Efficient scalar multiplication against side channel attacks using new number representation

Elliptic curve cryptography (ECC) is probably the most popular public key systems nowadays. The classic algorithm for computation of elliptic curve scalar multiplication is Doubling-and-Add. However, it has been shown vulnerable to simple power analysis, which is a type of side channel attacks (SCAs). Among different types of attacks, SCAs are becoming the most important and practical threat to elliptic curve computation. Although Montgomery power ladder (MPL) has shown to be a good choice for scalar multiplication against simple power analysis, it is still subject to some advanced SCAs such like differential power analysis. In this thesis, a new number representation is firstly proposed, then several scalar multiplication algorithms using this new number system are presented. It has also been shown that the proposed algorithms outperform or comparable to the best of existing similar algorithms in terms of against side channel attacks and computational efficiency. Finally we extend both the new number system and the corresponding scalar multiplication algorithms to high radix cases

Fault attacks on RSA and elliptic curve cryptosystems

This thesis answered how a fault attack targeting software used to program EEPROM can threaten hardware devices, for instance IoT devices. The successful fault attacks proposed in this thesis will certainly warn designers of hardware devices of the security risks their devices may face on the programming leve

RSA Power Analysis Obfuscation: A Dynamic FPGA Architecture

The modular exponentiation operation used in popular public key encryption schemes, such as RSA, has been the focus of many side channel analysis (SCA) attacks in recent years. Current SCA attack countermeasures are largely static. Given sufficient signal-to-noise ratio and a number of power traces, static countermeasures can be defeated, as they merely attempt to hide the power consumption of the system under attack. This research develops a dynamic countermeasure which constantly varies the timing and power consumption of each operation, making correlation between traces more difficult than for static countermeasures. By randomizing the radix of encoding for Booth multiplication and randomizing the window size in exponentiation, this research produces a SCA countermeasure capable of increasing RSA SCA attack protection

A New Exponentiation Algorithm Resistant to Combined Side Channel Attack

Abstract Since two different types of side channel attacks based on passive information leakage and active fault injection are independently considered as implementation threats on cryptographic modules, most countermeasures have been separately developed according to each attack type. But then, Amiel et al. proposed a combined side channel attack in which an attacker combines these two methods to recover the secret key in an RSA implementation. In this paper, we show that the BNP (Boscher, Naciri, and Prouff) algorithm for RSA, which is an SPA/FA-resistant exponentiation method, is also vulnerable to the combined attack. In addition, we propose a new exponentiation algorithm resistant to power analysis and fault attack as well as the combined attack. The proposed secure exponentiation algorithm can be employed to strengthen the security of CRT-RSA

Algorithmic Countermeasures Against Fault Attacks and Power Analysis for RSA-CRT

In this work, we analyze all existing RSA-CRT countermeasures against the Bellcore attack that use binary self-secure exponentiation algorithms. We test their security against a powerful adversary by simulating fault injections in a fault model that includes random, zeroing, and skipping faults at all possible fault locations. We find that most of the countermeasures are vulnerable and do not provide sufficient security against all attacks in this fault model. After investigating how additional measures can be included to counter all possible fault injections, we present three countermeasures which prevent both power analysis and many kinds of fault attacks

FPGA IMPLEMENTATION FOR ELLIPTIC CURVE CRYPTOGRAPHY OVER BINARY EXTENSION FIELD

Elliptic curve cryptography plays a crucial role in network and communication security. However, implementation of elliptic curve cryptography, especially the implementation of scalar multiplication on an elliptic curve, faces multiple challenges. One of the main challenges is side channel attacks (SCAs). SCAs pose a real threat to the conventional implementations of scalar multiplication such as binary methods (also called doubling-and-add methods). Several scalar multiplication algorithms with countermeasures against side channel attacks have been proposed. Among them, Montgomery Powering Ladder (MPL) has been shown an effective countermeasure against simple power analysis. However, MPL is still vulnerable to certain more sophisticated side channel attacks. A recently proposed modified MPL utilizes a combination of sequence masking (SM), exponent splitting (ES) and point randomization (PR). And it has shown to be one of the best countermeasure algorithms that are immune to many sophisticated side channel attacks [11]. In this thesis, an efficient hardware architecture for this algorithm is proposed and its FPGA implementation is also presented. To our best knowledge, this is the first time that this modified MPL with SM, ES, and PR has been implemented in hardware

Highly secure cryptographic computations against side-channel attacks

Side channel attacks (SCAs) have been considered as great threats to modern cryptosystems, including RSA and elliptic curve public key cryptosystems. This is because the main computations involved in these systems, as the Modular Exponentiation (ME) in RSA and scalar multiplication (SM) in elliptic curve system, are potentially vulnerable to SCAs. Montgomery Powering Ladder (MPL) has been shown to be a good choice for ME and SM with counter-measures against certain side-channel attacks. However, recent research shows that MPL is still vulnerable to some advanced attacks [21, 30 and 34]. In this thesis, an improved sequence masking technique is proposed to enhance the MPL\u27s resistance towards Differential Power Analysis (DPA). Based on the new technique, a modified MPL with countermeasure in both data and computation sequence is developed and presented. Two efficient hardware architectures for original MPL algorithm are also presented by using binary and radix-4 representations, respectively

Semi-automatic ladderisation : improving code security through rewriting and dependent types

Funding: This work was generously supported by the EU Horizon 2020 project, TeamPlay (https://www.teamplay-h2020.eu), grant number 779882, and UK EPSRC, Energise, grant number EP/V006290/1.Cyber attacks become more and more prevalent every day.An arms race is thus engaged between cyber attacks and cyber defences.One type of cyber attack is known as a side channel attack, where attackers exploit information leakage from the physical execution of a program, e.g. timing or power leakage, to uncover secret information, such as encryption keys or other sensitive data. There have been various attempts at addressing the problem of side-channel attacks, often relying on various measures to decrease the discernibility of several code variants or code paths. Most techniques require a high-degree of expertise by the developer, who often employs ad hoc, hand-crafted code-patching in an attempt to make it more secure. In this paper, we take a different approach: building on the idea of ladderisation, inspired by Montgomery Ladders. We present a semi-automatic tool-supported technique, aimed at the non-specialised developer, which refactors (a class of) C programs into functionally (and even algorithmically) equivalent counterparts with improved security properties. Our approach provides refactorings that transform the source code into its ladderised equivalent, driven by an underlying verified rewrite system, based on dependent types. Our rewrite system automatically finds rewritings of selected C expressions, facilitating the production of their equivalent ladderised counterparts for a subset of C. Using our tool-supported technique, we demonstrate our approach on a number of representative examples from the cryptographic domain, showing increased security.Postprin

New Single-Trace Side-Channel Attacks on a Specific Class of Elgamal Cryptosystem

In 2005, Yen et al. proposed the first $N-1$ attack on the modular exponentiation algorithms such as BRIP and square-and-multiply-always methods. This attack makes use of the ciphertext $N-1$ as a distinguisher of low order to obtain a strong relation between side-channel leakages and secret exponent. The so-called $N-1$ attack is one of the most important order-2 element attacks, as it requires a non-adaptive chosen ciphertext which is considered as a more realistic attack model compared to adaptive chosen ciphertext scenario. To protect the implementation against $N-1$ attack, several literatures propose the simplest solution, i.e. \textquotedblleft block the special message $N-1$ . In this paper, we conduct an in-depth research on the $N-1$ attack based on the square-and-multiply-always (SMA) and Montgomery Ladder (ML) algorithms. We show that despite the unaccepted ciphertext $N-1$ countermeasure, other types of $N-1$ attacks is applicable to specific classes of Elgamal cryptosystems. We propose new chosen-message power-analysis attacks with order-4 elements which utilize a chosen ciphertext $c$ such that $c^2= -1 \bmod p$ where $p$ is the prime number used as a modulus in Elgamal. Such a ciphertext can be found simply when $p\equiv 1\mod 4$. We demonstrate that ML and SMA algorithms are subjected to our new $N-1$-type attack by utilizing a different ciphertext. We implement the proposed attacks on the TARGET Board of the ChipWhisperer CW1173 and our experiments validate the feasibility and effectiveness of the attacks by using only a single power trace