Implementation Of Square-and-Multiply Algorithm For RSA Using MSP430- Average Number Of Cycles Per Execution And Cycles For A Full 1024-bit Exponent Exponentiation

Di?erential Power Analysis (DPA) on AES

1.

Implement the Square-and-Multiply algorithm to compute s^e mod n of two long numbers in C for the MSP430. Use the supplied template and the functions from the longnum lib (ln_add(), ln_multiply(), ln_square()). Note that the template performs RSA signature verification for the short exponent e = 17 = (10001)₂. Hence, we here assume that e is passed as a 16-bit word, in reality e would be a long number as well. Note that your implementation should be correct for all other valid 16-bit exponents as well.

Report: Give the average number of cycles per execution of the exponentiation for e = 17. Extrapolate how many cycles a full 1024-bit exponent exponentiation would consume (assume that 50% of the exponent bits are 1).

In this task, we target a are given an (toy) implementation of RSA (with only 256 bit operands and 32-bit key) for the MSP430, similar to the one you developed in Task 1. In this particular implementation, the developer has implemented an “optimization” for the squaring, which has made the squaring four times slower than a multiplication. Further note that for the modular reduction, Barrett reduction is used, which consumes an additional multiplications per modular reduction.

To trigger an RSA operation repeatedly, use the script repeat_rsa.py. Make sure to set your group number in this file first (GROUP_NUMBER should be set to your group number minus 1). repeat_rsa.py has to run as root, i.e., call it with sudo python repeat_rsa.py. Your tasks (first three subtasks have to be done in the lab) are:

1. Set up the oscilloscope so that it captures a full RSA operation. Channel 1 should be the side-channel trace, channel 2 the trigger signal (P1.3). For this task, repeat_rsa.py is useful. Take a screenshot (green “Printer” button) of the configuration (you need to connect a USB stick as storage to the front port of the oscilloscope). Also take a photograph of the measurement setup for your report.

2. For the first 5 bit of the exponent, manually extract the sequence of operations (Square = S, Multiply = M). With this, determine the value of the upper 6 bits of the exponent. This task is best solved using the oscilloscope user interface (stop, then use horizontal scale and position buttons). Also take a screenshot of the (zoomed) parts that belong to a multiplication and a squaring, respectively.

3. Plot a complete acquired trace, which is already provided in trace_filtered.dat. In the file trace_filtered.dat, the waveform is stored as a simple sequence of 8-bit signed integer values (-128–127). The provided script load_trace.py gives an example how to load such a file.

4. Write a program in the language of your choice (see above for recommendations) that automatically performs an SPA and extracts and prints the exponent (in binary and hex) for the file trace_filtered.dat. Since some filtering is required, you are this time given a pre-recorded and pre-processed trace trace_filtered.dat. The script filter_trace.py has been used to generate the filtered trace (this program is only given if you are interested, not required for solving the assignment).

In this task, your goal is to implement DPA on an AES reference implementation. To guarantee that all groups work on the same data, a set aes_traces.zip of 1300 traces is provided with the assignment. The file format is the same as for the previous task. The traces are already cut so that they only contain the clock cycle of interest. Each trace is 401 sample points long.

The traces are numbered starting at zero, i.e., trace0.dat is the first trace, and so on. In inputs.txt, the corresponding input values are given as hex ASCII values. Each line is the input for one trace, i.e., the first line is the input for trace0.dat, and so on. Your tasks are:

1. Implement a program that reads the first l traces, plots them (all overlayed into one plot), and loads prints the first byte of the corresponding input values. Include the result (the plot and the byte values) for l = 10 in your report.

2. Implement a function that takes the first input byte x, a key candidate byte k, and returns the value after the AES S-Box, i.e., y = S  x      k .

3. Implement a function that returns the most-significant bit of a given byte.

4. Connect the above functions to implement the actual DPA to recover the first byte of the key k: Your program should take the trace set, inputs.txt, and the number of traces l as input. It should output the di?erence-of-means curves for all key candidates                                                                                                          

k = 0 . . . 15 (for time reasons, it is not required to test all values k = 0 . . . 255). Find the di?erence-of-means curve with the highest peak to identify the correct key candidate.

Please include the solution to the following problems in the report. Note that similar que-stions may be asked in the exam, hence, avoid using any tool apart from pen & paper and a normal calculator. You are allowed to solve this by hand and include a (good quality, readable) scan or photo in the report.

The goal of this task is to apply the Bellcore and Lenstra attacks covered in the lecture. You are given the following RSA-CRT parameters:

n = 91, e = 5

You are also given a correct signature s = 48 on the plaintext x = 55, and a faulty one s⁰ = 35 on the same plaintext. Using both the Bellcore and Lenstra method, recover the factors p and q of n. Show your intermediate results. What is the advantage of the Lenstra method?

In this task, we will deal with countermeasures against FI and SCA-based attacks. Briefly answer the following questions

1. Explain the main di?erence between detection-based and algorithmic countermeasures against FI.

2. Assume a fault in an RSA-CRT implementation can be induced by a power glitch. Describe (a) a detection-based and (b) an algorithmic FI countermeasure.

3. Describe how the SPA attack from Task 2 could be prevented.

4. Why does randomization in time make both FI and side-channel attacks harder?

5. Which e?ect does increasing the amplitude noise have on the number of required traces for a DPA or Correlation Power Analysis (CPA)? Assuming perfect time synchroni-zation, is increasing the noise a suitable countermeasure if the adversary can acquire many traces?

INTRODUCTION

In the computer security, the side channel attack can be defined as an attack in view of information that is picked from a physical usage of the computer framework, this is as opposed to shortcomings that are in the actualized calculations.

Control use ,Information timing, electromagnetic discharges or/ and even strong will give out an extra wellspring of information, this is which will be manhandled to break the system. Some side-station attacks needs specific learning of the inside action of the system, in spite of the way that others, for instance, differential power examination are fruitful as revelation strikes. The rising of Web 2.0 applications and the programming as-an advantage has furthermore in a general sense raised the probability of the side-channel ambushes on the web, despite when transmissions between a web program and server are mixed (e.g., through HTTPS or WiFi encryption), as demonstrated by experts from Microsoft Research and Indiana University. Numerous able side-channel strikes rely upon quantifiable methodologies initiated by Paul Kocher

Attempts to break down the cryptosystem by dumbfounding or compelling people with honest to goodness get to are not consistently seen as side-channel attacks: check social building and versatile hose cryptanalysis. The strikes on PC structures themselves that are routinely used to perform cryptography thus they contain cryptographic keys and also plaintexts

void createBinaryArray(uint32_t array[], uint32_t exponent, uint32_t* highestPosition) {

for(int bitposition = ((8 * sizeof exponent) - 1); bitposition >= 0; bitposition--) {

array[bitposition] = (exponent >> bitposition & 1); if(*highestPosition == 0 && array[bitposition] == 1) {

*highestPosition = bitposition;}}}void printSAM(uint32_t highestPosition, uint32_t array[], uint32_t base, uint32_t modulus){uint32_t tempExp = 1, tempValue = base;for(int i = highestPosition-1; i >= 0; i--){ if(array[i] == 1){tempValue = (tempValue*tempValue)%modulus;tempExp *= 2; printf("Square : ");

printf("%u^%u = %u mod %un", base, tempExp, tempValue, modulus); tempValue = (tempValue*base)%modulus; tempExp += 1; printf("Multiply: ");

 printf("%u^%u = %u mod %un", base, tempExp, tempValue, modulus); } else {

 tempValue = (tempValue*tempValue)%modulus;

tempExp *= 2;

printf("Square : ");

printf("%u^%u = %u mod %un", base, tempExp, tempValue, modulus);}}}

Differential power Analysis (DPA) can be defined as is a side-channel attack that  comprises of factually breaking down power utilization estimations from a cryptosystem. The attach abuses predispositions differing power utilization of chip and  many other equipment that are performing tasks utilizing encrypted keys. The DPA attacks have flag handling and security measures properties that can extricate insider facts from estimations which contain excessively commotion to be broke down utilizing basic power investigation. Utilizing DPA, a fraudster can get encrypted keys by breaking down power utilization estimations from numerous cryptographic tasks performed by a defenseless shrewd card or other gadget.

Control use and Information Timing Attacks

From the above practical analysis

We could have  computed x12 x12 if and only if we could know x6 x6...

And we could have  computed x6 x6 if and only if we  could know x3 x3......and we could have computed x3 x3 if and only if we could know x1 x1......but still we already know x1 x1 which id xx! (i.e., 15).

hence since we know x1 = 4x1= 4, we hence know that that x3 =

x⋅(x1)2=4⋅(42)=4⋅16=64≡29(mod35)x3=x⋅(x1)2=4⋅(42)=4⋅16=64≡29(mod35)

And we already know that x3≡ 29 (mod 35 ) x3 ≡ 29 ( mod 35 )

We therefore have x6 = ( x3) 2 ≡ 29 2 ≡ 841 ≡ 1 ( mod 35 ) x6 =( x3 ) 2 ≡ 292 ≡ 841 ≡ 1 ( mod 35 )

Finally therefore , we also know x6≡1( mod 35 ) x6≡1(mod35), we  hence

get x12=(x6)2≡12≡1(35)x12=(x6)2≡12≡1(35)

By using Bellcore Method to recover factors p,q in n

If intermediate variable P is then returned as variable that is faulted as q (resp. 48) 9 , the attacker then will get a signature with errors which rep 48, it is hence able to recover back q which rep as s` (n, p q). This is the evidence of the above

For instance any integervalue of x(55), c ( n , x ) this will only take up four values

1 ,that’s if the values n , and x are all coprimes,

p, that is if then x is a multiple of the p,

q, that is if the x is multiple of the q,

N, that is if the x is multiple of all both the p ,and the q, which it is of, n

By using Lenstra Method to recover factors p,q in n

In Algorithm by Lenstra , 1 that is if q is now assumed faulted , that means replaced by p = 9, then the values s − q = q * ( (q *( p – q ) mod p ) − ( q *(c – x ) mod p ) ) and therefore c ( N, S−q) = q.

That is If at all q is then assumed to be faulted , then replaced by p 6= q, then S − c ≡ (x − c) − (q mod p) * q * ( q − c) ≡ 0 mod p this is since (q mod p) * q ≡ 1 mod p, and therefore S − q is a multiple of the p. Additionally, S − q is not a multiple of the q. Therefore, c ( N, S − q) = p.

1. Algorithm countermeasure gives trustworthiness, privacy, and validness utilizing the encryption and unscrambling systems to improve security. Identification based countermeasure counteracts assaults by the utilization of Artificial Intelligence gadgets like the unique mark and facial location. Both the calculation and discovery based countermeasures are intense in assault aversion and are both utilized in installed frameworks.

2. The power assaults make utilization of the data and activities reliance of the utilization of energy particularly amid the cryptographic gadgets tasks. The aggressor that surely knows the calculation that is being executed in the gadget, can without much of a stretch make sense of different activities during the time spent the encryption which is ordinarily by means of investigation of gadget control follows thus this prompts the recuperation of the encryption key of the gadget. This assaults never needs such huge numbers of gadget control follows with a specific end goal to achieve this errand

3. The Simple Power Analysis in assignment 2 can be counteracted utilizing two straightforward methods. This incorporates:
   By evading the systems which utilizes the intermediates and keys for activities of contingent expanding and furthermore by executing hard wired symmetric cryptography calculations

4. Randomization in time ordinarily makes the F1 and the side channel assaults hard, this is on account of, F1 and side channel assaults happens at the power level of the installed gadgets, randomizing time does not contain any indistinguishable back to back components that are having high probabilities, it is along these lines inconceivable for the assailant to figure or ascertain from the inward condition of the generator , some other number or key that was past in the succession of the irregular number and time.

5. The increment in the sufficiency commotion influences the quantity of follows that are required for the Differential Power Analysis, the impacts incorporates; the clamor created can jumble the exploitable power utilization. Also, accepting that the apportion of difference in the power adventure to the change in the clamor is higher, the odds of assault which are fruitful that are having least exertion in this manner ends up higher.
   
   Flag Noise Ratio = Var (P information)/Var (P clamor)