Skip to main content
SpringerLink
Log in

Algorithm-level error detection for Montgomery ladder-based ECSM

  • Regular Paper
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

For security reasons, especially to provide resistance against fault-based attacks, it is very important to verify the correctness of computations in elliptic curve cryptographic applications. In this article, we deal with protections to fault attacks against elliptic curve scalar multiplication (ECSM) at algorithm level. To this end, we use the concepts of point verification (PV) and coherency check (CC). We investigate the error detection coverage of PV and CC for the Montgomery ladder ECSM algorithm. Additionally, we consider the case where an attacker can mount a double-fault attack. We show that even with this stronger fault model, it is possible to avoid such attacks utilizing the concept of point blinding.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. Agrawal, D., Archambeault, B., Rao, J.R., Rohatgi, P.: The EM side-channel(s). In: CHES 2002: Cryptographic Hardware and Embedded Systems, LNCS, vol. 2523, pp. 29–45. Springer, Berlin (2002)

  2. ANSI X9.62.: Public key cryptography for the financial services industry: the elliptic curve digital signature algorithm (ECDSA). American National Standards Institute (1999)

  3. Antipa, A., Brown, D.R.L., Menezes, A., Struik, R., Vanstone, S.A.: Validation of elliptic curve public keys. In: PKC 2003: Public Key Cryptography. LNCS, vol. 2567, pp. 211–223. Springer, Berlin (2003)

  4. Aumüller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.-P.: Fault attacks on RSA with CRT: Concrete results and practical countermeasures. In: CHES 2002: Cryptographic Hardware and Embedded Systems. LNCS, vol. 2523, pp. 260–275. Springer, Berlin (2002)

  5. Biehl, I., Meyer, B., Müller, V.: Differential fault attacks on elliptic curve cryptosystems. In: CRYPTO 2000: Advances in Cryptology. LNCS, vol. 1880, pp. 131–146. Springer, Berlin (2000)

  6. Blömer, J., Otto, M.: Wagners attack on a secure CRT-RSA algorithm reconsidered. In: FDTC 2006: Workshop on Fault Diagnosis and Tolerance in Cryptography. LNCS, vol. 4236, pp. 13–23 (2006)

  7. Blömer, J., Otto, M., Seifert, J.-P.: A new CRT-RSA algorithm secure against Bellcore attacks. In: ACM Conference on Computer and Communications Security, pp. 311–320. ACM, New York (2003)

  8. Blömer, J., Otto, M., Seifert, J.-P.: Sign change attacks on elliptic curve cryptosystems. In: FDTC 2005: Fault Diagnosis and Tolerance in Cryptography. LNCS, vol. 4236, pp. 36–42. Springer, Berlin (2006)

  9. Boneh D., DeMillo R.A., Lipton R.J.: On the importance of eliminating errors in cryptographic computations. J. Cryptol. 14(2), 101–119 (2001)

    Article  MATH  MathSciNet  Google Scholar 

  10. Boscher, A., Naciri, R., Prouff, E.: CRT RSA algorithm protected against fault attacks. In: WISTP 2007: Information Security Theory and Practices. Smart Cards, Mobile and Ubiquitous Computing Systems, International Workshop. LNCS, vol. 4462, pp. 229–243. Springer, Berlin (2007)

  11. Brier, E., Joye, M.: Weierstraß elliptic curves and side-channel attacks. In: PKC 2002: Public Key Cryptography. LNCS, vol. 2274, pp. 335–345. Springer, Berlin (2002)

  12. Ciet M., Joye M.: Elliptic curve cryptosystems in the presence of permanent and transient faults. Des Codes Cryptogr 36(1), 33–43 (2005)

    Article  MATH  MathSciNet  Google Scholar 

  13. Ciet, M., Joye, M.: Practical fault countermeasures for Chinese remaindering based RSA. In: FDTC 2005: Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 124–132 (2005)

  14. Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: CHES 1999: Cryptographic Hardware and Embedded Systems. LNCS, vol. 1717, pp. 292–302. Springer, Berlin (1999)

  15. Crandall, R.E.: Method and apparatus for public key exchange in a cryptographic system. United States Patent 5,159,632 (1992)

  16. Domínguez-Oviedo, A., Hasan, M.A.: Improved error-detection and fault-tolerance in ECSM using input randomization. Technical report, CACR Technical Reports CACR 2006-41, University of Waterloo (2006) (A revised version to appear in IEEE Transactions on Dependable and Secure Computing)

  17. Domínguez-Oviedo, A., Hasan, M.A.: Algorithm-level error detection for ECSM. Technical report, CACR Technical Reports CACR 2009-05, University of Waterloo (2009)

  18. Domínguez-Oviedo, A., Hasan, M.A., Ansari, B.: Fault-based attack on Montgomerys ladder ECSM algorithm. Technical report, CACR Technical Reports CACR 2009-32, University of Waterloo (2009) (A revised version to appear in Journal of Cryptology)

  19. Ferguson, N., Schneier, B.: Practical cryptography. Wiley, New York (2003)

  20. FIPS 186 Digital Signature Standard (DSS).: Federal Information Processing Standards Publication 186. National Institute for Standards and Technology (1994)

  21. Fouque P.-A., Lercier R., Réal D., Valette F.: Fault attack on elliptic curve Montgomery ladder implementation. Proc. Workshop Fault Diag. Toler. Cryptogr. 0, 92–98 (2008)

    Article  Google Scholar 

  22. Giraud C.: An RSA implementation resistant to fault attacks and to simple power analysis. IEEE Trans. Comp. 55(9), 1116–1120 (2006)

    Article  Google Scholar 

  23. IEEE Standard 1363–2000: Specifications for Public Key Cryptography. IEEE (2000)

  24. ISO/IEC 15946.: Information Technology—Security Techniques—Cryptographic techniques based on elliptic curves, Parts 1–4 (2002)

  25. Joye, M.: Highly regular right-to-left algorithms for scalar multiplication. In: CHES ’07: Proceedings of the 9th International Workshop on Cryptographic Hardware and Embedded Systems, pp. 135–147. Springer, Berlin (2007)

  26. Joye, M., Yen, S.-M.: The Montgomery powering ladder. In: CHES 2002: Cryptographic Hardware and Embedded Systems. LNCS, vol. 2523, pp. 291–302. Springer, Berlin (2002)

  27. Kim, C.H., Quisquater, J.-J.: Fault attacks for CRT based RSA: new attacks, new results, and new countermeasures. In:WISTP 2007: Information Security Theory and Practices. Smart Cards, Mobile and Ubiquitous Computing Systems, International Workshop. LNCS, vol. 4462, pp. 215–228. Springer, Berlin (2007)

  28. Koblitz N.: Elliptic curve cryptosystems. Math. Comput. 48, 203–209 (1987)

    Article  MATH  MathSciNet  Google Scholar 

  29. Kocher, P.C.: Timing attacks on implementations of Diffie-Hellman. In: CRYPTO 1996: Advances in Cryptology. LNCS, vol. 1109, pp. 104–113. Springer, Berlin (1996)

  30. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: CRYPTO 1999: Advances in Cryptology. LNCS, vol. 1666, pp. 388–397. Springer, Berlin (1999)

  31. Lin, S., Costello, D.J.: Error control coding. Prentice-Hall, Englewood Cliffs (2004)

  32. López, J., Dahab, R.: Fast multiplication on elliptic curves over GF(2m) without precomputation. In: CHES 1999: Cryptographic Hardware and Embedded Systems. LNCS, vol. 1717, pp. 316–327. Springer, Berlin (1999)

  33. Menezes, A.: Elliptic curve public key cryptosystems. Kluwer, Norwell (1994)

  34. Miller, V.S.: Use of elliptic curves in cryptography. In: CRYPTO 1985: Advances in Cryptology. LNCS, vol. 218, pp. 417–426. Springer, Berlin (1986)

  35. Montgomery P.L.: Speeding the Pollard and elliptic curve methods of factorization. Math. Comput. 48, 243–264 (1987)

    Article  MATH  Google Scholar 

  36. Okeya, K., Sakurai, K.: Efficient elliptic curve cryptosystems from a scalar multiplication algorithm with recovery of the y)-coordinate on a Montgomery-form elliptic curve. In: CHES 2001: Cryptographic Hardware and Embedded Systems. LNCS, vol. 2162, pp. 126–141. Springer, Berlin (2001)

  37. Shamir, A.: Method and apparatus for protecting public key schemes from timing and fault attacks. United States Patent 5,991,415 (1999)

  38. Trichina, E., Korkikyan, R.: Multi fault laser attacks on protected CRT-RSA. In: FDTC, pp. 75–86 (2010)

  39. Wagner, D.: Cryptanalysis of a probable secure CRT-RSA algorithm. In: ACM Conference on Computer and Communications Security, pp. 82–91. ACM, New York (2004)

  40. Wells, R.B.: Applied coding and information theory for engineers. Prentice-Hall, Upper Saddle River (1999)

  41. Yen S.-M., Joye M.: Checking before output may not be enough against fault-based cryptanalysis. IEEE Trans. Comp. 49(9), 967–970 (2000)

    Article  Google Scholar 

  42. Yen, S.-M., Kim, S., Lim, S., Moon, S.: A countermeasure against one physical cryptanalysis may benefit another attack. In: ICISC 2001: International Conference Seoul on Information Security and Cryptology. LNCS, vol. 2288, pp. 414–427. Springer, Berlin (2001)

  43. Yen, S.-M., Kim, S., Lim, S., Moon, S.: RSA speedup with residue number system immune against hardware fault cryptanalysis. In: ICISC 2001: International Conference on Information Security and Cryptology. LNCS, vol. 2288, pp. 397–413. Springer, Berlin (2001)

  44. Yen, S.-M., Kim, S., Lim, S., Moon, S.: RSA speedup with residue number system immune against hardware fault cryptanalysis. IEEE Trans. Comp. 52(4), 461–472 (2003) (An earlier version appears in [43])

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Department of Mechatronics, ITESM Campus Queretaro, Queretaro, Mexico

    Agustin Dominguez-Oviedo

  2. Department of Electrical and Computer Engineering, University of Waterloo, Waterloo, Canada

    M. Anwar Hasan

Authors
  1. Agustin Dominguez-Oviedo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. M. Anwar Hasan
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Agustin Dominguez-Oviedo.

Additional information

This work was done when the A. Dominguez-Oviedo was with the University of Waterloo.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Dominguez-Oviedo, A., Hasan, M.A. Algorithm-level error detection for Montgomery ladder-based ECSM. J Cryptogr Eng 1, 57–69 (2011). https://doi.org/10.1007/s13389-011-0003-1

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-011-0003-1

Keywords

Search

Navigation