Research On Power Analysis Attack Against Modular Exponentiation And Fault Attack Against Bilinear Pairing Cryptography

Cryptography is widely used in mobile internet, internet of things, finance, national defense and other areas of information security. It makes high demands for the security of Cryptosystem. Public key cryptography is an important branch of cryptography and has been widely used in cryptography. With the emergence of side channel attack, hardware implementations of many algorithms are no longer safe. Therefore, the study of the security of the existing algorithms becomes very important. Increasing the defensive measures for the encryption products has become a problem that must be considered before designing. As the core operation of many classical public key cryptosystem, modular exponentiation algorithm has attracted much more attention. At the same time, some new public key cryptosystems are also emerging. The academic research on the safety of these algorithms is still in its initial stage. Among them, the bilinear cryptographic algorithm has been widely studied because of its excellent features and greater security.For modular exponentiation algorithm, this thesis studies the power analysis attack. Based on the N-1 attack, we proposed extended attacks. What's more, we carried out experiment against ASIC implementation of two modular exponentiation algorithms. For the pairing algorithms, this thesis makes a study in fault attack and presents a branch-based fault attack. We use Magma to prove the correctness of the attack. The work content and innovation of this thesis are as follows:(1) We made an in-depth study of the N-1 attack and proposed the extended N-1 attack. The values of x which meet the equation 2 = 1 can be used by the chosen-message attack. With these values, we have successfully attacked Boscher's algorithm and Montgomery powering ladder.(2) The thesis has proposed countermeasures which can defense the extended N-1 attack.(3) This thesis proposed a branch-based fault attack against Miller loop of pairing algorithms which is suitable for all pairing algorithms that contain the Miller loop and has the advantage of possessing a variety of ways to inject faults.(4) Targeted preventive measures have been proposed. It will provide a reference to the physical security of cryptographic systems.