State-of-the-art of secure ECC implementations: A survey on known side-channel attacks and countermeasures

Proceedings of the 2010 IEEE International Symposium on Hardware-Oriented Security and Trust, HOST 2010

Volumn , Issue , 2010, Pages 76-87

  Fan, Junfeng ^a   Guo, Xu ^b   De Mulder, Elke ^a   Schaumont, Patrick ^b   Preneel, Bart ^a   Verbauwhede, Ingrid ^a  

^a UNIVERSITY OF LEUVEN   (Belgium)

^b State University   (United States)

Author keywords

Elliptic curve cryptosystems; Side channel attacks

Indexed keywords

ATTACK METHODS; CRYPTOGRAPHIC PRIMITIVES; DESIGN ITERATION; DIFFERENT ATTACKS; ELLIPTIC CURVE CRYPTOSYSTEMS; PHYSICAL ATTACKS; ROAD-MAPS; SIDE CHANNEL ATTACK; SYSTEM DESIGNERS;

CRYPTOGRAPHY; GEOMETRY;

DESIGN;

EID: 77955722321     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: 10.1109/HST.2010.5513110     Document Type: Conference Paper

References (42)

1. R. Avanzi, "Side Channel Attacks on Implementations of Curve-Based Cryptographic Primitives," Cryptology ePrint Archive, Report 2005/017, available from http://eprint.iacr.org/.
2. I. Blake, G. Seroussi, N. Smart, and J. W. S. Cassels, Advances in Elliptic Curve Cryptography (London Mathematical Society Lecture Note Series). New York, USA: Cambridge University Press, 2005.
3. R. M. Avanzi, H. Cohen, C. Doche, G. Frey, T. Lange, K. Nguyen, and F. Vercauteren, Handbook of Elliptic and Hyperelliptic Curve Cryptography. CRC Press, 2005.
4. P. Fouque, D. Réal, F. Valette, and M. Drissi, "The Carry Leakage on the Randomized Exponent Countermeasure," in Cryptographic Hardware and Embedded Systems - CHES, ser. LNCS, vol. 5154. Springer, 2008, pp. 198-213.
5. S. Mangard, E. Oswald, and T. Popp, Power analysis Attacks: Revealing the Secrets of Smart Cards. Secaucus, NJ, USA: Springer, 2007.
6. m)," Electronics Letters, vol. 25, no. 10, pp. 664-665, 1989.
7. K. Tiri and I. Verbauwhede, "A Logic Level Design Methodology for a Secure DPA Resistant ASIC or FPGA Implementation," in DATE '04: Proceedings of the conference on Design, automation and test in Europe. IEEE Computer Society, 2004, pp. 246-251.
8. P. Kocher, "Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems," in CRYPTO'96:Advances in Cryptology, ser. LNCS, N. Koblitz, Ed., vol. 1109. Springer, 1996, pp. 104-113.
9. P. Kocher, J. Jaffe, and B. Jun, "Differential Power Analysis," in CRYPTO, ser. LNCS, vol. 1666. Springer, 1999, pp. 388-397.
10. J. Coron, "Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems," in Cryptographic Hardware and Embedded Systems, CHES, ser. LNCS, vol. 1717. Springer, 1999, pp. 292-302.
11. B. Chevallier-Mames, M. Ciet, and M. Joye, "Low-Cost Solutions for Preventing Simple Side-Channel Analysis: Side- Channel Atomicity," IEEE Trans. Computers, vol. 53, no. 6, pp. 760-768, 2004.
12. P. Montgomery, "Speeding the Pollard and elliptic curve methods of factorization," Mathematics of Computation, vol. 48, no. 177, pp. 243-264, 1987.
13. M. Joye and S.-M. Yen, "The Montgomery Powering Ladder," in Cryptographic Hardware and Embedded Systems - CHES, ser. LNCS, vol. 2523. Springer, 2002, pp. 291-302.
14. J. López and R. Dahab, "Fast Multiplication on Elliptic Curves over GF(2m) without Precomputation," in Cryptographic Hardware and Embedded Systems - CHES, ser. LNCS, vol. 1717. Springer, 1999, pp. 316-327.
15. E. Brier and M. Joye, "Weierstraß Elliptic Curves and Side-Channel Attacks," in Proceedings of the 5th International Workshop on Practice and Theory in Public Key Cryptosystems, vol. 2274. Springer, 2002, pp. 335-345.
16. S. Chari, J. R. Rao, and P. Rohatgi, "Template Attacks," in Cryptographic Hardware and Embedded Systems, CHES, ser. LNCS, vol. 2523, 2002, pp. 13-28.
17. M. Medwed and E. Oswald, "Template Attacks on ECDSA," in Information Security Applications, WISA, vol. 5379, 2008, pp. 14-27.
18. C. Herbst and M. Medwed, "Using Templates to Attack Masked Montgomery Ladder Implementations of Modular Exponentiation," in Information Security Applications, WISA, vol. 5379, 2008, pp. 1-13.
19. M. Joye and C. Tymen, "Protections against Differential Analysis for Elliptic Curve Cryptography," in Cryptographic Hardware and Embedded Systems - CHES, ser. LNCS, vol. 2162. Springer, 2001, pp. 377-390.
20. M. Ciet and M. Joye, "(Virtually) Free Randomization Techniques for Elliptic Curve Cryptography," in Information and Communications Security (ICICS2006), LNCS 2836. Springer, 2003, pp. 348-359.
21. K. Okeya and K. Sakurai, "Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack," in INDOCRYPT, ser. LNCS, vol. 1977. Springer, 2000, pp. 178-190.
22. L. Goubin, "A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems," in Proceedings of the 6th International Workshop on Theory and Practice in Public Key Cryptography, vol. 2567. Springer, 2003, pp. 199-210.
23. N. Homma, A. Miyamoto, T. Aoki, A. Satoh, and A. Shamir, "Collision-based power analysis of modular exponentiation using chosen-message pairs," in Cryptographic Hardware and Embedded Systems - CHES, ser. LNCS, vol. 5154. Springer, 2008, pp. 15-29.
24. P.-A. Fouque and F. Valette, "The Doubling Attack : Why Upwards Is Better than Downwards," in Cryptographic Hardware and Embedded Systems - CHES, ser. LNCS, vol. 2779. Springer, 2003, pp. 269-280.
25. P.-Y. Liardet and N. P. Smart, "Preventing SPA/DPA in ECC Systems Using the Jacobi Form," in Cryptographic Hardware and Embedded Systems - CHES, ser. LNCS, vol. 2162. Springer, 2001, pp. 391-401.
26. T. Akishita and T. Takagi, "Zero-Value Point Attacks on Elliptic Curve Cryptosystem," vol. 2851, pp. 218-233, 2003.
27. E. D. Mulder, S. Örs, B. Preneel, and I. Verbauwhede, "Differential power and electromagnetic attacks on a FPGA implementation of elliptic curve cryptosystems," Computers & Electrical Engineering, vol. 33, no. 5-6, pp. 367-382, 2007.
28. O. Kömmerling and M. Kuhn, "Design principles for tamper-resistant smartcard processors," in USENIX workshop on Smartcard Technology - SmartCard'99, 1999, pp. 9-20.
29. S. M. Yen and M. Joye, "Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis," IEEE Trans. Computers, vol. 49, no. 9, pp. 967-970, 2000.
30. I. Biehl, B. Meyer, and V. Müller, "Differential Fault Attacks on Elliptic Curve Cryptosystems," in CRYPTO, vol. 1880. Springer, 2000, pp. 131-146.
31. M. Ciet and M. Joye, "Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults," Des. Codes Cryptography, vol. 36, no. 1, pp. 33-43, 2005.
32. P. Fouque, R. Lercier, D. Réal, and F. Valette, "Fault Attack on Elliptic Curve Montgomery Ladder Implementation," in Fifth International Workshop on Fault Diagnosis and Tolerance in Cryptography - FDTC, 2008, pp. 92-98.
33. J. Blömer, M. Otto, and J.-P. Seifert, "Sign Change Fault Attacks on Elliptic Curve Cryptosystems," in Fault Diagnosis and Tolerance in Cryptography(FDTC), LNCS 4236. Springer, 2006, pp. 36-52.
34. S.-M. Yen, L.-C. Ko, S.-J. Moon, and J. Ha, "Relative Doubling Attack Against Montgomery Ladder," in Information Security and Cryptology, ICISC, 2005.
35. A. Dominguez-Oviedo, "On Fault-based Attacks and Countermeasures for Elliptic Curve Cryptosystems," Ph.D. dissertation, University of Waterloo, Canada, 2008.
36. C. D. Walter, "Simple Power Analysis of Unified Code for ECC Double and Add," in Cryptographic Hardware and Embedded Systems - CHES, ser. LNCS, vol. 3156. Springer, 2004, pp. 191-204.
37. D. Stebila and N. Thériault, "Unified Point Addition Formulæ and Side-Channel Attacks," in Cryptographic Hardware and Embedded Systems - CHES, ser. LNCS, vol. 4249. Springer, 2006, pp. 354-368.
38. T. Izu and T. Takagi, "Exceptional procedure attack on elliptic curve cryptosystems," in Public Key Cryptography, PKC, ser. LNCS, vol. 2567, 2003, pp. 224-239.
39. J. Ha, J. Park, S. Moon, and S. Yen, "Provably Secure Countermeasure Resistant to Several Types of Power Attack for ECC," in Information Security Applications (WISA), vol. 4867. Springer, 2007, pp. 333-344.
40. Y.-J. Baek and I. Vasyltsov, "How to prevent dpa and fault attack in a unified way for ecc scalar multiplication c ring extension method," in Information Security Practice and Experience(ISPEC2007), LNCS 4464. Springer, 2007, pp. 225-237.
41. M. Joye, "On the security of a unified countermeasure," in FDTC '08: Proceedings of the 5th Workshop on Fault Diagnosis and Tolerance in Cryptography. IEEE Computer Society, 2008, pp. 87-91.
42. X. Guo, J. Fan, P. Schaumont, and I. Verbauwhede, "Programmable and Parallel ECC Coprocessor Architecture: Tradeoffs between Area, Speed and Security," in Cryptographic Hardware and Embedded Systems - CHES, ser. LNCS. Springer, 2009, pp. 289-303.