Skip to Main content Skip to Navigation
Conference papers

Defeating Countermeasures Based on Randomized BSD Representations

Abstract : The recent development of side channel attacks has lead implementers to use increasingly sophisticated countermeasures in critical operations such as modular exponentiation, or scalar multiplication on elliptic curves. A new class of countermeasures is based on inserting random decisions when choosing one representation of the secret scalar out of a large set of representations of the same value. For instance, this is the case of countermeasures proposed by Oswald and Aigner, or Ha and Moon, both based on randomized Binary Signed Digit (BSD) representations. Their advantage is to offer excellent speed performances. However, the first countermeasure and a simplified version of the second one were already broken using Markov chain analysis. In this paper, we take a different approach to break the full version of Ha-Moons countermeasure using a novel technique based on detecting local collisions in the intermediate states of computation. We also show that randomized BSD representations present some fundamental problems and thus recommend not to use them as a protection against side-channel attacks.
Document type :
Conference papers
Complete list of metadata
Contributor : Pierre-Alain Fouque Connect in order to contact the contributor
Submitted on : Monday, February 7, 2011 - 4:29:00 PM
Last modification on : Thursday, March 17, 2022 - 10:08:36 AM

Links full text




Pierre-Alain Fouque, Frédéric Muller, Guillaume Poupard, Frédéric Valette. Defeating Countermeasures Based on Randomized BSD Representations. Cryptographic Hardware and Embedded Systems - CHES 2004: 6th International Workshop, 2004, Cambridge, MA, United States. pp.312-327, ⟨10.1007/978-3-540-28632-5_23⟩. ⟨inria-00563963⟩



Record views