5,540 research outputs found
Secure and Efficient RNS Approach for Elliptic Curve Cryptography
Scalar multiplication, the main operation in elliptic
curve cryptographic protocols, is vulnerable to side-channel
(SCA) and fault injection (FA) attacks. An efficient countermeasure
for scalar multiplication can be provided by using alternative
number systems like the Residue Number System (RNS). In RNS,
a number is represented as a set of smaller numbers, where each
one is the result of the modular reduction with a given moduli
basis. Under certain requirements, a number can be uniquely
transformed from the integers to the RNS domain (and vice
versa) and all arithmetic operations can be performed in RNS.
This representation provides an inherent SCA and FA resistance
to many attacks and can be further enhanced by RNS arithmetic
manipulation or more traditional algorithmic countermeasures.
In this paper, extending our previous work, we explore the
potentials of RNS as an SCA and FA countermeasure and provide
an description of RNS based SCA and FA resistance means. We
propose a secure and efficient Montgomery Power Ladder based
scalar multiplication algorithm on RNS and discuss its SCAFA
resistance. The proposed algorithm is implemented on an
ARM Cortex A7 processor and its SCA-FA resistance is evaluated
by collecting preliminary leakage trace results that validate our
initial assumptions
Combining leak--resistant arithmetic for elliptic curves defined over \F_p and RNS representation
In this paper we combine the residue number system (RNS) representation
and the leak-resistant arithmetic on elliptic curves. These two techniques are relevant for implementation of elliptic curve
cryptography on embedded devices.\\
% since they have leak-resistance properties.
It is well known that the RNS multiplication is very efficient whereas the reduction step is costly. Hence, we optimize formulae for basic operations arising in leak-resistant arithmetic on elliptic curves (unified addition, Montgomery ladder) in order to minimize the number of modular reductions. We also improve the complexity of the RNS modular reduction step. As a result, we show how to obtain a competitive secured implementation.\\
Finally, %we recall the main advantages of the RNS representation,
%especially in hardware and for embedded devices, and
we show that,
contrary to other approaches, ours takes optimally the advantage of a dedicated parallel
architecture
Residue Number System Hardware Emulator and Instructions Generator
Residue Number System (RNS) is an alternative
form of representing integers on which a large value gets
represented by a set of smaller and independent integers.
Cryptographic and signal filtering algorithms benefit from the
use of RNS, due to its capabilities to increase performance and
security. Herein, a simulation tool is presented which emulates
the hardware implementation of an actual RNS co-processor. An
“high-level to assembly” instructions generator is also built into
this tool. The programmability and scalable architecture of the
considered processor along with the high level description of the
algorithm allows researchers and developers to easily evaluate
and test their RNS algorithms on an actual architecture, using
Java
Formal Analysis of CRT-RSA Vigilant's Countermeasure Against the BellCoRe Attack: A Pledge for Formal Methods in the Field of Implementation Security
In our paper at PROOFS 2013, we formally studied a few known countermeasures
to protect CRT-RSA against the BellCoRe fault injection attack. However, we
left Vigilant's countermeasure and its alleged repaired version by Coron et al.
as future work, because the arithmetical framework of our tool was not
sufficiently powerful. In this paper we bridge this gap and then use the same
methodology to formally study both versions of the countermeasure. We obtain
surprising results, which we believe demonstrate the importance of formal
analysis in the field of implementation security. Indeed, the original version
of Vigilant's countermeasure is actually broken, but not as much as Coron et
al. thought it was. As a consequence, the repaired version they proposed can be
simplified. It can actually be simplified even further as two of the nine
modular verifications happen to be unnecessary. Fortunately, we could formally
prove the simplified repaired version to be resistant to the BellCoRe attack,
which was considered a "challenging issue" by the authors of the countermeasure
themselves.Comment: arXiv admin note: substantial text overlap with arXiv:1401.817
Implementing a protected zone in a reconfigurable processor for isolated execution of cryptographic algorithms
We design and realize a protected zone inside a reconfigurable and extensible embedded RISC processor for isolated execution of cryptographic algorithms. The protected zone is a collection of processor subsystems such as functional units optimized for high-speed execution of integer operations, a small amount of local memory, and general and special-purpose registers. We outline the principles for secure software implementation of cryptographic algorithms
in a processor equipped with the protected zone. We also demonstrate the efficiency and effectiveness of the protected zone by implementing major cryptographic algorithms, namely RSA, elliptic curve cryptography, and AES in the protected zone. In terms of time efficiency, software implementations
of these three cryptographic algorithms outperform equivalent software implementations on similar processors reported in the literature. The protected zone is designed in such a modular fashion that it can easily be integrated into any RISC processor; its area overhead is considerably moderate in the sense that
it can be used in vast majority of embedded processors. The protected zone can also provide the necessary support to implement TPM functionality within the boundary of a processor
- …