Algorithm-level Error Detection for ECSM

For some applications, elliptic curve cryptography (ECC) is an attractive choice because it achieves the same level of security with a much smaller key size in comparison with other schemes such as those that are based on integer factorization or discrete logarithm. Unfortunately, cryptosystems including those based on elliptic curves have been subject to attacks. For example, fault-based attacks have been shown to be a real threat in today’s cryptographic implementations. For security reasons, especially to provide resistance against fault-based attacks, it is very important to verify the correctness of computations in ECC applications. We deal with protections to fault attacks against ECSM at algorithm level. To this end, we use the concepts of point verification (PV) and coherency check (CC). We investigate the error detection coverage of PV and CC for the Montgomery ladder ECSM algorithm. Additionally, we propose two algorithms based on the double-and-add-always method that are resistant to the safe error (SE) attack. We demonstrate that one of these algorithms also resists the sign change fault (SCF) attack.

[1]  Alfred Menezes,et al.  Validation of Elliptic Curve Public Keys , 2003, Public Key Cryptography.

[2]  Wieland Fischer,et al.  Fault Attacks on RSA with CRT: Concrete Results and Practical Countermeasures , 2002, CHES.

[3]  Marc Joye,et al.  Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults , 2005, Des. Codes Cryptogr..

[4]  Kouichi Sakurai,et al.  Efficient Elliptic Curve Cryptosystems from a Scalar Multiplication Algorithm with Recovery of the y-Coordinate on a Montgomery-Form Elliptic Curve , 2001, CHES.

[5]  Israel Koren,et al.  Workshop on fault diagnosis and tolerance in cryptography , 2004, International Conference on Dependable Systems and Networks, 2004.

[6]  Paul C. Kocher,et al.  Timing Attacks on Implementations of Diffie-Hellman, RSA, DSS, and Other Systems , 1996, CRYPTO.

[7]  R. Wells Applied Coding and Information Theory for Engineers , 1998 .

[8]  Bernd Meyer,et al.  Differential Fault Attacks on Elliptic Curve Cryptosystems , 2000, CRYPTO.

[9]  Ricardo Dahab,et al.  Fast Multiplication on Elliptic Curves over GF(2m) without Precomputation , 1999, CHES.

[10]  Jean-Pierre Seifert,et al.  A new CRT-RSA algorithm secure against bellcore attacks , 2003, CCS '03.

[11]  Seungjoo Kim,et al.  RSA Speedup with Residue Number System Immune against Hardware Fault Cryptanalysis , 2001, ICISC.

[12]  Alfred Menezes,et al.  The Elliptic Curve Digital Signature Algorithm (ECDSA) , 2001, International Journal of Information Security.

[13]  Béla Ágai,et al.  CONDENSED 1,3,5-TRIAZEPINES - V THE SYNTHESIS OF PYRAZOLO [1,5-a] [1,3,5]-BENZOTRIAZEPINES , 1983 .

[14]  Christophe Giraud,et al.  An RSA Implementation Resistant to Fault Attacks and to Simple Power Analysis , 2006, IEEE Transactions on Computers.

[15]  David A. Wagner,et al.  Cryptanalysis of a provably secure CRT-RSA algorithm , 2004, CCS '04.

[16]  Alfred Menezes,et al.  Elliptic curve public key cryptosystems , 1993, The Kluwer international series in engineering and computer science.

[17]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[18]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[19]  Marc Joye,et al.  The Montgomery Powering Ladder , 2002, CHES.

[20]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[21]  M. Joye,et al.  Practical Fault Countermeasures for Chinese Remaindering Based RSA ( Extended Abstract ) , 2005 .

[22]  M. Anwar Hasan,et al.  Error Detection and Fault Tolerance in ECSM Using Input Randomization , 2009, IEEE Transactions on Dependable and Secure Computing.

[23]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[24]  Marc Joye,et al.  Weierstraß Elliptic Curves and Side-Channel Attacks , 2002, Public Key Cryptography.

[25]  Seungjoo Kim,et al.  A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack , 2001, ICISC.

[26]  Emmanuel Prouff,et al.  CRT RSA Algorithm Protected Against Fault Attacks , 2007, WISTP.

[27]  Bruce Schneier,et al.  Practical cryptography , 2003 .

[28]  Johannes Blömer,et al.  Wagner's Attack on a Secure CRT-RSA Algorithm Reconsidered , 2006, FDTC.

[29]  Markus G. Kuhn,et al.  Low Cost Attacks on Tamper Resistant Devices , 1997, Security Protocols Workshop.

[30]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[31]  I. Koren,et al.  Fault Diagnosis and Tolerance in Cryptography , 2006 .

[32]  Jean-Jacques Quisquater,et al.  Fault Attacks for CRT Based RSA: New Attacks, New Results, and New Countermeasures , 2007, WISTP.

[33]  Dakshi Agrawal,et al.  The EM Side-Channel(s) , 2002, CHES.

[34]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[35]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[36]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[37]  Shu Lin,et al.  Error Control Coding , 2004 .