In this paper, we will report practical modifications of the side-channel analysis to (EC)DSA , , ,  that Leadbitter et al. have proposed in . To apply the analyses, we assume that the window method is used in the exponentiation or elliptic curve (EC) scalar multiplication and the side-channel information described in Sect. 3.2 can be collected. So far, the method in  hasn't been effective when the size q of a cyclic group used in (EC)DSA is 160 bit long and the window size w < 9. We show that the modified method we propose in this paper is effective even when q is 160 bit long and w = 4. This shows that our method is effective for various practical implementations, e.g., that in resource restricted environment like IC card devises. First, we estimate the window size w necessary for the proposed analyses (attacks) to succeed. Then by experiment of the new method, we show that private keys of (EC)DSA can be obtained under the above assumptions, in practical time and with sufficient success rate. The result raises the necessity of countermeasures against the analyses (attacks) in the window method based implementation of (EC)DSA.
|ジャーナル||IEICE Transactions on Fundamentals of Electronics, Communications and Computer Sciences|
|出版ステータス||Published - 2006 5月|
ASJC Scopus subject areas
- コンピュータ グラフィックスおよびコンピュータ支援設計