Error Detection for Borrow-Save Adders Dedicated to ECC Unit

Differential Fault Analysis (DFA) is a real threat for elliptic curve cryptosystems. This paper describes an elliptic curve cryptoprocessor unit resistant against fault injection. This resistance is provided by the use of parity preserving logic gates in the operating structure of the ECC unit, which is based on borrow-save adders. The proposed countermeasure provides a high coverage fault detection and induces an acceptable area overhead (+ 38 %).

[1]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[2]  Marc Joye,et al.  Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults , 2005, Des. Codes Cryptogr..

[3]  Brant C. White,et al.  United States patent , 1985 .

[4]  Shuzo Yajima,et al.  Modular Multiplication Hardware Algorithms with a Redundant Representation and Their Application to RSA Cryptosystem , 1992, IEEE Trans. Computers.

[5]  Nicolas Thériault,et al.  Unified Point Addition Formulæ and Side-Channel Attacks , 2006, CHES.

[6]  Marc Joye,et al.  Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity , 2004, IEEE Transactions on Computers.

[7]  Marc Joye,et al.  Weierstraß Elliptic Curves and Side-Channel Attacks , 2002, Public Key Cryptography.

[8]  Siva Sai Yerubandi,et al.  Differential Power Analysis , 2002 .

[9]  T. Toffoli,et al.  Conservative logic , 2002, Collision-Based Computing.

[10]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[11]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[12]  Seungjoo Kim,et al.  RSA Speedup with Chinese Remainder Theorem Immune against Hardware Fault Cryptanalysis , 2003, IEEE Trans. Computers.

[13]  David Naccache,et al.  The Sorcerer's Apprentice Guide to Fault Attacks , 2006, Proceedings of the IEEE.

[14]  Bernd Meyer,et al.  Differential Fault Attacks on Elliptic Curve Cryptosystems , 2000, CRYPTO.

[15]  P. L. Montgomery Modular multiplication without trial division , 1985 .

[16]  Jean-Pierre Seifert,et al.  Sign Change Fault Attacks on Elliptic Curve Cryptosystems , 2006, FDTC.

[17]  Jean-Michel Muller,et al.  JANUS, an on-line multiplier/divider for manipulating large numbers , 1989, Proceedings of 9th Symposium on Computer Arithmetic.

[18]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[19]  B. Parhami,et al.  Fault-Tolerant Reversible Circuits , 2006, 2006 Fortieth Asilomar Conference on Signals, Systems and Computers.

[20]  Marc Joye,et al.  Strengthening hardware AES implementations against fault attacks , 2007, IET Inf. Secur..