Low-Resource and Fast Elliptic Curve Implementations over Binary Edwards Curves

Elliptic curve cryptography (ECC) is an ideal choice for low-resource applications because it provides the same level of security with smaller key sizes than other existing public key encryption schemes. For low-resource applications, designing efficient functional units for elliptic curve computations over binary fields results in an effective platform for an embedded co-processor. This thesis investigates co-processor designs for area-constrained devices. Particularly, we discuss an implementation utilizing state of the art binary Edwards curve equations over mixed point addition and doubling. The binary Edwards curve offers the security advantage that it is complete and is, therefore, immune to the exceptional points attack. In conjunction with Montgomery ladder, such a curve is naturally immune to most types of simple power and timing attacks. Finite field operations were performed in the small and efficient Gaussian normal basis. The recently presented formulas for mixed point addition by K. Kim, C. Lee, and C. Negre at Indocrypt 2014 were found to be invalid, but were corrected such that the speed and register usage were maintained. We utilize corrected mixed point addition and doubling formulas to achieve a secure, but still fast implementation of a point multiplication on binary Edwards curves. Our synthesis results over NIST recommended fields for ECC indicate that the proposed co-processor requires about 50% fewer clock cycles for point multiplication and occupies a similar silicon area when compared to the most recent in literature

Side channel attack resistant elliptic curves cryptosystem on multi-cores for power efficiency

The Advent of multi-cores allows programs to be executed much faster than before. Cryptoalgorithms use long-bit words thus parallelizing these operations on multi-cores will achieve significant performance improvement. However, not all long-bit word operations in cryptosystems are suitable for parallel execution on multi-cores. In particular, long-bit words used in Elliptic Curves Cryptography (ECC) do not efficiently divide by the system word size. This causes some of the cores to be idle, which makes it vulnerable for attackers to guess how many operations occurred and thus what field size is being used. Multiplication is the most important part of public key cryptosystems. Long-bit word multiplication operations are needed for encryption and decryption. J. Fan et al. proposed using Montgomery multiplication on multi-cores using GF(2²⁵⁶) [25, 26], which is suitable for comput-er systems with 16-bit or 32-bit word size. Fan‟s Montgomery multiplication is suitable for most RSA. However, in ECC, some GFs will cause idle cores. For example, suppose GF(2¹³¹) is used (which is one of the recommended word size by NIST) on a quad-core with a 32-bit word size, which requires [132/32] =5 iterations with the last iteration requiring just a 3-bit operation. This cause three of the cores to be idle during this time causing needless power consumption. The most general and the easiest way to make side channel attacks difficult is to insert dummy instructions to cover the idle processors. However, dummy instructions result in extra workloads that lead to performance degradation and increases in power consumption. In this thesis, we will present a multiplier adjuster technique to improve the execution time and the power consumption for the last unbalanced iteration. By appropriately applying dummy instructions between point-addition and point-doubling operations, a balanced point operation can be achieved in ECC. The performance and power-efficiency of the proposed method on multi-cores are analyzed for each GF used in ECC

Fault attacks and countermeasures for elliptic curve cryptosystems

In this thesis we have developed a new algorithmic countermeasures that protect elliptic curve computation by protecting computation of the finite binary extension field, against fault attacks. Firstly, we have proposed schemes, i.e., a Chinese Remainder Theorem based fault tolerant computation in finite field for use in ECCs, as well as Lagrange Interpolation based fault tolerant computation. Our approach is based on the error correcting codes, i.e., redundant residue polynomial codes and the use of first original approach of Reed-Solomon codes. Computation of the field elements is decomposed into parallel, mutually independent, modular/identical channels, so that in case of faults at one channel, errors will not distribute to other channels. Based on these schemes we have developed new algorithms, namely fault tolerant residue representation modular multiplication algorithm and fault tolerant Lagrange representation modular multiplication algorithm, which are immune against error propagation under the fault models that we propose: Random Fault Model, Arbitrary Fault Model, and Single Bit Fault Model. These algorithms provide fault tolerant computation in GF (2k) for use in ECCs. Our new developed algorithms where inputs, i.e., field elements, are represented by the redundant residue representation/ redundant lagrange representation enables us to overcome the problem if during computation one, or both coordinates x, y GF (2k) of the point P E/GF (2k) /Fk are corrupted. We assume that during each run of an attacked algorithm, in one single attack, an adversary can apply any of the proposed fault models, i.e., either Random Fault Model, or Arbitrary Fault Model, or Single Bit Fault Model. In this way more channels can be targeted, i.e., different fault models can be used on different channels. Also, our proposed algorithms can have masked errors and will not be immune against attacks which can create those kind of errors, but it is a difficult problem to counter masked errors, since any anti-fault attack scheme will have some masked errors. Moreover, we have derived conditions that inflicted error needs to have in order to yield undetectable faulty point on non-supersingular elliptic curve over GF(2k). Our algorithmic countermeasures can be applied to any public key cryptosystem that performs computation over the finite field GF (2k)