A Hole in the Ladder: Interleaved Variables in Iterative Conditional Branching. Marquer, Y. and Richmond, T. In Proceedings of the 27th IEEE Symposium on Computer Arithmetic, ARITH-2020, pages 56-63, 2020. IEEE Xplore.
A Hole in the Ladder: Interleaved Variables in Iterative Conditional Branching [link]Paper  doi  abstract   bibtex   2 downloads  
The modular exponentiation is crucial to the RSA cryptographic protocol, and variants inspired by the Montgomery ladder have been studied to provide more secure algorithms. In this paper, we abstract away the iterative conditional branching used in the Montgomery ladder, and formalize systems of equations necessary to obtain what we call the semi-interleaved and fully-interleaved ladder properties. In particular, we design fault-injection attacks able to obtain bits of the secret against semi-interleaved ladders, including the Montgomery ladder, but not against fully-interleaved ladders that are more secure. We also apply these equations to extend the Montgomery ladder for both the semi- and fully-interleaved cases, thus proposing novel and more secure algorithms to compute the modular exponentiation.
@InProceedings{MR20,
    author={Marquer, Yoann and Richmond, Tania},
    title={{A Hole in the Ladder: Interleaved Variables in Iterative Conditional Branching}},
    year={2020},
    booktitle={Proceedings of the 27th IEEE Symposium on Computer Arithmetic, ARITH-2020},
    pages={56-63},
    abstract={The modular exponentiation is crucial to the RSA cryptographic protocol, and variants inspired by the Montgomery ladder have been studied to provide more secure algorithms.
    In this paper, we abstract away the iterative conditional branching used in the Montgomery ladder, and formalize systems of equations necessary to obtain what we call the semi-interleaved and fully-interleaved ladder properties.
    In particular, we design fault-injection attacks able to obtain bits of the secret against semi-interleaved ladders, including the Montgomery ladder, but not against fully-interleaved ladders that are more secure.
    We also apply these equations to extend the Montgomery ladder for both the semi- and fully-interleaved cases, thus proposing novel and more secure algorithms to compute the modular exponentiation.},
    keywords={Cryptography, Countermeasures (computer), Fault detection, Iterative algorithms, Public-key cryptography, Security, Side-channel attacks},
    doi={10.1109/ARITH48897.2020.00017},
url={https://hal.archives-ouvertes.fr/hal-02889212v1},
    organization={IEEE Xplore}
}
Downloads: 2