Research On Differential Power Analysis Attacks And Countermeasures On RSA Cipher Circuits

Power analysis attacks are different from the traditional attacking mode. They can recover the secret keys stored in cryptographic hardware devices by analyzing the input and output data combining with cross-correlation between the operation instruction and the power consumption during the cipher processing. Because they are easily performed and the attack effects are very well, power analysis attacks are researched on and applied widely.Among the various public key cryptosystem,RSA algorithm is the best choice in both theory and application,and it is open used in digital signature and identification system. Modular exponentiation and modular multiplication are the basic algorithms for implementing the public key algorithms such as RSA, etc. However the time-consuming modular exponentiation computation, which has always been the bottle-neck of RSA, restricts its wider application.In this thesis, VLSI design optimization technology, power analysis attacks and countermeasures on RSA cipher are studied. We present several new methods about RSA VLSI design and power analysis attacks and countermeasures on RSA, and give the theory derivations, experiment approaches, results and the analyses. To sum up, the main innovation and creative points are as follows:1. Complete and evaluate two circuit architectures of modular exponentiation algorithm in RSA cipher.The experiment results indicate that, the circuit based on left-to-right algorithm is the smaller and the one based on right-to-left algorithm has the faster speed.2. Construct a power analysis simulation platform and provide three different simulation strategies and flows for various requirements about target ciphers, circuit scales and simulation time. By selecting and configuring the simulation platform, the best balance can be got between simulation durations, computer resources and simulation precision.3. Using random blinding technology, we present a new countermeasure against power analysis resistant. The algorithm masks the plaintext, the exponent and the intermediate information at the same time, so that little information can get from the power analysis. Experiments result indicate that the random blinding method can withstand the first-order DPA attacks effectively. 4. Based on analyses of self-randomized modular exponentiation algorithm, a new side-channel atomic strict self-randomized modular exponentiation algorithm is proposed in which a BBS random number generator and the side-channel atomic technology are applied to improve the original algorithm. The results of simulation experiments indicate that this method is effective and practical to prevent differential power analysis attacks. And leads a smaller circuit area than the former method. Moreover, we completed an power analysis resistant RSA cipher VLSI chip design based on self-randomized method.The dissertation was supported by National Natural Science Foundation of China (No. 60606005).