Secure and Efficient RNS Approach for Elliptic Curve Cryptography

Scalar multiplication, the main operation in elliptic curve cryptographic protocols, is vulnerable to side-channel (SCA) and fault injection (FA) attacks. An efficient countermeasure for scalar multiplication can be provided by using alternative number systems like the Residue Number System (RNS). In RNS, a number is represented as a set of smaller numbers, where each one is the result of the modular reduction with a given moduli basis. Under certain requirements, a number can be uniquely transformed from the integers to the RNS domain (and vice versa) and all arithmetic operations can be performed in RNS. This representation provides an inherent SCA and FA resistance to many attacks and can be further enhanced by RNS arithmetic manipulation or more traditional algorithmic countermeasures. In this paper, extending our previous work, we explore the potentials of RNS as an SCA and FA countermeasure and provide an description of RNS based SCA and FA resistance means. We propose a secure and efficient Montgomery Power Ladder based scalar multiplication algorithm on RNS and discuss its SCAFA resistance. The proposed algorithm is implemented on an ARM Cortex A7 processor and its SCA-FA resistance is evaluated by collecting preliminary leakage trace results that validate our initial assumptions

Fault attacks on RSA and elliptic curve cryptosystems

This thesis answered how a fault attack targeting software used to program EEPROM can threaten hardware devices, for instance IoT devices. The successful fault attacks proposed in this thesis will certainly warn designers of hardware devices of the security risks their devices may face on the programming leve

FPGA IMPLEMENTATION FOR ELLIPTIC CURVE CRYPTOGRAPHY OVER BINARY EXTENSION FIELD

Elliptic curve cryptography plays a crucial role in network and communication security. However, implementation of elliptic curve cryptography, especially the implementation of scalar multiplication on an elliptic curve, faces multiple challenges. One of the main challenges is side channel attacks (SCAs). SCAs pose a real threat to the conventional implementations of scalar multiplication such as binary methods (also called doubling-and-add methods). Several scalar multiplication algorithms with countermeasures against side channel attacks have been proposed. Among them, Montgomery Powering Ladder (MPL) has been shown an effective countermeasure against simple power analysis. However, MPL is still vulnerable to certain more sophisticated side channel attacks. A recently proposed modified MPL utilizes a combination of sequence masking (SM), exponent splitting (ES) and point randomization (PR). And it has shown to be one of the best countermeasure algorithms that are immune to many sophisticated side channel attacks [11]. In this thesis, an efficient hardware architecture for this algorithm is proposed and its FPGA implementation is also presented. To our best knowledge, this is the first time that this modified MPL with SM, ES, and PR has been implemented in hardware

Generalised Mersenne Numbers Revisited

Generalised Mersenne Numbers (GMNs) were defined by Solinas in 1999 and feature in the NIST (FIPS 186-2) and SECG standards for use in elliptic curve cryptography. Their form is such that modular reduction is extremely efficient, thus making them an attractive choice for modular multiplication implementation. However, the issue of residue multiplication efficiency seems to have been overlooked. Asymptotically, using a cyclic rather than a linear convolution, residue multiplication modulo a Mersenne number is twice as fast as integer multiplication; this property does not hold for prime GMNs, unless they are of Mersenne's form. In this work we exploit an alternative generalisation of Mersenne numbers for which an analogue of the above property --- and hence the same efficiency ratio --- holds, even at bitlengths for which schoolbook multiplication is optimal, while also maintaining very efficient reduction. Moreover, our proposed primes are abundant at any bitlength, whereas GMNs are extremely rare. Our multiplication and reduction algorithms can also be easily parallelised, making our arithmetic particularly suitable for hardware implementation. Furthermore, the field representation we propose also naturally protects against side-channel attacks, including timing attacks, simple power analysis and differential power analysis, which is essential in many cryptographic scenarios, in constrast to GMNs.Comment: 32 pages. Accepted to Mathematics of Computatio

Efficient and Secure ECDSA Algorithm and its Applications: A Survey

Public-key cryptography algorithms, especially elliptic curve cryptography (ECC)and elliptic curve digital signature algorithm (ECDSA) have been attracting attention frommany researchers in different institutions because these algorithms provide security andhigh performance when being used in many areas such as electronic-healthcare, electronicbanking,electronic-commerce, electronic-vehicular, and electronic-governance. These algorithmsheighten security against various attacks and the same time improve performanceto obtain efficiencies (time, memory, reduced computation complexity, and energy saving)in an environment of constrained source and large systems. This paper presents detailedand a comprehensive survey of an update of the ECDSA algorithm in terms of performance,security, and applications

Crypto-test-lab for security validation of ECC co-processor test infrastructure

© 20xx IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting /republishing this material for advertising or promotional purposes, creating new collective works, for resale or redistribution to servers or lists, or reuse of any copyrighted component of this work in other worksElliptic Curve Cryptography (ECC) is a technology for public-key cryptography that is becoming increasingly popular because it provides greater speed and implementation compactness than other public-key technologies. Calculations, however, may not be executed by software, since it would be so time consuming, thus an ECC co-processor is commonly included to accelerate the speed. Test infrastructure in crypto co-processors is often avoided because it poses serious security holes against adversaries. However, ECC co-processors include complex modules for which only functional test methodologies are unsuitable, because they would take an unacceptably long time during the production test. Therefore, some internal test infrastructure is always included to permit the application of structural test techniques. Designing a secure test infrastructure is quite a complex task that relies on the designer's experience and on trial & error iterations over a series of different types of attacks. Most of the severe attacks cannot be simulated because of the demanding computational effort and the lack of proper attack models. Therefore, prototypes are prepared using FPGAs. In this paper, a Crypto-Test-Lab is presented that includes an ECC co-processor with flexible test infrastructure. Its purpose is to facilitate the design and validation of secure strategies for testing in this type of co-processor.Postprint (author's final draft

ASSESSING AND IMPROVING THE RELIABILITY AND SECURITY OF CIRCUITS AFFECTED BY NATURAL AND INTENTIONAL FAULTS

The reliability and security vulnerability of modern electronic systems have emerged as concerns due to the increasing natural and intentional interferences. Radiation of high-energy charged particles generated from space environment or packaging materials on the substrate of integrated circuits results in natural faults. As the technology scales down, factors such as critical charge, voltage supply, and frequency change tremendously that increase the sensitivity of integrated circuits to natural faults even for systems operating at sea level. An attacker is able to simulate the impact of natural faults and compromise the circuit or cause denial of service. Therefore, instead of utilizing different approaches to counteract the effect of natural and intentional faults, a unified countermeasure is introduced. The unified countermeasure thwarts the impact of both reliability and security threats without paying the price of more area overhead, power consumption, and required time. This thesis first proposes a systematic analysis method to assess the probability of natural faults propagating the circuit and eventually being latched. The second part of this work focuses on the methods to thwart the impact of intentional faults in cryptosystems. We exploit a power-based side-channel analysis method to analyze the effect of the existing fault detection methods for natural faults on fault attack. Countermeasures for different security threats on cryptosystems are investigated separately. Furthermore, a new micro-architecture is proposed to thwart the combination of fault attacks and side-channel attacks, reducing the fault bypass rate and slowing down the key retrieval speed. The third contribution of this thesis is a unified countermeasure to thwart the impact of both natural faults and attacks. The unified countermeasure utilizes dynamically alternated multiple generator polynomials for the cyclic redundancy check (CRC) codec to resist the reverse engineering attack

Methods increasing inherent resistance of ECC designs against horizontal attacks

Due to the nature of applications such as critical infrastructure and the Internet of Things etc. side channel analysis attacks are becoming a serious threat. Side channel analysis attacks take advantage from the fact that the behaviour of crypto implementations can be observed and provides hints that simplify revealing keys. A new type of SCA is the so called horizontal differential SCA. In this paper we investigate two different approaches to increase the inherent resistance of our hardware accelerator for the kP operation. The first approach aims at reducing the impact of the addressing in our design by realizing a regular schedule of the addressing. In the second approach, we investigated how the formula used to implement the multiplication of GF(2n)-elements influences the results of horizontal DPA attacks against a Montgomery kP-implementation. We implemented 5 designs with different partial multipliers, i.e. based on different multiplication formulae. We used two different technologies, i.e. a 130 and a 250 nm technology, to simulate power traces for our analysis. We show that the implemented multiplication formula influences the success of horizontal attacks significantly. The combination of these two approaches leads to the most resistant design. For the 250 nm technology only 2 key candidates could be revealed with a correctness of about 70% which is a huge improvement given the fact that for the original design 7 key candidates achieved a correctness of more than 90%. For our 130 nm technology no key candidate was revealed with a correctness of more than 60%