New single-trace side-channel attacks on a specific class of Elgamal cryptosystem

New single-trace side-channel attacks on a specific class of Elgamal cryptosystem

For access to this article, please select a purchase option:

Buy article PDF
(plus tax if applicable)
Buy Knowledge Pack
10 articles for $120.00
(plus taxes if applicable)

IET members benefit from discounts to all IET publications and free access to E&T Magazine. If you are an IET member, log in to your account and the discounts will automatically be applied.

Learn more about IET membership 

Recommend Title Publication to library

You must fill out fields marked with: *

Librarian details
Your details
Why are you recommending this title?
Select reason:
IET Information Security — Recommend this title to your library

Thank you

Your recommendation has been sent to your librarian.

The so-called attack is one of the most important order-2 element attacks, as it requires a non-adaptive chosen ciphertext which is considered as a more realistic attack model compared to adaptive chosen ciphertext scenario. To protect the implementation against attack, several literatures propose the simplest solution, i.e. ‘block the special message ’. In this study, the authors conduct an in-depth research on the attack based on the SMA and Montgomery ladder (ML) algorithms. They show that despite the unaccepted ciphertext countermeasure, other types of attacks are applicable to specific classes of Elgamal cryptosystems. They propose new chosen-message power-analysis attacks with order-4 elements which utilise a chosen ciphertext c such that where p is the prime number used as a modulus in Elgamal. Such a ciphertext can be found simply when . They demonstrate that ML and SMA algorithms are subjected to the new -type attack by utilising a different ciphertext. They implement the proposed attacks on the TARGET Board of the ChipWhisperer CW1173 and the proposed experiments validate the feasibility and effectiveness of the attacks by using only a single power trace.


    1. 1)
      • 1. Kocher, P.C., Jaffe, J., Jun, B.: ‘Differential power analysis’. CRYPTO 1999, Santa Barbara, CA, USA, 1999, pp. 388397.
    2. 2)
      • 2. Kocher, P.C.: ‘Timing attacks on implementations of diffie-hellman, rsa, dss, and other systems’. CRYPTO 1996, Santa Barbara, CA, USA, 1996, pp. 104113.
    3. 3)
      • 3. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: ‘Power analysis attacks of modular exponentiation in smart cards’. CHES 1999, Worcester, MA, USA, 1999, pp. 144157.
    4. 4)
      • 4. Homma, N., Miyamoto, A., Aoki, T., et al: ‘Comparative power analysis of modular exponentiation algorithms’, IEEE Trans. Comput., 2010, 59, (6), pp. 795807.
    5. 5)
      • 5. Novak, R.: ‘Spa-based adaptive chosen-ciphertext attack on RSA implementation’. PKC 2002, Paris, France, 2002, pp. 252262.
    6. 6)
      • 6. Schindler, W.: ‘A timing attack against RSA with the Chinese remainder theorem’. CHES 2000, Worcester, MA, USA, 2000, pp. 109124.
    7. 7)
      • 7. Walter, C.D., Thompson, S.: ‘Distinguishing exponent digits by observing modular subtractions’. CT-RSA 2001, San Francisco, CA, USA, 2001, pp. 192207.
    8. 8)
      • 8. Clavier, C., Feix, B.: ‘Updated recommendations for blinded exponentiation vs. Single trace analysis’. COSADE 2013, Paris, France, 2013, pp. 8098.
    9. 9)
      • 9. Courrège, G.C., Feix, B., Roussellet, M.: ‘Simple power analysis on exponentiation revisited’. CARDIS 2010, Passau, Germany, 2010, pp. 6579.
    10. 10)
      • 10. Genkin, D., Pachmanov, L., Pipman, P., et al: ‘Stealing keys from pcs using a radio: cheap electromagnetic attacks on windowed exponentiation’. CHES 2015, Saint-Malo, France, 2015, pp. 207228.
    11. 11)
      • 11. Genkin, D., Pachmanov, L., Pipman, I., et al: ‘ECDH key-extraction via low-bandwidth electromagnetic attacks on pcs’. CT-RSA 2016, San Francisco, CA, USA, 2016, pp. 219235.
    12. 12)
      • 12. Genkin, D., Pipman, I., Tromer, E.: ‘Get your hands off my laptop: physical side-channel key-extraction attacks on pcs’. CHES 2014, Busan, Republic of Korea, 2014, pp. 242260.
    13. 13)
      • 13. Genkin, D., Shamir, A., Tromer, E.: ‘RSA key extraction via low-bandwidth acoustic cryptanalysis’. IACR Cryptology ePrint Archive, 2013.
    14. 14)
      • 14. Homma, N., Miyamoto, A., Aoki, T., et al: ‘Collision-based power analysis of modular exponentiation using chosen-message pairs’. CHES 2008, Washington, D.C., USA, 2008, pp. 1529.
    15. 15)
      • 15. Miyamoto, A., Homma, N., Aoki, T., et al: ‘Enhanced power analysis attack using chosen message against RSA hardware implementations’. ISCAS 2008, Washington D.C, USA, 2008, pp. 32823285.
    16. 16)
      • 16. Schindler, W.: ‘Exclusive exponent blinding may not suffice to prevent timing attacks on RSA’. CHES 2015, Saint-Malo, France, 2015, pp. 229247.
    17. 17)
      • 17. Boe, B.D., Lemke, K., Wicke, G.: ‘A DPA attack against the modular reduction within a CRT implementation of RSA’. CHES 2002, Redwood Shores, CA, USA, 2002, pp. 228243.
    18. 18)
      • 18. Fouque, P.A., Valette, F.: ‘The doubling attack – why upwards is better than downwards’. CHES 2003, Cologne, Germany, 2003, pp. 269280.
    19. 19)
      • 19. Yen, S.M., Lien, W.C., Moon, S.J., et al: ‘Power analysis by exploiting chosen message and internal collisions – vulnerability of checking mechanism for rsa-decryption’. Mycrypt 2005, Kuala Lumpur, Malaysia, 2005, pp. 183195.
    20. 20)
      • 20. Fan, J., Gierlichs, B., Vercauteren, F.: ‘To infinity and beyond: combined attack on ECC using points of low order’. CHES 2011, Nara, Japan, 2011, pp. 143159.
    21. 21)
      • 21. Biehl, I., Meyer, B., Muller, V.: ‘Differential fault attacks on elliptic curve cryptosystems’. CRYPTO 2000, Santa Barbara, CA, USA, 2000, pp. 131146.
    22. 22)
      • 22. Genkin, D., Valenta, L., Yarom, Y.: ‘May the fourth be with you: a microarchitectural side channel attack on several real-world applications of curve 25519’. ACM Conf. on Computer and Communications Security, CCS 2017, Dallas, TX, USA, 2017, pp. 845858.
    23. 23)
      • 23. Ding, Z., Guo, W., Su, L., et al: ‘Further research on N − 1 attack against exponentiation algorithms’. ACISP 2014, Wollongong, NSW, Australia, 2014, pp. 162175.
    24. 24)
      • 24. O'Flynn, C., Chen, Z.D.: ‘Chipwhisperer: an opensource platform for hardware embedded security research’. COSADE 2015, Paris, France, 2015, pp. 243260.
    25. 25)
      • 25. Belgarric, P., Fouque, P., Macario-Rat, G., et al: ‘Side-channel analysis of weierstrass and koblitz curve ECDSA on android smartphones’. CT-RSA 2016, San Francisco, CA, USA, 2016, pp. 236252.

Related content

This is a required field
Please enter a valid email address