Completing the Complete ECC Formulae with Countermeasures

This work implements and evaluates the recent complete addition formulae for the prime order elliptic curves of Renes, Costello and Batina on an FPGA platform. We implement three different versions:(1) an unprotected architecture; (2) an architecture protected through coordinate randomization; and (3) an architecture with both coordinate randomization and scalar splitting in place. The evaluation is done through timing analysis and test vector leakage assessment (TVLA). The results show that applying an increasing level of countermeasures leads to an increasing resistance against side-channel attacks. This is the first work looking into side-channel security issues of hardware implementations of the complete formulae.

[1]  Reza Azarderakhsh,et al.  Four ℚ on FPGA: New Hardware Speed Records for Elliptic Curve Cryptography over Large Prime Characteristic Fields , 2016, CHES.

[2]  Thanos Stouraitis,et al.  Efficient RNS Implementation of Elliptic Curve Point Multiplication Over ${\rm GF}(p)$ , 2013, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[3]  Pankaj Rohatgi,et al.  Efficient Side­channel Testing for Public Key Algorithms: Rsa Case Study 2. Introduction , 2011 .

[4]  Debdeep Mukhopadhyay,et al.  Petrel: Power and Timing Attack Resistant Elliptic Curve Scalar Multiplier Based on Programmable ${\rm GF}(p)$ Arithmetic Unit , 2011, IEEE Transactions on Circuits and Systems I: Regular Papers.

[5]  Guilherme Perin,et al.  A Semi-Parametric Approach for Side-Channel Attacks on Protected RSA Implementations , 2015, CARDIS.

[6]  William P. Marnane,et al.  A Hardware Analysis of Twisted Edwards Curves for an Elliptic Curve Cryptosystem , 2009, ARC.

[7]  Michael Tunstall,et al.  Applying TVLA to Public Key Cryptographic Algorithms , 2016, IACR Cryptol. ePrint Arch..

[8]  Debdeep Mukhopadhyay,et al.  ECC on Your Fingertips: A Single Instruction Approach for Lightweight ECC Design in GF(p) , 2015, SAC.

[9]  Pankaj Rohatgi,et al.  Towards Sound Approaches to Counteract Power-Analysis Attacks , 1999, CRYPTO.

[10]  Tanja Lange,et al.  Faster Addition and Doubling on Elliptic Curves , 2007, ASIACRYPT.

[11]  C. Paar,et al.  Universal Exponentiation Algorithm – A First Step Towards Provable SPA-resistance – , 2001 .

[12]  Khaled Salah,et al.  Review of Elliptic Curve Cryptography processor designs , 2015, Microprocess. Microsystems.

[13]  Hamad Alrimeih,et al.  Fast and Flexible Hardware Support for ECC Over Multiple Standard Prime Fields , 2014, IEEE Transactions on Very Large Scale Integration (VLSI) Systems.

[14]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[15]  Peter Schwabe,et al.  Online template attacks , 2014, Journal of Cryptographic Engineering.

[16]  Tim Güneysu,et al.  Efficient Elliptic-Curve Cryptography Using Curve25519 on Reconfigurable Devices , 2014, ARC.

[17]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[18]  P. Rohatgi,et al.  A testing methodology for side channel resistance , 2011 .

[19]  Kouichi Itoh,et al.  A Practical Countermeasure against Address-Bit Differential Power Analysis , 2003, CHES.

[20]  Tibor Juhas The use of elliptic curves in cryptography , 2007 .

[21]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[22]  Marc Joye,et al.  The Montgomery Powering Ladder , 2002, CHES.

[23]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[24]  Nicolas Guillermin A high speed coprocessor for elliptic curve scalar multiplication over Fp , 2010 .

[25]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[26]  Hendra Guntur,et al.  Side-channel AttacK User Reference Architecture board SAKURA-G , 2014, 2014 IEEE 3rd Global Conference on Consumer Electronics (GCCE).

[27]  Craig Costello,et al.  Complete Addition Formulas for Prime Order Elliptic Curves , 2016, EUROCRYPT.

[28]  Ingrid Verbauwhede,et al.  A compact FPGA-based architecture for elliptic curve cryptography over prime fields , 2010, ASAP 2010 - 21st IEEE International Conference on Application-specific Systems, Architectures and Processors.

[29]  Tim Güneysu,et al.  MicroACP - A Fast and Secure Reconfigurable Asymmetric Crypto-Processor - -Overhead Evaluation of Side-Channel Countermeasures- , 2014, ARC.

[30]  Michael Tunstall,et al.  Exploiting Collisions in Addition Chain-Based Exponentiation Algorithms Using a Single Trace , 2015, CT-RSA.

[31]  Erick Nascimento,et al.  Attacking Embedded ECC Implementations Through cmov Side Channels , 2016, SAC.

[32]  Ingrid Verbauwhede,et al.  Side-channel aware design: algorithms and architectures for elliptic curve cryptography over GF(2/sup n/) , 2005, 2005 IEEE International Conference on Application-Specific Systems, Architecture Processors (ASAP'05).

[33]  Jasper G. J. van Woudenberg,et al.  Defeating RSA Multiply-Always and Message Blinding Countermeasures , 2011, CT-RSA.

[34]  Ricardo Dahab,et al.  Efficient and Secure Elliptic Curve Cryptography for 8-bit AVR Microcontrollers , 2015, SPACE.

[35]  C. D. Walter,et al.  Montgomery exponentiation needs no final subtractions , 1999 .

[36]  Nicolas Guillermin A High Speed Coprocessor for Elliptic Curve Scalar Multiplications over \mathbbFp\mathbb{F}_p , 2010, CHES.