|
[1] C. AumÄuller, P. Bier, W. Fischer, P. Hofreiter, and J.-P. Seifert, Fault At- tacks on RSA with CRT: Concrete Results and Practical Countermeasures," In Cryptographic Hardware and Embedded Systems { CHES '02, LNCS 2523, pp. 260{275, Springer-Verlag, 2003. [2] M. K. Ahn, J.C. Ha, H. J. Lee, and S. J. Moon, Random M-ary Method Based Countermeasure against Side Channel Attacks," In International Conference on Computational Science and Its Applications { ICCSA '03, LNCS 2668, pp. 338{ 347, Springer-Verlag, 2003. [3] T. Akishita and T. Takagi, ero-Value Point Attacks on Elliptic Curve Cryp- tosystem," In Information Security Conference { ISC '03, LNCS 2851, pp. 218{ 233, Springer-Verlag, 2003. [4] E. Brier, C. Clavier, and F. Olivier, Correlation Power Analysis with a Leak- age Model," In Cryptographic Hardware and Embedded Systems { CHES '04, LNCS 3156, pp. 16{29, Springer-Verlag, 2004. [5] D. Boneh, R. A. DeMillo, and R. J. Lipton, On the Importance of Check- ing Cryptographic Protocols for Faults," In Advances in Cryptology { EURO- CRYPT'97, LNCS 1233, pp. 37{51, Springer-Verlag, 1997. [6] D. Boneh, R. A. DeMillo, and R. J. Lipton, On the Importance of Eliminating Errors in Cryptographic Computations," In Journal of Cryptology, Vol. 14, No. 2, pp. 101{119, Springer-Verlag, 2001. [7] R. Bevan and E. Knudsen, Ways to Enhance Di®erential Power Analysis," In International Conference on Information Security and Cryptology { ICISC '02, LNCS 2587, pp. 327{342, Springer-Verlag, 2003. [8] M. Bellare and P. Rogaway, Optimal Asymetric Encryption - How to Encrpt with RSA," In Advances in Cryptology { EUROCRYPT'94, LNCS 950, pp. 92{ 111, Springer-Verlag, 1994. [9] E. Biham and A. Shamir, Di®erential Fault Analysis of Secret Key Cryptosys- tems," In Advances in Cryptology { CRYPTO'97, LNCS 1294, pp. 513{525, Springer-Verlag, 1997. [10] C. Clavier, J.-S. Coron, and N. Dabbous, Di®erential Power Analysis in the Presence of Hardware Countermeasures," In Cryptographic Hardware and Em- bedded Systems { CHES '00, LNCS 1965, pp. 252{263, Springer-Verlag, 2000. [11] B. Chevallier-Mames, M. Ciet, and M. Joye, Low-Cost Solutions for Preventing Simple Side-Channel Analysis: Side-Channel Atomicity," In IEEE Transaction on Computers, Vol. 53, No. 6, pp. 760{768, 2004. [12] C. Clavier and M. Joye, Universal Exponentiation Algorithm: A First Step towards Provable SPA-resistance," In Cryptographic Hardware and Embedded Systems { CHES '01, LNCS 2162, pp. 300{308, Springer-Verlag, 2001. [13] S. Chari, C. Jutla, J. R. Rao, and P. Rohatgi, A Cautionary Note Regarding Evaluation of AES Candidates on Smart Cards," In Second Advanced Encryp- tion Standard Candidate Conference, pp. 135{150, 1999. [14] B. Chevallier-Mames, Self-Randomized Exponentiation Algorithms," In Cryp- tographer's Track RSA Conference - CT-RSA '04, LNCS 2964, pp. 236{249, Springer-Verlag, 2004. [15] J.-S. Coron, Resistance against Di®erential Power Analysis for Elliptic Curve Cryptosystems," In Cryptographic Hardware and Embedded Systems { CHES '99, LNCS 1717, pp. 292{302, Springer-Verlag, 1999. [16] National Bureau of Standards, Data Encryption Standard,"U.S. Department of Commerce, FIPS Pub. 46, January 1997. [17] W. Di±e and M. E. Hellman, Multiuser Cryptographic Techniques," In AFIPS National Computer Conference, Vol. 45, pp. 109{112, 1976. [18] W. Di±e and M. E. Hellman, New Directions in Cryptography," In IEEE Transactions on Information Theory, Vol. 22, No. 6, pp. 644{654, 1976. [19] J. F. Dhem, F. Koeune, P. A. Leroux, P. Mestre, J.-J. Quisquater, and J. L. Willems, A Practical Implementation of the Timing Attack," In Smart Card Research and Advanced Application Conference { CARDIS '98, LNCS 1820, pp. 167{182, Springer-Verlag, 2000. [20] ÄO E·gecio·glu and C. K. Koc, Exponentiation Using Canonical Recoding," In Theoretical computer science, Vol. 129, pp. 407{417, 1994. [21] T. ElGamal, A Public-Key Cryptosystem and a Signature Scheme Based on Discrete Logarithms," In Advances in Cryptology { CRYPTO'84, LNCS 196, pp. 10{18, Springer-Verlag, 1985. [22] U. Feige, A. Fiat, and A. Shamir, ero Knowledge Proofs of Identity," In Journal of Cryptology, Vol. 1, No. 2, pp. 77{94, 1988. [23] P.-A. Fouque, G. Martinet, and G. Poupard, Attacking Unbalanced RSA-CRT Using SPA," In Cryptographic Hardware and Embedded Systems - CHES '03, LNCS 2779, pp. 254{268 , Springer-Verlag, 2003. [24] P.-A. Fouque, F. Muller, G. Poupard, and F. Valette, Defeating Countermea- sure Based on Randomized BSD Representations," In Cryptographic Hardware and Embedded Systems - CHES '04, LNCS 3156, pp. 312{327, Springer-Verlag, 2004. [25] P.-A. Fouque and F. Valette, The Doubling Attack - Why Upwards is Bet- ter than Downwards," In Cryptographic Hardware and Embedded Systems - CHES '03, LNCS 2779, pp. 269{280, Springer-Verlag, 2003. [26] D. M. Gordon, A Survey of Fast Exponentiation Methods," In Journal of Algorithms, Vol. 27, pp. 129{146, 1998. [27] L. Goubin, A Re‾ned Power-Analysis Attack on Elliptic Curve Cryptosys- tems," In Public Key Cryptography { PKC'03, LNCS 2567, pp. 199{210, Springer-Verlag, 2003. [28] G. Hachze, F. Koeune, and J.-J. Quisquater, Timing Attack: What can be Achieved by a Powerful Adversary?," In 20th Symposium on Information The- ory in the Benelux, pp. 63{70, 1999. [29] J. C. Ha and S. J. Moon, Randomized Signed-Scalar Multiplication of ECC to Resist Power Attacks," In Cryptographic Hardware and Embedded Systems { CHES '02, LNCS 2523, pp. 551{563, Springer-Verlag, 2003. [30] D.-G. Han, K. Okeya, T. H. Kim, Y. S. Hwang, Y.-H. Park, and S. Jung, Cryptanalysis of the Countermeasures Using Randomized Binary Signed Dig- its," In Applied Cryptography and Network Security { ACNS '04, LNCS 3089, pp. 398{413, Springer-Verlag, 2004. [31] H. Handschuh, P. Paillier, and J. Stern, Probing Attacks on Temper-Resistant Devices," In Cryptographic Hardware and Embedded Systems { CHES '99, LNCS 1717, pp. 303{315, Springer-Verlag, 1999. [32] K. Itoh, T. Izu, and M. Takennake Address-Bit Di®erential Power Analysis of Cryptographic Schemes OK-ECDH and OK-ECDSA," In Cryptographic Hard- ware and Embedded Systems { CHES '02, LNCS 2523, pp. 129{143, Springer- Verlag, 2003. [33] K. Itoh, T. Izu, and M. Takennake A Practical Countermeasure against Address-Bit Di®erential Power Analysis," In Cryptographic Hardware and Em- bedded Systems { CHES '03, LNCS 2779, pp. 382{396, Springer-Verlag, 2003. [34] K. Itoh, J. Yajima, T. Takenaka, and N. Torii, DPA Countermeasure by Im- proving the Window Method," In Cryptographic Hardware and Embedded Sys- tems { CHES '02, LNCS 2523, pp. 303{317, Springer-Verlag, 2002. [35] M. Joye, A. K. Lenstra, and J.-J. Quisquater, Chinese Remaindering Based Cryptosystems in the Presence of Faults," In Journal of Cryptology, Vol. 12, No. 4, pp. 241-245, 1999. [36] M. Joye and S. M. Yen, The Montgomery Powering Ladder," In Crypto- graphic Hardware and Embedded Systems { CHES '02, LNCS 2523, pp. 291{302, Springer-Verlag, 2003. [37] N. Koblitz, Elliptic Curve Cryptosystems," In Mathematics of Computation, Vol. 48, pp. 203{209, 1987. [38] P. Kocher, Timing Attacks on Implementations of Di±e-Hellman, RSA, DSS, and Other Systems," In Advances in Cryptology { CRYPTO'96, LNCS 1109, pp. 104{113, Springer-Verlag, 1996. [39] P. Kocher, J. Ja®e, and B. Jun, Di®erential Power Analysis," In Advances in Cryptology { CRYPTO'99, LNCS 1666, pp. 388{397, Springer-Verlag, 1999. [40] F. Koeune and J.-J. Quisquater, A Timing Attack against Rijndael," In Tech- nical Report CG-1999/1, Universit¶e catholique de Louvain, June 1999. [41] D. E. Kunth, Seminumerical Algorithm," In The Art of Computer Program- ming, Vol. 2, Addison-Wesley, 1981. [42] A. K. Lenstra, Memo on RSA Signature Generation in the Presence of Faults," manuscript, Sept. 28, 1996. [43] S. Moore, R. Anderson, P. Cunningham, R. Mullins, and G. Taylor, Improving Smart Card Security using Self-timed Circuits," In IEEE International Sym- posium on Asynchronous Circuits and Systems { ASYNC'02 , pp. 211{218, 2002. [32] K. Itoh, T. Izu, and M. Takennake Address-Bit Di®erential Power Analysis of Cryptographic Schemes OK-ECDH and OK-ECDSA," In Cryptographic Hard- ware and Embedded Systems { CHES '02, LNCS 2523, pp. 129{143, Springer- Verlag, 2003. [33] K. Itoh, T. Izu, and M. Takennake A Practical Countermeasure against Address-Bit Di®erential Power Analysis," In Cryptographic Hardware and Em- bedded Systems { CHES '03, LNCS 2779, pp. 382{396, Springer-Verlag, 2003. [34] K. Itoh, J. Yajima, T. Takenaka, and N. Torii, DPA Countermeasure by Im- proving the Window Method," In Cryptographic Hardware and Embedded Sys- tems { CHES '02, LNCS 2523, pp. 303{317, Springer-Verlag, 2002. [35] M. Joye, A. K. Lenstra, and J.-J. Quisquater, Chinese Remaindering Based Cryptosystems in the Presence of Faults," In Journal of Cryptology, Vol. 12, No. 4, pp. 241-245, 1999. [36] M. Joye and S. M. Yen, The Montgomery Powering Ladder," In Crypto- graphic Hardware and Embedded Systems { CHES '02, LNCS 2523, pp. 291{302, Springer-Verlag, 2003. [37] N. Koblitz, Elliptic Curve Cryptosystems," In Mathematics of Computation, Vol. 48, pp. 203{209, 1987. [38] P. Kocher, Timing Attacks on Implementations of Di±e-Hellman, RSA, DSS, and Other Systems," In Advances in Cryptology { CRYPTO'96, LNCS 1109, pp. 104{113, Springer-Verlag, 1996. [39] P. Kocher, J. Ja®e, and B. Jun, Di®erential Power Analysis," In Advances in Cryptology { CRYPTO'99, LNCS 1666, pp. 388{397, Springer-Verlag, 1999. [40] F. Koeune and J.-J. Quisquater, A Timing Attack against Rijndael," In Tech- nical Report CG-1999/1, Universit¶e catholique de Louvain, June 1999. [41] D. E. Kunth, Seminumerical Algorithm," In The Art of Computer Program- ming, Vol. 2, Addison-Wesley, 1981. [42] A. K. Lenstra, Memo on RSA Signature Generation in the Presence of Faults," manuscript, Sept. 28, 1996. [43] S. Moore, R. Anderson, P. Cunningham, R. Mullins, and G. Taylor, Improving Smart Card Security using Self-timed Circuits," In IEEE International Sym- posium on Asynchronous Circuits and Systems { ASYNC'02 , pp. 211{218, 2002. [44] S. Moore, R. Anderson, R. Mullins, G. Taylor, and J. Fournier, Balanced Self-Checking Asynchronous Logic for Smart Card Application," In Journal of Microprocessors and Microsystems, Vol. 27, No. 9, pp. 421{430, 2003. [45] S. Mangard, A Simple Power-Analysis (SPA) Attack on Implementations of the AES Key Expansion," In International Conference on Information Security and Cryptology { ICISC '02, LNCS 2587, pp. 343{358, Springer-Verlag, 2003. [46] R. Mayer-Sommer,Smartly Analyzing the Simplicity and the Power of Sim- ple Power Analysis on Smartcards," In Cryptographic Hardware and Embedded Systems { CHES '00, LNCS 1965, pp. 78{92, Springer-Verlag, 2000. [47] T. S. Messerges, E. A. Dabbish, and R. H. Sloan, Power Analysis Attacks of Modular Exponentiation in Smartcards," In Cryptographic Hardware and Em- bedded Systems { CHES '99, LNCS 1717, pp. 144{157, Springer-Verlag, 1999. [48] T. S. Messerges, Using Second-Order Power Analysis to Attack DPA Resis- tant Software," In Cryptographic Hardware and Embedded Systems { CHES '00, LNCS 1965, pp. 238{251, Springer-Verlag, 2000. [49] H. Mamiya, A. Miyaji, and H. Morimoto, E±cient Countermeasures against RPA, DPA, and SPA," In Cryptographic Hardware and Embedded Systems { CHES '04, LNCS 3156, pp. 343{356, Springer-Verlag, 2004. [50] D. May, H. L. Muller, and N. P. Smart, Non-deterministic Processors," In Australasian Conference on Information Security and Privacy { ACISP '01, LNCS 2119, pp. 115{129, Springer-Verlag, 2001. [51] D. May, H. L. Muller, and N. P. Smart, Random Register Renaming to Foil DPA," In Cryptographic Hardware and Embedded Systems { CHES '01, LNCS 2162, pp. 28{38, Springer-Verlag, 2001. [52] A. J. Menezes, P. C. van Oorschot, and S. A. Vanstone, Handbook of applied cryptography," CRC Press, 1997. [53] R. Novak, Sign-Based Di®erential Power Analysis," In Workshop on Infor- mation Security Applications { WISA '03, LNCS 2908, pp. 203{216, Springer- Verlag, 2003. [54] E. Oswald, Enhancing Simple Power-Analysis Attacks on Elliptic Curve Cryp- tosystems," In Cryptographic Hardware and Embedded Systems { CHES '02, LNCS 2523, pp. 82{97, Springer-Verlag, 2003. [55] E. Oswald and K. Aigner, Randomized Addition-Subtraction Chain as a Coun- termeasure against Power Attacks," In Cryptographic Hardware and Embedded Systems { CHES '01, LNCS 2162, pp. 39{50, Springer-Verlag, 2001. [56] K. Okeya and D.-G. Han, Side Channel Attack on Ha-Moon's Countermeasure of Randomized Signed Scalar Multiplication," In International Conference on Cryptology in India { INDOCRYPT'03, LNCS 2904, pp. 334{348, Springer- Verlag, 2003. [57] K. Okeya and K. Sakuria, On Insecurity of the Side Channel Attack Counter- measure Using Addition-Subtraction Chains under Distinguishability between Addition and Doubling," In Australasian Conference on Information Security and Privacy { ACISP '02, LNCS 2384, pp. 420{435, Springer-Verlag, 2002. [58] K. Okeya and K. Sakuria, A Second-Order DPA Attack Breaks a Window- Method Based Countermeasure against Side Channel Attacks," In Information Security Conference { ISC '02, LNCS 2433, pp. 389{401, Springer-Verlag, 2002. [59] K. Okeya and K. Sakuria, A Multiple Power Analysis Breaks the Ad- vanced Version of the Randomized Addition-Subtraction Chains Countermea- sure against Side Channel Attacks," In IEEE Information Theory Workshop { ITW'03, pp. 175{178, 2003. [60] P. L. Montgomery, Speeding the Pollard and Elliptic Curve Methods of Fac- torization," Mathematics of Computation, Vol. 48, pp. 243{264, 1987. [61] J.-J. Quisquater and C. Couvreur, Fast Decipherment Algorithm for RSA Public-key Cryptosystem," In Electronics Letters, Vol. 18, No. 21, pp. 905{907, 1982. [62] M. O. Rabin, Digital Signatures and Public-Key Functions as Intractable as Factorization," In MIT Laboratory for Computer Science, Technical Report, MIT/LCS/TR-212, Jan 1979. [63] G. W. Reitwiesner, Binary Arithmetic," In Advances in Computers, Vol. 1, pp. 231{308, 1960. [64] C. Rechberger and E. Oswald, Security of IEEE 802.11 Considering Power and EM Side-Channel Information," In Computing, Communications and Control Technologies { CCCT'04, Vol. 7, pp. 129{133, 2004. [65] J. R. Rao, P. Rohatgi, H. Scherzer, and S. Tinguely, Partitioning Attacks: Or How to Rapidly Clone Some GSM Cards," In IEEE Symposium on Security and Privacy, pp. 31{44, 2002. [66] R. L. Rivest, A. Shamir, and L. Adleman, A Method for Obtaining Digital Signatures and Public-key Cryptosystem," In Communication of ACM, Vol. 21, No. 2, pp. 120{126, 1978. [67] W. Schindler, A Timing Attack against RSA with the Chinese Remainder Theorem," In Cryptographic Hardware and Embedded Systems { CHES '00, LNCS 1965, pp. 109{124, Springer-Verlag, 2000. [68] C. Schnorr, E±cient Signature Generation by Smart Cards," In Journal of Cryptology, Vol. 4, No. 3, pp. 161{174, 1991. [69] A. Shamir, Method and Apparatus for Protecting Public Key Schemes from Timing and Fault Attacks," In United States Patent 5991415, November 23, 1999. [70] S. G. Sim, D. J. Park, and P. J. Lee, New Power Analysis on the Ha-Moon Algorithm and MIST Algorithm," In International Conference on Information and Communications Security { ICICS '04, LNCS 3269, pp. 291{304, Springer- Verlag, 2004. [71] C. D. Walter, Sliding Windows Succumbs to Big Mac Attack," In Crypto- graphic Hardware and Embedded Systems { CHES '01, LNCS 2162, pp. 286{299, Springer-Verlag, 2001. [72] C. D. Walter, MIST: An E±cint, Randomized Exponentiation Algorithm for Resisting Power Analysis," In Cryptographer's Track RSA Conference { CT- RSA '02, LNCS 2271, pp. 53{66, Springer-Verlag, 2002. [73] C. D. Walter, Simple Power Analysis of Uni‾ed Code for ECC Double and Add," In Cryptographic Hardware and Embedded Systems { CHES '04, LNCS 3156, pp. 191{204, Springer-Verlag, 2004. [74] J. Waddle and D. Wagner, Towards E±cient Second-Order Power Analysis," In Cryptographic Hardware and Embedded Systems { CHES '04, LNCS 3156, pp. 1{15, Springer-Verlag, 2004. [75] S. M. Yen and M. Joye, Checking before Output may not be Enough against Fault-based Cryptanalysis," In IEEE Transaction on Computers, Vol. 49, No. 9, pp. 967{970, 2000. [76] S. M. Yen, S. J. Kim, S. G. Lim, and S. J. Moon, A Countermeasure against One Physical Cryptanalysis may Bene‾t Another Attack," In International Conference on Information Security and Cryptology { ICISC '01, LNCS 2288, pp. 414{427, Springer-Verlag, 2002. [77] S. M. Yen, S. J. Kim, S. G. Lim, and S. J. Moon, RSA Speedup with Residue Number System Immune against Hardware Fault Cryptanalysis," In International Conference on Information Security and Cryptology { ICISC '01, LNCS 2288, pp. 397{413, Springer-Verlag, 2002. [78] S. M. Yen, S. J. Kim, S. G. Lim, and S. J. Moon, RSA Speedup with Chinese Remainder Theorem Immune against Hardware Fault Cryptanalysis," In IEEE Transaction on Computers, Vol. 52, No. 4, pp. 461{472, 2003. [79] S. M. Yen and C. S. Laih, Fast Algorithm for the LUC Digital Signature Com- putation," In IEE proceedings: Computers and Digital Techniques, Vol. 142, No. 2, pp. 165{169, 1995. [80] S. M. Yen, S. J. Moon, and J. C. Ha, Hardware Fault Attack on RSA with CRT Revisited," In International Conference on Information Security and Cryptol- ogy { ICISC '02, LNCS 2587, pp. 374{388, Springer-Verlag, 2003. [81] S. M. Yen, S. J. Moon, and J. C. Ha, Permanent Fault Attack on RSA with CRT," In Australasian Conference on Information Security and Privacy { ACISP '03, LNCS 2727, pp. 285{296, Springer-Verlag, 2003.
|