On the security of some elliptic curve standards in the presence of random fault analysis attacks

Fault attacks are a type of physical attacks where an attacker injects faults to influence the cryptosystems. The attacker can exploit erroneous results, obtained after injecting the faults, to deduce secret keys. Various fault models are proposed, but random fault model remains the most realistic in the practice. In this paper, we show mathematically that current elliptic curve standards (e.g., NIST, Brainpool, ANSSI, and OSCCA) are vulnerable to random fault attacks, and an attacker has a high probability to succeed such attacks. In addition, we give a mathematical description of a parallelized random fault attack, including an implementation using PARI/GP system.

[1]  Jean-Pierre Seifert,et al.  Sign Change Fault Attacks on Elliptic Curve Cryptosystems , 2006, FDTC.

[2]  Benedikt Heinz,et al.  Localized Electromagnetic Analysis of Cryptographic Implementations , 2012, CT-RSA.

[3]  Joseph H. Silverman,et al.  The arithmetic of elliptic curves , 1986, Graduate texts in mathematics.

[4]  Elaine B. Barker,et al.  Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths , 2011 .

[5]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[6]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[7]  John M. Pollard,et al.  Kangaroos, Monopoly and Discrete Logarithms , 2015, Journal of Cryptology.

[8]  Elaine B. Barker,et al.  SP 800-131A. Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths , 2011 .

[9]  Hisayoshi Sato,et al.  Exact Analysis of Montgomery Multiplication , 2004, INDOCRYPT.

[10]  Dan Nichols,et al.  Public-key Cryptography and elliptic curves , 2015 .

[11]  Denis Réal,et al.  Fault Attack on Elliptic Curve Montgomery Ladder Implementation , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[12]  Bernd Meyer,et al.  Differential Fault Attacks on Elliptic Curve Cryptosystems , 2000, CRYPTO.

[13]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[14]  Louis Goubin,et al.  A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems , 2003, Public Key Cryptography.

[15]  Kazumaro Aoki,et al.  SEC X.2: Recommended Elliptic Curve Domain Parameters , 2008 .

[16]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[17]  P. Erdös,et al.  On a problem of Oppenheim concerning “factorisatio numerorum” , 1983 .

[18]  Martin E. Hellman,et al.  An improved algorithm for computing logarithms over GF(p) and its cryptographic significance (Corresp.) , 1978, IEEE Trans. Inf. Theory.

[19]  Johannes Merkle,et al.  Elliptic Curve Cryptography (ecc) Brainpool Standard Curves and Curve Generation , 2010 .

[20]  Alberto Battistello,et al.  Common Points on Elliptic Curves: The Achilles' Heel of Fault Attack Countermeasures , 2014, COSADE.