Horizontal DPA Attacks against ECC: Impact of Implemented Field Multiplication Formula

Due to the nature of applications such as critical infrastructure and the Internet of Things etc. side channel analysis attacks are becoming a serious threat. Side channel analysis attacks take advantage from the fact that the behavior of crypto implementations can be observed and provides hints that simplify revealing keys. A new type of SCA are the so called horizontal SCAs. Well known randomization based countermeasures are effective means against vertical DPA attacks but they are not effective against horizontal DPA attacks. In this paper we investigate how the formula used to implement the multiplication of GF(2n)-elements influences the results of horizontal DPA attacks against a Montgomery kP- implementation. We implemented 5 designs with different partial multipliers, i.e. based on different multiplication formulae. We used two different technologies, i.e. a 130 and a 250 nm technology, to simulate power traces for our analysis. We show that the implemented multiplication formula influences the success of horizontal attacks significantly, but we also learned that its impact differs from technology to technology. Our analysis also reveals that the use of different multiplication formulae as the single countermeasure is not sufficient to protect cryptographic designs against horizontal DPA attacks.

[1]  Jean-Sébastien Coron,et al.  Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems , 1999, CHES.

[2]  Zoya Dyka,et al.  Increasing the Robustness of the Montgomery kP-Algorithm Against SCA by Modifying Its Initialization , 2016, SECITC.

[3]  Sorin A. Huss,et al.  A Reconfigurable System on Chip Implementation for Elliptic Curve Cryptography over GF(2n) , 2002, CHES.

[4]  Adi Shamir,et al.  Collision-Based Power Analysis of Modular Exponentiation Using Chosen-Message Pairs , 2008, CHES.

[5]  Robert H. Sloan,et al.  Power Analysis Attacks of Modular Exponentiation in Smartcards , 1999, CHES.

[6]  Zoya Dyka,et al.  Combining Multiplication Methods with Optimized Processing Sequence for Polynomial Multiplier in GF(2 k ) , 2011, WEWoRC.

[7]  Zoya Dyka,et al.  Area efficient hardware implementation of elliptic curve cryptography by iteratively applying Karatsuba's method , 2005, Design, Automation and Test in Europe.

[8]  Denis Réal,et al.  The Carry Leakage on the Randomized Exponent Countermeasure , 2008, CHES.

[9]  Joachim von zur Gathen,et al.  Efficient FPGA-Based Karatsuba Multipliers for Polynomials over F2 , 2005, Selected Areas in Cryptography.

[10]  Christophe Clavier,et al.  Horizontal Correlation Analysis on Exponentiation , 2010, ICICS.

[11]  Louis Goubin,et al.  A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems , 2003, Public Key Cryptography.

[12]  F. Madlener,et al.  Novel hardening techniques against differential power analysis for multiplication in GF(2n) , 2009, 2009 International Conference on Field-Programmable Technology.

[13]  Zoya Dyka,et al.  Evaluation of resistance of ECC designs protected by different randomization countermeasures against horizontal DPA attacks , 2017, 2017 IEEE East-West Design & Test Symposium (EWDTS).

[14]  Manfred Josef Aigner,et al.  Randomized Addition-Subtraction Chains as a Countermeasure against Power Attacks , 2001, CHES.

[15]  Zoya Dyka,et al.  Inherent Resistance of Efficient ECC Designs against SCA Attacks , 2016, 2016 8th IFIP International Conference on New Technologies, Mobility and Security (NTMS).

[16]  Alfred Menezes,et al.  Software Implementation of Elliptic Curve Cryptography over Binary Fields , 2000, CHES.

[17]  Frédéric Valette,et al.  The Doubling Attack - Why Upwards Is Better than Downwards , 2003, CHES.

[18]  Zoya Dyka,et al.  Towards Strong Security in Embedded and Pervasive Systems: Energy and Area Optimized Serial Polynomial Multipliers in GF(2k) , 2012, 2012 5th International Conference on New Technologies, Mobility and Security (NTMS).