Skip to main content
SpringerLink
Log in
Book cover

International Workshop on Constructive Side-Channel Analysis and Secure Design

COSADE 2017: Constructive Side-Channel Analysis and Secure Design pp 65–82Cite as

Enhanced Elliptic Curve Scalar Multiplication Secure Against Side Channel Attacks and Safe Errors

  • Conference paper
  • First Online:

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 10348))

Abstract

Elliptic curve cryptography (ECC) is involved in many secure schemes. Such schemes involve the elliptic curve scalar operation which is particularly security sensitive. Many algorithms of this operation have been proposed including security countermeasures. This paper discusses the security issues of such algorithms when running on a device that can be physically accessed. Leveraging these issues, new simple attack schemes to recover scalar bit information are presented and a new detailed attack based on C safe-error, probability and lattice is described against an Elliptic Curve Digital Signature Algorithm (ECDSA) using the Montgomery ladder algorithm. This new attack shows that Montgomery ladder can be sensitive to C safe-errors under some conditions. Finally, new secure elliptic curve scalar operation algorithms are presented with solutions to the discussed issues and guidance for their secure implementations.

This is a preview of subscription content, log in via an institution.

Chapter
USD   29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD   39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD   54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Learn about institutional subscriptions

References

  1. Akishita, T., Takagi, T.: Zero-value point attacks on elliptic curve cryptosystem. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 218–233. Springer, Heidelberg (2003). doi:10.1007/10958513_17

    Chapter  Google Scholar 

  2. Aranha, D.F., Fouque, P.-A., Gérard, B., Kammerer, J.-G., Tibouchi, M., Zapalowicz, J.-C.: GLV/GLS decomposition, power analysis, and attacks on ECDSA signatures with single-bit nonce bias. In: Sarkar, P., Iwata, T. (eds.) ASIACRYPT 2014. LNCS, vol. 8873, pp. 262–281. Springer, Heidelberg (2014). doi:10.1007/978-3-662-45611-8_14

    Google Scholar 

  3. Bauer, A., Jaulmes, E., Prouff, E., Wild, J.: Horizontal collision correlation attack on elliptic curves. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 553–570. Springer, Heidelberg (2014). doi:10.1007/978-3-662-43414-7_28

    Chapter  Google Scholar 

  4. Bernstein, D.J., Birkner, P., Joye, M., Lange, T., Peters, C.: Twisted Edwards curves. Cryptology ePrint archive, report 2008/013 (2008). http://eprint.iacr.org/

  5. Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.: High-speed high-security signatures. IACR cryptology ePrint archive 2011, 368 (2011). http://eprint.iacr.org/2011/368

  6. Biehl, I., Meyer, B., Müller, V.: Differential fault attacks on elliptic curve cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 131–146. Springer, Heidelberg (2000). doi:10.1007/3-540-44598-6_8

    Chapter  Google Scholar 

  7. Bleichenbacher, D.: On the generation of DSS one-time keys. Preprint (2001)

    Google Scholar 

  8. Brumley, B.B., Tuveri, N.: Remote timing attacks are still practical. In: Atluri, V., Diaz, C. (eds.) ESORICS 2011. LNCS, vol. 6879, pp. 355–371. Springer, Heidelberg (2011). doi:10.1007/978-3-642-23822-2_20

    Chapter  Google Scholar 

  9. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003). doi:10.1007/3-540-36400-5_3

    Chapter  Google Scholar 

  10. Coron, J.S.: Resistance against differential power analysis for elliptic curve cryptosystems (1999)

    Google Scholar 

  11. Danger, J.L., Guilley, S., Hoogvorst, P., Murdica, C., Naccache, D.: A synthesis of side-channel attacks on elliptic curve cryptography in smart-cards. J. Cryptogr. Eng. 3(4), 241–265 (2013). https://hal.inria.fr/hal-00934333

    Article  Google Scholar 

  12. Dubeuf, J., Hely, D., Beroulle, V.: ECDSA passive attacks, leakage sources, and common design mistakes. ACM Trans. Des. Autom. Electron. Syst. 21(2), 3101–3124 (2016). http://doi.acm.org/10.1145/2820611

    Article  Google Scholar 

  13. Fan, J., Verbauwhede, I.: An updated survey on secure ecc implementations: attacks, countermeasures and cost. In: Naccache, D. (ed.) Cryptography and Security: From Theory to Applications. LNCS, vol. 6805, pp. 265–282. Springer, Heidelberg (2012). doi:10.1007/978-3-642-28368-0_18

    Chapter  Google Scholar 

  14. Feix, B., Roussellet, M., Venelli, A.: Side-channel analysis on blinded regular scalar multiplications. Cryptology ePrint archive, report 2014/191 (2014). http://eprint.iacr.org/

  15. Fouque, P.-A., Réal, D., Valette, F., Drissi, M.: The carry leakage on the randomized exponent countermeasure. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 198–213. Springer, Heidelberg (2008). doi:10.1007/978-3-540-85053-3_13

    Chapter  Google Scholar 

  16. Fouque, P.-A., Valette, F.: The doubling attack – why upwards is better than downwards. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 269–280. Springer, Heidelberg (2003). doi:10.1007/978-3-540-45238-6_22

    Chapter  Google Scholar 

  17. Goubin, L.: A refined power-analysis attack on elliptic curve cryptosystems. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 199–211. Springer, Heidelberg (2003). doi:10.1007/3-540-36288-6_15

    Chapter  Google Scholar 

  18. Goundar, R.R., Joye, M., Miyaji, A., Rivain, M., Venelli, A.: Scalar multiplication on Weierstraß elliptic curves from Co-Z arithmetic. J. Cryptogr. Eng. 1(2), 161–176 (2011). http://dblp.uni-trier.de/db/journals/jce/jce1.html#GoundarJMRV11

    Article  Google Scholar 

  19. Hankerson, D., Menezes, A.J., Vanstone, S.: Guide to Elliptic Curve Cryptography. Springer, New York (2003)

    MATH  Google Scholar 

  20. Hedabou, M., Pinel, P., Bénéteau, L.: Countermeasures for preventing comb method against SCA attacks. In: Deng, R.H., Bao, F., Pang, H.H., Zhou, J. (eds.) ISPEC 2005. LNCS, vol. 3439, pp. 85–96. Springer, Heidelberg (2005). doi:10.1007/978-3-540-31979-5_8

    Chapter  Google Scholar 

  21. Itoh, K., Izu, T., Takenaka, M.: Address-bit differential power analysis of cryptographic schemes OK-ECDH and OK-ECDSA. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 129–143. Springer, Heidelberg (2003). doi:10.1007/3-540-36400-5_11

    Chapter  Google Scholar 

  22. Itoh, K., Izu, T., Takenaka, M.: Efficient countermeasures against power analysis for elliptic curve cryptosystems. In: Smart Card Research and Advanced Applications VI, IFIP 18th World Computer Congress, TC8/WG8.8 & TC11/WG11.2 Sixth International Conference on Smart Card Research and Advanced Applications (CARDIS), 22–27 August 2004, Toulouse, France, pp. 99–113 (2004). http://dx.doi.org/10.1007/1-4020-8147-2_7

  23. Joye, M., Tymen, C.: Protections against differential analysis for elliptic curve cryptography — an algebraic approach —. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 377–390. Springer, Heidelberg (2001). doi:10.1007/3-540-44709-1_31

    Chapter  Google Scholar 

  24. Joye, M., Yen, S.-M.: The montgomery powering ladder. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003). doi:10.1007/3-540-36400-5_22

    Chapter  Google Scholar 

  25. Mamiya, H., Miyaji, A., Morimoto, H.: Efficient countermeasures against RPA, DPA, and SPA. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 343–356. Springer, Heidelberg (2004). doi:10.1007/978-3-540-28632-5_25

    Chapter  Google Scholar 

  26. Muller, F., Valette, F.: High-order attacks against the exponent splitting protection. In: Public Key Cryptography, pp. 315–329 (2006)

    Google Scholar 

  27. Nguyen, P.Q., Shparlinski, I.: The insecurity of the digital signature algorithm with partially known nonces. J. Cryptol. 15(3), 151–176 (2002). http://dx.doi.org/10.1007/s00145-002-0021-3

    Article  MathSciNet  MATH  Google Scholar 

  28. NIST: Digital Signature Standard (DSS), FIPS PUB 186 (2013). http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf

  29. Okeya, K., Sakurai, K.: Power analysis breaks elliptic curve cryptosystems even secure against the timing attack. In: Roy, B., Okamoto, E. (eds.) INDOCRYPT 2000. LNCS, vol. 1977, pp. 178–190. Springer, Heidelberg (2000). doi:10.1007/3-540-44495-5_16

    Chapter  Google Scholar 

  30. Rondepierre, F.: Revisiting atomic patterns for scalar multiplications on elliptic curves. In: Francillon, A., Rohatgi, P. (eds.) CARDIS 2013. LNCS, vol. 8419, pp. 171–186. Springer, Cham (2014). doi:10.1007/978-3-319-08302-5_12

    Google Scholar 

  31. Yen, S.M., Joye, M.: Checking before output may not be enough against fault-based cryptanalysis. IEEE Trans. Comput. 49(9), 967–970 (2000). http://dx.doi.org/10.1109/12.869328

    Article  MATH  Google Scholar 

  32. Sung-Ming, Y., Kim, S., Lim, S., Moon, S.: A countermeasure against one physical cryptanalysis may benefit another attack. In: Kim, K. (ed.) ICISC 2001. LNCS, vol. 2288, pp. 414–427. Springer, Heidelberg (2002). doi:10.1007/3-540-45861-1_31

    Chapter  Google Scholar 

  33. Zapalowicz, J.C.: Security of the pseudorandom number generators and implementations of public key signature schemes. Theses, Université Rennes 1 (2014). https://tel.archives-ouvertes.fr/tel-01135998

Download references

Author information

Authors and Affiliations

  1. Security Excellence Lab, Maxim Integrated, San Jose, USA

    Jeremy Dubeuf

  2. University of Grenoble Alpes, LCIS, Grenoble, France

    David Hely & Vincent Beroulle

Authors
  1. Jeremy Dubeuf
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. David Hely
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Vincent Beroulle
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding authors

Correspondence to Jeremy Dubeuf , David Hely or Vincent Beroulle .

Editor information

Editors and Affiliations

  1. Secure-IC S.A.S. and TELECOM-ParisTech, Paris, France

    Sylvain Guilley

Rights and permissions

Reprints and permissions

Copyright information

© 2017 Springer International Publishing AG

About this paper

Cite this paper

Dubeuf, J., Hely, D., Beroulle, V. (2017). Enhanced Elliptic Curve Scalar Multiplication Secure Against Side Channel Attacks and Safe Errors. In: Guilley, S. (eds) Constructive Side-Channel Analysis and Secure Design. COSADE 2017. Lecture Notes in Computer Science(), vol 10348. Springer, Cham. https://doi.org/10.1007/978-3-319-64647-3_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-319-64647-3_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-319-64646-6

  • Online ISBN: 978-3-319-64647-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation