Further security analysis of XTR

Dong Guk Han, Tsuyoshi Takagi, Jongin Lim

Research output: Chapter in Book/Report/Conference proceedingConference contribution

1 Citation (Scopus)


In Crypto 2000 and 2003, Lenstra-Verheul and Rubin-Silverberg proposed XTR public key system and torus based public key cryptosystem CEILIDH, respectively. The common main idea of XTR and CEILIDH is to shorten the bandwidth of transmission data. Due to the contribution of Granger et al., that is the comparison result of the performance of CEILIDH and XTR, XTR is an excellent alternative to either RSA or ECC in some applications, where computational power and memory capacity are both very limited, such as smart-cards. Among the family of XTR algorithm, Improved XTR Single Exponentiation (XTR-ISE) is the most efficient one, which computes single exponentiation. However, there are few papers investigating the side channel attacks of XTR-ISE, even though the memory constraint devices suffer most from vulnerability to side channel attacks. Chung-Hasan and Page-Stam tried to analyze XTR-ISE with the known simple power analysis, but unfortunately their approach were not practically feasible. Recently, Han et al. proposed new collision attack on it with analysis complexity O(240) when the key size is 160-bit. In this paper we analyze XTR-ISE from other point of view, namely differential power analysis (DPA). One straightforward result is that XTR-ISE can be free from the original DPA. However, a non-trivial result is that an enhancing DPA proposed in this paper threatens XTR-ISE. Furthermore, we show several weak points of the structure of XTR-ISE. From our simulation results, we show the proposed attack requires about 584 times queries to DPA_Oracle to detect the whole 160-bit secret value. This result shows that XTR-ISE is vulnerable to the proposed enhancing DPA.

Original languageEnglish
Title of host publicationInformation Security Practice and Experience - Second International Conference, ISPEC 2006, Proceedings
Number of pages12
Publication statusPublished - 2006
Event2nd International Conference on Information Security Practice and Experience, ISPEC 2006 - Hangzhou, China
Duration: 2006 Apr 112006 Apr 14

Publication series

NameLecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics)
Volume3903 LNCS
ISSN (Print)0302-9743
ISSN (Electronic)1611-3349


Other2nd International Conference on Information Security Practice and Experience, ISPEC 2006


  • Differential power analysis
  • XTR public key system

ASJC Scopus subject areas

  • Theoretical Computer Science
  • General Computer Science


Dive into the research topics of 'Further security analysis of XTR'. Together they form a unique fingerprint.

Cite this