Cryptology ePrint Archive: Report 2015/819

Improving the Big Mac Attack on Elliptic Curve Cryptography

Jean-Luc Danger and Sylvain Guilley and Philippe Hoogvorst and Cédric Murdica and David Naccache

Abstract: At CHES 2001, Walter introduced the Big Mac attack against an implementation of RSA. It is an horizontal collision attack, based on the detection of common operands in two multiplications. The attack is very powerful since one single power trace of an exponentiation permits to recover all bits of the secret exponent. Moreover, the attack works with unknown or blinded input. The technique was later studied and improved by Clavier et alii and presented at INDOCRYPT 2012. At SAC 2013, Bauer et alii presented the first attack based on the Big Mac principle on implementations based on elliptic curves with simulation results. In this work, we improve the attack presented by Bauer et alii to considerably increase the success rate. Instead of comparing only two multiplications, the targeted implementation permits to compare many multiplications. We give experiment results with traces taken from a real target to prove the soundness of our attack. In fact, the experimental results show that the original Big Mac technique given by Walter was better that the technique given by Clavier et alii. With our experiments on a real target, we show that the theoretical improvements are not necessarily the more suitable methods depending on the targeted implementations.

Category / Keywords: implementation / side channel attacks

Date: received 17 Aug 2015

Contact author: david naccache at ens fr

Available format(s): PDF | BibTeX Citation

Version: 20190305:124745 (All versions of this report)

Short URL: ia.cr/2015/819