Error-Detecting and Fault-Tolerant Structures for ECC

For constrained devices, elliptic curve cryptography (ECC) is an attractive choice because it achieves the same level of security with a much smaller key size in comparison with other schemes such as those that are based on integer factorization or discrete logarithm. For security reasons, especially to provide resistance against fault-based attacks, it is very important to verify the correctness of computations in ECC applications. In this report, fault-tolerant and error-detecting elliptic curve cryptosystems are considered. Error detection may be a sufficient countermeasure for many security applications. However, fault-tolerant characteristic enables a system to perform its normal operation in spite of faults. This will result in more reliable systems where faults may occur due to natural causes. For the purpose of detecting errors due to faults, a number of schemes based on the point-on-the-curve checking, time redundancy, and hardware redundancy are presented. A combination of the point-on-thecurve checking and time or hardware redundancy can be used for detecting errors with a very high probability during the computation of the elliptic curve scalar multiplication (ECSM). Additionally, we show that using dual modular redundancy (DMR) and the point-on-the-curve checking, it is possible to have a fault-tolerant structure for the ECSM. If certain conditions are met, this scheme is more efficient than others such as the well-known triple modular redundancy.

[1]  J. von Neumann,et al.  Probabilistic Logic and the Synthesis of Reliable Organisms from Unreliable Components , 1956 .

[2]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[3]  Gernot Metze,et al.  Fault Detection Capabilities of Alternating Logic , 1978, IEEE Transactions on Computers.

[4]  Janak H. Patel,et al.  Concurrent Error Detection in ALU's by Recomputing with Shifted Operands , 1982, IEEE Transactions on Computers.

[5]  Barry W. Johnson Fault-Tolerant Microprocessor-Based Systems , 1984, IEEE Micro.

[6]  T. Itoh,et al.  Effective recursive algorithm for computing multiplicative inverses in GF(2m) , 1988 .

[7]  Ricardo Dahab,et al.  Improved Algorithms for Elliptic Curve Arithmetic in GF(2n) , 1998, Selected Areas in Cryptography.

[8]  Ricardo Dahaby Improved Algorithms for Elliptic Curve Arithmetic in Gf(2 N ) Improved Algorithms for Elliptic Curve Arithmetic in Gf (2 N ) , 1998 .

[9]  P. Kocher,et al.  Differential power analysis, advances in cryptology-CRYPTO'99 , 1999 .

[10]  M. Anwar Hasan,et al.  Look-Up Table-Based Large Finite Field Multiplication in Memory Constrained Cryptosystems , 2000, IEEE Trans. Computers.

[11]  Bernd Meyer,et al.  Differential Fault Attacks on Elliptic Curve Cryptosystems , 2000, CRYPTO.

[12]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[13]  Seyed Ghassem Miremadi,et al.  Dependability analysis using a fault injection tool based on synthesizability of HDL models , 2003, Proceedings 18th IEEE Symposium on Defect and Fault Tolerance in VLSI Systems.

[14]  Alfred Menezes,et al.  Validation of Elliptic Curve Public Keys , 2003, Public Key Cryptography.

[15]  Marc Joye,et al.  Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults , 2005, Des. Codes Cryptogr..

[16]  L. Washington Elliptic Curves: Number Theory and Cryptography , 2003 .

[17]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[18]  Jonathan Lutz,et al.  High Performance Elliptic Curve Cryptographic Co-processor , 2007 .