Survey for Performance & Security Problems of Passive Side-channel Attacks Countermeasures in ECC

The main objective of the Internet of Things is to interconnect everything around us to obtain information which was unavailable to us before, thus enabling us to make better decisions. This interconnection of things involves security issues for any Internet of Things key technology. Here we focus on elliptic curve cryptography (ECC) for embedded devices, which offers a high degree of security, compared to other encryption mechanisms. However, ECC also has security issues, such as Side-Channel Attacks (SCA), which are a growing threat in the implementation of cryptographic devices. This paper analyze the state-of-the-art of several proposals of algorithmic countermeasures to prevent passive SCA on ECC defined over prime fields. This work evaluates the trade-offs between security and the performance of side-channel attack countermeasures for scalar multiplication algorithms without precomputation, i.e. for variable base point. Although a number of results are required to study the state-of-the-art of side-channel attack in elliptic curve cryptosystems, the interest of this work is to present explicit solutions that may be used for the future implementation of security mechanisms suitable for embedded devices applied to Internet of Things. In addition security problems for the countermeasures are also analyzed.

[1]  Erick Nascimento,et al.  Attacking Embedded ECC Implementations Through cmov Side Channels , 2016, SAC.

[2]  JaeCheol Ha,et al.  An Improved and Efficient Countermeasure against Power Analysis Attacks , 2005, IACR Cryptol. ePrint Arch..

[3]  Christof Paar,et al.  A New Class of Collision Attacks and Its Application to DES , 2003, FSE.

[4]  Nigel P. Smart,et al.  The Hessian Form of an Elliptic Curve , 2001, CHES.

[5]  Kouichi Itoh,et al.  A Practical Countermeasure against Address-Bit Differential Power Analysis , 2003, CHES.

[6]  Ed Dawson,et al.  New Formulae for Efficient Elliptic Curve Arithmetic , 2007, INDOCRYPT.

[7]  Marc Joye,et al.  Highly Regular Right-to-Left Algorithms for Scalar Multiplication , 2007, CHES.

[8]  N. Koblitz Elliptic curve cryptosystems , 1987 .

[9]  C. D. Walter,et al.  Sliding Windows Succumbs to Big Mac Attack , 2001, CHES.

[10]  Stefan Mangard,et al.  Power Analysis Attacks and Countermeasures , 2007, IEEE Design & Test of Computers.

[11]  Marc Joye,et al.  Fault Analysis in Cryptography , 2012, Information Security and Cryptography.

[12]  Tsuyoshi Takagi,et al.  On the Optimal Parameter Choice for Elliptic Curve Cryptosystems Using Isogeny , 2004, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[13]  Chik How Tan,et al.  Randomizing the Montgomery Powering Ladder , 2015, IACR Cryptol. ePrint Arch..

[14]  Benoit Feix,et al.  Passive and Active Combined Attacks: Combining Fault Attacks and Side Channel Analysis , 2007, Workshop on Fault Diagnosis and Tolerance in Cryptography (FDTC 2007).

[15]  Marc Joye,et al.  Checking Before Output May Not Be Enough Against Fault-Based Cryptanalysis , 2000, IEEE Trans. Computers.

[16]  Benoît Chevallier-Mames,et al.  Self-Randomized Exponentiation Algorithms , 2004, CT-RSA.

[17]  Bart Preneel,et al.  Mutual Information Analysis , 2008, CHES.

[18]  Kouichi Itoh,et al.  Address-Bit Differential Power Analysis of Cryptographic Schemes OK-ECDH and OK-ECDSA , 2002, CHES.

[19]  Marc Joye,et al.  Weierstraß Elliptic Curves and Side-Channel Attacks , 2002, Public Key Cryptography.

[20]  L. Washington Elliptic Curves: Number Theory and Cryptography , 2003 .

[21]  Kouichi Sakurai,et al.  Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack , 2000, INDOCRYPT.

[22]  Fengqi Yu,et al.  Countermeasure of ECC against Side-Channel Attacks: Balanced Point Addition and Point Doubling Operation Procedure , 2009, 2009 Asia-Pacific Conference on Information Processing.

[23]  Nigel P. Smart,et al.  An Analysis of Goubin's Refined Power Analysis Attack , 2003, CHES.

[24]  Ricardo Dahab,et al.  Fast Multiplication on Elliptic Curves over GF(2m) without Precomputation , 1999, CHES.

[25]  Hui Lin,et al.  Implementation of a resource-constrained ECC processor with power analysis countermeasure , 2016, 2016 IEEE Asia Pacific Conference on Circuits and Systems (APCCAS).

[26]  Sylvain Duquesne,et al.  Improving the arithmetic of elliptic curves in the Jacobi model , 2007, Inf. Process. Lett..

[27]  David Naccache,et al.  Improving the Big Mac Attack on Elliptic Curve Cryptography , 2015, The New Codebreakers.

[28]  Frédéric Valette,et al.  The Doubling Attack - Why Upwards Is Better than Downwards , 2003, CHES.

[29]  JaeCheol Ha,et al.  Power Analysis by Exploiting Chosen Message and Internal Collisions - Vulnerability of Checking Mechanism for RSA-Decryption , 2005, Mycrypt.

[30]  Michael Tunstall,et al.  Exploiting Collisions in Addition Chain-Based Exponentiation Algorithms Using a Single Trace , 2015, CT-RSA.

[31]  Debdeep Mukhopadhyay,et al.  Inner collisions in ECC: Vulnerabilities of complete addition formulas for NIST curves , 2016, 2016 IEEE Asian Hardware-Oriented Security and Trust (AsianHOST).

[32]  Denis Réal,et al.  Fault Attack on Elliptic Curve Montgomery Ladder Implementation , 2008, 2008 5th Workshop on Fault Diagnosis and Tolerance in Cryptography.

[33]  Adam Langley,et al.  Elliptic Curves for Security , 2016, RFC.

[34]  Ingrid Verbauwhede,et al.  An Updated Survey on Secure ECC Implementations: Attacks, Countermeasures and Cost , 2012, Cryptography and Security.

[35]  Patrick Schaumont,et al.  State-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures , 2010, 2010 IEEE International Symposium on Hardware-Oriented Security and Trust (HOST).

[36]  Marc Joye,et al.  (Virtually) Free Randomization Techniques for Elliptic Curve Cryptography , 2003, ICICS.

[37]  Ed Dawson,et al.  Twisted Edwards Curves Revisited , 2008, IACR Cryptol. ePrint Arch..

[38]  David Thomas,et al.  The Art in Computer Programming , 2001 .

[39]  Christophe Clavier,et al.  Improved Collision-Correlation Power Analysis on First Order Protected AES , 2011, CHES.

[40]  Bodo Möller,et al.  Securing Elliptic Curve Point Multiplication against Side-Channel Attacks , 2001, ISC.

[41]  Alfred Menezes,et al.  Guide to Elliptic Curve Cryptography , 2004, Springer Professional Computing.

[42]  Marc Joye,et al.  Protections against Differential Analysis for Elliptic Curve Cryptography , 2001, CHES.

[43]  Jean-Jacques Quisquater,et al.  ElectroMagnetic Analysis (EMA): Measures and Counter-Measures for Smart Cards , 2001, E-smart.

[44]  Nicolas Thériault,et al.  SPA Resistant Left-to-Right Integer Recodings , 2005, IACR Cryptol. ePrint Arch..

[45]  Marc Joye,et al.  Fast Point Multiplication on Elliptic Curves without Precomputation , 2008, WAIFI.

[46]  Hisayoshi Sato,et al.  Exact Analysis of Montgomery Multiplication , 2004, INDOCRYPT.

[47]  Julien Francq,et al.  Conception et sécurisation d'unités arithmétiques hautes performances pour courbes elliptiques. (Design and Securization of High-Performance Arithmetic Units for ECC) , 2009 .

[48]  Marc Joye,et al.  The Montgomery Powering Ladder , 2002, CHES.

[49]  Jacques Stern,et al.  Projective Coordinates Leak , 2004, EUROCRYPT.

[50]  Christof Paar,et al.  Microcontrollers as (In)Security Devices for Pervasive Computing Applications , 2014, Proceedings of the IEEE.

[51]  Jean-Pierre Seifert,et al.  Parallel scalar multiplication on general elliptic curves over Fp hedged against Non-Differential Side-Channel Attacks , 2002, IACR Cryptol. ePrint Arch..

[52]  Atsuko Miyaji,et al.  Secure Elliptic Curve Exponentiation against RPA, ZRA, DPA, and SPA , 2006, IEICE Trans. Fundam. Electron. Commun. Comput. Sci..

[53]  Christophe Clavier,et al.  Horizontal Correlation Analysis on Exponentiation , 2010, ICICS.

[54]  Marc Joye,et al.  Efficient Arithmetic on Hessian Curves , 2010, Public Key Cryptography.

[55]  David Naccache,et al.  A synthesis of side-channel attacks on elliptic curve cryptography in smart-cards , 2013, Journal of Cryptographic Engineering.

[56]  Seungjoo Kim,et al.  A Countermeasure against One Physical Cryptanalysis May Benefit Another Attack , 2001, ICISC.

[57]  P. L. Montgomery Speeding the Pollard and elliptic curve methods of factorization , 1987 .

[58]  Alexandre Venelli,et al.  Contribution à la sécurite physique des cryptosystèmes embarqués , 2011 .

[59]  Laurent Imbert,et al.  Leak Resistant Arithmetic , 2004, CHES.

[60]  Josep M. Miret,et al.  On Avoiding ZVP-Attacks Using Isogeny Volcanoes , 2009, WISA.

[61]  Kazuo Ohta,et al.  Improved countermeasure against Address-bit DPA for ECC scalar multiplication , 2010, 2010 Design, Automation & Test in Europe Conference & Exhibition (DATE 2010).

[62]  Marc Joye,et al.  Scalar multiplication on Weierstraß elliptic curves from Co-Z arithmetic , 2011, Journal of Cryptographic Engineering.

[63]  Vincent Verneuil,et al.  Elliptic curve cryptography and security of embedded devices. (Cryptographie à base de courbes elliptiques et sécurité de composants embarqués) , 2012 .

[64]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[65]  Craig Costello,et al.  Complete Addition Formulas for Prime Order Elliptic Curves , 2016, EUROCRYPT.

[66]  Erich Wenger,et al.  An 8-bit AVR-Based Elliptic Curve Cryptographic RISC Processor for the Internet of Things , 2012, 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops.

[67]  Marc Joye,et al.  Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity , 2004, IEEE Transactions on Computers.

[68]  Mehdi Tibouchi,et al.  Huff's Model for Elliptic Curves , 2010, ANTS.

[69]  Christophe Clavier,et al.  Correlation Power Analysis with a Leakage Model , 2004, CHES.

[70]  Tanja Lange,et al.  Handbook of Elliptic and Hyperelliptic Curve Cryptography , 2005 .

[71]  Benedikt Heinz,et al.  Strengths and Limitations of High-Resolution Electromagnetic Field Measurements for Side-Channel Analysis , 2012, CARDIS.

[72]  Georg Sigl,et al.  Improving Non-profiled Attacks on Exponentiations Based on Clustering and Extracting Leakage from Multi-channel High-Resolution EM Measurements , 2015, COSADE.

[73]  Tanja Lange,et al.  Twisted Edwards Curves , 2008, AFRICACRYPT.

[74]  Elena Trichina,et al.  Implementation of Elliptic Curve Cryptography with Built-In Counter Measures against Side Channel Attacks , 2002, CHES.

[75]  Tsuyoshi Takagi,et al.  A Fast Parallel Elliptic Curve Multiplication Resistant against Side Channel Attacks , 2002, Public Key Cryptography.

[76]  Ingrid Verbauwhede,et al.  Low-cost fault detection method for ECC using Montgomery powering ladder , 2011, 2011 Design, Automation & Test in Europe.

[77]  R. K. Shyamasundar,et al.  Introduction to algorithms , 1996 .

[78]  Louis Goubin,et al.  A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems , 2003, Public Key Cryptography.

[79]  Tanja Lange,et al.  Faster Addition and Doubling on Elliptic Curves , 2007, ASIACRYPT.

[80]  Nele Mentens,et al.  Completing the Complete ECC Formulae with Countermeasures , 2017 .

[81]  Marc Joye,et al.  Hessian Elliptic Curves and Side-Channel Attacks , 2001, CHES.

[82]  Benedikt Heinz,et al.  Localized Electromagnetic Analysis of Cryptographic Implementations , 2012, CT-RSA.

[83]  Marc Joye,et al.  Coordinate Blinding over Large Prime Fields , 2010, CHES.

[84]  Stefan Mangard,et al.  Power analysis attacks - revealing the secrets of smart cards , 2007 .

[85]  Benoit Feix,et al.  Side-Channel Analysis on Blinded Regular Scalar Multiplications , 2014, INDOCRYPT.

[86]  Éliane Jaulmes,et al.  Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations , 2013, CT-RSA.

[87]  Ed Dawson,et al.  Jacobi Quartic Curves Revisited , 2009, ACISP.

[88]  P. Bahl,et al.  SSCH: slotted seeded channel hopping for capacity improvement in IEEE 802.11 ad-hoc wireless networks , 2004, MobiCom '04.

[89]  H. Edwards A normal form for elliptic curves , 2007 .

[90]  Christophe Clavier,et al.  Universal Exponentiation Algorithm , 2001, CHES.

[91]  Andreas Ibing,et al.  Clustering Algorithms for Non-profiled Single-Execution Attacks on Exponentiations , 2013, CARDIS.

[92]  Ingrid Verbauwhede,et al.  Partition vs. Comparison Side-Channel Distinguishers: An Empirical Evaluation of Statistical Tests for Univariate Side-Channel Attacks against Two Unprotected CMOS Devices , 2009, ICISC.

[93]  Frédéric Valette,et al.  High-Order Attacks Against the Exponent Splitting Protection , 2006, Public Key Cryptography.

[94]  Christophe Clavier,et al.  ROSETTA for Single Trace Analysis , 2012, INDOCRYPT.

[95]  Atsuko Miyaji,et al.  Efficient Countermeasures against RPA, DPA, and SPA , 2004, CHES.

[96]  Roberto Maria Avanzi,et al.  Combined Implementation Attack Resistant Exponentiation , 2010, LATINCRYPT.

[97]  Laurent Imbert,et al.  Attacking Randomized Exponentiations Using Unsupervised Learning , 2014, COSADE.

[98]  Victor S. Miller,et al.  Use of Elliptic Curves in Cryptography , 1985, CRYPTO.

[99]  Emmanuel Prouff,et al.  Theoretical and practical aspects of mutual information-based side channel analysis , 2010, Int. J. Appl. Cryptogr..

[100]  Benoit Feix,et al.  Distinguishing Multiplications from Squaring Operations , 2009, Selected Areas in Cryptography.

[101]  JaeCheol Ha,et al.  Relative Doubling Attack Against Montgomery Ladder , 2005, ICISC.

[102]  JaeCheol Ha,et al.  Provably Secure Countermeasure Resistant to Several Types of Power Attack for ECC , 2007, WISA.

[103]  Tsuyoshi Takagi,et al.  Exceptional Procedure Attack on Elliptic Curve Cryptosystems , 2003, Public Key Cryptography.

[104]  Athanasios V. Vasilakos,et al.  Security of the Internet of Things: perspectives and challenges , 2014, Wireless Networks.

[105]  Elisabeth Oswald,et al.  Randomised representations , 2008, IET Inf. Secur..

[106]  Rodrigo Abarzúa,et al.  Complete Atomic Blocks for Elliptic Curves in Jacobian Coordinates over Prime Fields , 2012, LATINCRYPT.

[107]  Paul C. Kocher,et al.  Differential Power Analysis , 1999, CRYPTO.

[108]  Marc Joye,et al.  The Jacobi Model of an Elliptic Curve and Side-Channel Analysis , 2003, AAECC.

[109]  C. D. Walter,et al.  Simple Power Analysis of Unified Code for ECC Double and Add , 2004, CHES.

[110]  Cédric Murdica,et al.  Physical security of elliptic curve cryptography , 2014 .

[111]  Nevine Maurice Ebeid Key Randomization Countermeasures to Power Analysis Attacks on Elliptic Curve Cryptosystems , 2007 .

[112]  Nicolas Thériault,et al.  Unified Point Addition Formulæ and Side-Channel Attacks , 2006, CHES.

[113]  Nigel P. Smart,et al.  Preventing SPA/DPA in ECC Systems Using the Jacobi Form , 2001, CHES.

[114]  Denis Réal,et al.  The Carry Leakage on the Randomized Exponent Countermeasure , 2008, CHES.

[115]  Zhimin Zhang,et al.  A New SPA Attack on ECC with Regular Point Multiplication , 2015, 2015 11th International Conference on Computational Intelligence and Security (CIS).

[116]  Roberto Maria Avanzi,et al.  Side Channel Attacks on Implementations of Curve-Based Cryptographic Primitives , 2005, IACR Cryptol. ePrint Arch..

[117]  Tanja Lange,et al.  Inverted Edwards Coordinates , 2007, AAECC.

[118]  David Naccache,et al.  Same Values Power Analysis Using Special Points on Elliptic Curves , 2012, COSADE.

[119]  Tsuyoshi Takagi,et al.  Zero-Value Point Attacks on Elliptic Curve Cryptosystem , 2003, ISC.

[120]  Patrick Longa,et al.  Fast and Flexible Elliptic Curve Point Arithmetic over Prime Fields , 2008, IEEE Transactions on Computers.

[121]  William P. Marnane,et al.  Using templates to distinguish multiplications from squaring operations , 2011, International Journal of Information Security.

[122]  Vincent Verneuil,et al.  Atomicity Improvement for Elliptic Curve Scalar Multiplication , 2010, CARDIS.