Abstract
The execution flow of the binary extended Euclidean algorithm (BEEA) is heavily dependent on its inputs. Taking advantage of that fact, this work presents a novel simple power analysis (SPA) of this algorithm that reveals some exploitable power consumption-related leakages. The exposed leakages make it possible to retrieve some bits of the algorithm’s secret input without profiling the target device. The identified vulnerabilities can be exploited in many cryptographic protocols where the modular inversion operation is applied to a secret argument. In this work, the ECDSA protocol is used to exemplify how the presented SPA can be used to disclose in about 2 min all standardized private key sizes using less than 800 traces. In the context of ECDSA, a countermeasure previously proposed to mitigate a timing leakage during scalar multiplication is also analyzed, showing that, when it is improperly implemented, it enhances the proposed bit recovery method. Three countermeasures for removing SPA leakages from a BEEA implementation are also analyzed.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
