To construct high level secure communication system: CTMI is not enough

Abstract

Public key cryptographic (PKC) algorithms, such as the RSA, elliptic curve digital signature algorithm (ECDSA) etc., are widely used in the secure communication systems, such as OpenSSL, and a variety of information security systems. If designer do not securely implement them, the secret key will be easily extracted by side-channel attacks (SCAs) or combinational SCA thus mitigating the security of the entire communication system. Previous countermeasures of PKC implementations focused on the core part of the algorithms and ignored the modular inversion which is widely used in various PKC schemes. Many researchers believe that instead of straightforward implementation, constant time modular inversion (CTMI) is enough to resist the attack of simple power analysis combined with lattice analysis. However, we find that the CTMI security can be reduced to a hidden t-bit multiplier problem. Based on this feature, we firstly obtain Hamming weight of intermediate data through side-channel leakage. Then, we propose a heuristic algorithm to solve the problem by revealing the secret (partial and full) base of CTMI. Comparing previous necessary input message for masking filtering, our procedure need not any information about the secret base of the inversion. To our knowledge, this is the first time for evaluating the practical security of CTMI and experimental results show the fact that CTMI is not enough for high-level secure communication systems.