IACR News item: 22 July 2013
Karine Gandolfi-Villegas, Nabil Hamzi
ePrint Reportused in RSA and in elliptic curves based algorithms. Due to classical
differential power analysis (DPA and CPA), a lot of countermeasures to
protect exponents have been proposed since 1999 Kocher [20] and by
Coron [13]. However, these blinding methods present some drawbacks
regarding execution time and memory cost. It also got some weaknesses.
Indeed they could also be targeted by some attacks such as The Carry
Leakage on the Randomized Exponent proposed by P.A. Fouque et al.
in [23] or inefficient against some others analysis such as Single Power
Analysis. In this article, we explain how the most used method could
be exploited when an attacker can access test samples. We target here
new dynamic blinding methods in order to prevent from any learning
phase and also to improve the resistance against the latest side channel
analyses published.
Additional news items may be found on the IACR news page.