Sign Change Fault Attacks on Elliptic Curve Cryptosystems

We present a new type of fault attacks on elliptic curve scalar multiplications: Sign Change Attacks. These attacks exploit different number representations as they are often employed in modern cryptographic applications. Previously, fault attacks on elliptic curves aimed to force a device to output points which are on a cryptographically weak curve. Such attacks can easily be defended against. Our attack produces points which do not leave the curve and are not easily detected. The paper also presents a revised scalar multiplication algorithm that protects against Sign Change Attacks.

[1]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[2]  Paul Barrett,et al.  Implementing the Rivest Shamir and Adleman Public Key Encryption Algorithm on a Standard Digital Signal Processor , 1986, CRYPTO.

[3]  Martin Otto,et al.  Fault attacks and countermeasures , 2005 .

[4]  Markus G. Kuhn,et al.  Tamper resistance: a cautionary note , 1996 .

[5]  Andrew D. Booth,et al.  A SIGNED BINARY MULTIPLICATION TECHNIQUE , 1951 .

[6]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[7]  Marc Joye,et al.  Compact Encoding of Non-adjacent Forms with Applications to Elliptic Curve Cryptography , 2001, Public Key Cryptography.

[8]  Marc Joye,et al.  Optimal Left-to-Right Binary Signed-Digit Recoding , 2000, IEEE Trans. Computers.

[9]  H. W. Lenstra,et al.  Factoring integers with elliptic curves , 1987 .

[10]  Holger Sedlak,et al.  The RSA Cryptography Processor , 1987, EUROCRYPT.

[11]  M. Deuring Die Typen der Multiplikatorenringe elliptischer Funktionenkörper , 1941 .

[12]  Jean-Jacques Quisquater,et al.  CORSAIR: A SMART Card for Public Key Cryptosystems , 1990, CRYPTO.

[13]  Jean-Pierre Seifert,et al.  A new CRT-RSA algorithm secure against bellcore attacks , 2003, CCS '03.

[14]  Ross J. Anderson,et al.  Optical Fault Induction Attacks , 2002, CHES.

[15]  Tsuyoshi Takagi,et al.  SCA-Resistant and Fast Elliptic Scalar Multiplication Based on wNAF , 2004, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[16]  J. Olivos,et al.  Speeding up the computations on an elliptic curve using addition-subtraction chains , 1990, RAIRO Theor. Informatics Appl..

[17]  Joachim von zur Gathen,et al.  Modern Computer Algebra , 1998 .

[18]  M. Kuhn,et al.  The Advanced Computing Systems Association Design Principles for Tamper-resistant Smartcard Processors Design Principles for Tamper-resistant Smartcard Processors , 2022 .

[19]  Wieland Fischer,et al.  Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures , 2002, CHES.

[20]  R. Schoof Journal de Theorie des Nombres de Bordeaux 7 (1995), 219{254 , 2022 .

[21]  Atsuko Miyaji,et al.  Efficient Elliptic Curve Exponentiation Using Mixed Coordinates , 1998, ASIACRYPT.

[22]  R. Gregory Taylor,et al.  Modern computer algebra , 2002, SIGA.

[23]  Joe Kilian,et al.  Almost all primes can be quickly certified , 1986, STOC '86.

[24]  Tsuyoshi Takagi,et al.  Exceptional Procedure Attack on Elliptic Curve Cryptosystems , 2003, Public Key Cryptography.

[25]  O. L. Macsorley High-Speed Arithmetic in Binary Computers , 1961, Proceedings of the IRE.

[26]  Marc Joye,et al.  Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults , 2005, Des. Codes Cryptogr..

[27]  Neal Koblitz,et al.  Constructing Elliptic Curve Cryptosystems in Characteristic 2 , 1990, CRYPTO.

[28]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[29]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[30]  Seungjoo Kim,et al.  RSA Speedup with Chinese Remainder Theorem Immune against Hardware Fault Cryptanalysis , 2003, IEEE Trans. Computers.

[31]  Israel Koren Computer arithmetic algorithms , 1993 .

[32]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[33]  Marc Joye,et al.  Protections against Differential Analysis for Elliptic Curve Cryptography , 2001, CHES.

[34]  Helena Handschuh,et al.  Smart Card Crypto-Coprocessors for Public-Key Cryptography , 1998, CARDIS.

[35]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[36]  Bernd Meyer,et al.  Differential Fault Attacks on Elliptic Curve Cryptosystems , 2000, CRYPTO.

[37]  Shinichi Kawamura,et al.  A fast modular exponentiation algorithm , 1991 .

[38]  Nigel P. Smart,et al.  Advances in Elliptic Curve Cryptography (London Mathematical Society Lecture Note Series) , 2005 .

[39]  Joos Vandewalle,et al.  Hardware architectures for public key cryptography , 2003, Integr..

[40]  Marc Joye,et al.  The Montgomery Powering Ladder , 2002, CHES.

[41]  Joseph H. Silverman,et al.  The arithmetic of elliptic curves , 1986, Graduate texts in mathematics.