Breaking a fully Balanced ASIC Coprocessor Implementing Complete Addition Formulas on Weierstrass Elliptic Curves

In this paper we report on the results of selected horizontal SCA attacks against two open-source designs that implement hardware accelerators for elliptic curve cryptography. Both designs use the complete addition formula to make the point addition and point doubling operations indistinguishable. One of the designs uses in addition means to randomize the operation sequence as a countermeasure. We used the comparison to the mean and an automated SPA to attack both designs. Despite all these countermeasures, we were able to extract the keys processed with a correctness of 100%.

[1]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[2]  Kouichi Itoh,et al.  Address-Bit Differential Power Analysis of Cryptographic Schemes OK-ECDH and OK-ECDSA , 2002, CHES.

[3]  Zoya Dyka,et al.  Horizontal Attacks Against ECC: From Simulations to ASIC , 2019, IOSec/MSTEC/FINSEC@ESORICS.

[4]  Nele Mentens,et al.  Side-channel evaluation of FPGA implementations of binary Edwards curves , 2010, 2010 17th IEEE International Conference on Electronics, Circuits and Systems.

[5]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[6]  Nele Mentens,et al.  Design of a Fully Balanced ASIC Coprocessor Implementing Complete Addition Formulas on Weierstrass Elliptic Curves , 2018, 2018 21st Euromicro Conference on Digital System Design (DSD).

[7]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[8]  Tanja Lange,et al.  Faster Addition and Doubling on Elliptic Curves , 2007, ASIACRYPT.

[9]  Zoya Dyka,et al.  Horizontal address-bit DPA against montgomery kP implementation , 2017, 2017 International Conference on ReConFigurable Computing and FPGAs (ReConFig).

[10]  Nele Mentens,et al.  Completing the Complete ECC Formulae with Countermeasures , 2017 .

[11]  Bart Preneel,et al.  Power-Analysis Attacks on an FPGA - First Experimental Results , 2003, CHES.

[12]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[13]  Ian F. Blake,et al.  Elliptic curves in cryptography , 1999 .

[14]  Kazuhiro Yokoyama,et al.  Elliptic curve cryptosystem , 2000 .

[15]  Zoya Dyka,et al.  Resistance of the Montgomery kP Algorithm against Simple SCA: Theory and Practice , 2020, 2020 IEEE Latin-American Test Symposium (LATS).

[16]  Florent Bernard Scalable hardware implementing high-radix Montgomery multiplication algorithm , 2007, J. Syst. Archit..

[17]  Ricardo Dahab,et al.  Fast Multiplication on Elliptic Curves over GF(2m) without Precomputation , 1999, CHES.

[18]  Joos Vandewalle,et al.  Hardware implementation of a Montgomery modular multiplier in a systolic array , 2003, Proceedings International Parallel and Distributed Processing Symposium.

[19]  Craig Costello,et al.  Complete Addition Formulas for Prime Order Elliptic Curves , 2016, EUROCRYPT.

[20]  Khaled Salah,et al.  Review of Elliptic Curve Cryptography processor designs , 2015, Microprocess. Microsystems.

[21]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[22]  Kouichi Itoh,et al.  A Practical Countermeasure against Address-Bit Differential Power Analysis , 2003, CHES.

[23]  Ingrid Verbauwhede,et al.  Balanced point operations for side-channel protection of elliptic curve cryptography , 2005 .

[24]  Tanja Lange,et al.  Twisted Hessian Curves , 2015, LATINCRYPT.

[25]  C. D. Walter,et al.  Montgomery exponentiation needs no final subtractions , 1999 .

[26]  Tanja Lange,et al.  Twisted Edwards Curves , 2008, AFRICACRYPT.

[27]  Joost Renes,et al.  Implementing Complete Formulas on Weierstrass Curves in Hardware , 2016, SPACE.

[28]  Ingrid Verbauwhede,et al.  Small footprint ALU for public-key processors for pervasive security , 2006 .

[29]  Ingrid Verbauwhede,et al.  Efficient pipelining for modular multiplication architectures in prime fields , 2007, GLSVLSI '07.

[30]  Zoya Dyka,et al.  FPGA Implementation of ECC: Low-Cost Countermeasure against Horizontal Bus and Address-Bit SCA , 2018, 2018 International Conference on ReConFigurable Computing and FPGAs (ReConFig).