leaks mostly come from the variations of the Hamming distances of the successive states of the system. This phenomenon is particularly critical for cryptographic devices. Our work evaluates the resilience of randomized moduli in Residue Number System (RNS) against Correlation Power Analysis (CPA), Differential Power Analysis (DPA). Our analysis is illustrated through the evaluation of scalar multiplication on an elliptic curve using the Montgomery Powering Ladder (MPL) algorithm which protects from Simple Power Analysis (SPA). We also propose an evaluation based on the Maximum Likelihood Estimator (MLE), which crosses the information of the whole state vector, instead of analysing only the current state like with CPA or DPA. Furthermore, MLE gives better performance and smooths the results allowing a better evaluation of the behaviour of the leakage. Our experimental evaluation suggests that the number of observations, needed to perform exploitable information leakage, is proportional to the number of possible RNS bases.