24 research outputs found
Post Quantum ECC on FPGA Platform
Post-quantum cryptography has gathered significant attention in recent times due to the NIST call for standardization of quantum resistant public key algorithms. In that context, supersingular isogeny based key exchange algorithm (SIKE) has emerged as a potential candidate to replace traditional public key algorithms like RSA and ECC. SIKE provides classical security and quantum security where is the characteristic of the underlying field. Additionally, SIKE has the smallest key sizes among all the post-quantum public algorithm, making it very suitable for bandwidth constrained environment. In this paper, we present an efficient implementation of SIKE protocol for FPGA based applications. The proposed architecture provides the same latency as that of the best existing implementation of SIKE protocol while consuming less DSPs and less block RAM resources. Thus, our design is substantially more efficient compared to that of existing implementations of SIKE
Exploiting the Order of Multiplier Operands: A Low Cost Approach for HCCA Resistance
Horizontal collision correlation analysis (HCCA) imposes a serious threat to simple power analysis resistant elliptic curve cryptosystems involving unified algorithms, for e.g. Edward curve unified formula. This attack can be mounted even in presence of differential power analysis resistant randomization schemes. In this paper we have designed an effective countermeasure for HCCA protection, where the dependency of side-channel leakage from a school-book multiplication with the underling multiplier operands is investigated. We have shown
how changing the sequence in which the operands are passed to the multiplication algorithm introduces dissimilarity in the information leakage. This disparity has been utilized in constructing a zero-cost countermeasure against HCCA. This countermeasure integrated with an effective randomization method has been shown to successfully thwart HCCA. Additionally we provide experimental validation for our proposed countermeasure technique on a SASEBO platform. To the best of our knowledge, this is the first time that asymmetry in information leakage has been utilized in designing a side channel countermeasure
ECC on Your Fingertips: A Single Instruction Approach for Lightweight ECC Design in GF (p)
Lightweight implementation of Elliptic Curve Cryptography
on FPGA has been a popular research topic due to the boom of ubiquitous computing. In this paper we propose a novel single instruction
based ultra-light ECC crypto-processor coupled with dedicated hard-IPs
of the FPGAs. We show that by using the proposed single instruction
framework and using the available block RAMs and DSPs of FPGAs,
we can design an ECC crypto-processor for NIST curve P-256, requiring
only 81 and 72 logic slices on Virtes-5 and Spartan-6 devices respectively.To the best of our knowledge, this is the first implementation of ECC which requires less than 100 slices on any FPGA device family
Using Tweaks To Design Fault Resistant Ciphers
Side channel analysis and active fault analysis are
now major threats to even mathematically robust cryptographic
algorithms that are otherwise resistant to classical cryptanalysis.
It is necessary to design suitable countermeasures to protect
cryptographic primitives against such attacks. This paper focuses
on designing encryption schemes that are innately secure against
fault analysis. The paper formally proves that one such design
strategy, namely the use of key-dependent SBoxes, is only
partially secure against DFA. The paper then examines the
fault tolerance of encryption schemes that use a key-independent
secret tweak value for randomization. In particular, the paper
focuses on a linear tweak based and a non-linear tweak based
version of a recently proposed block cipher DRECON. The paper
demonstrates that while both versions are secure against classical
DFA, the non-linear tweak based version provides greater fault
coverage against stronger fault models. This fact, together with
the DPA resistance provided by the use of variable S-Boxes,
makes DRECON a strong candidate for the design of secure
cryptographic primitives. All claims have been validated by
experimental results on a SASEBO GII platform
Side-Channel Watchdog: Run-Time Evaluation of Side-Channel Vulnerability in FPGA-Based Crypto-systems
Besides security against classical cryptanalysis, its important
for cryptographic implementations to have sufficient robustness against
side-channel attacks. Many countermeasures have been proposed to thwart
side channel attacks, especially power trace measurement based side
channel attacks. Additionally, researchers have proposed several evaluation
metrics to evaluate side channel security of crypto-system. However,
evaluation of any crypto-system is done during the testing phase and is
not part of the actual hardware. In our approach, we propose to implement
such evaluation metrics on-chip for run-time side channel vulnerability
estimation of a cryptosystem. The objective is to create a watchdog
on the hardware which will monitor the side channel leakage of the device,
and will alert the user if that leakage crosses a pre-determined threshold,
beyond which the system might be considered vulnerable. Once such
alert signal is activated, proactive countermeasures can be activated either
at the device level or at the protocol level, to prevent the impending
side channel attack. A FPGA based prototype designed by us show low
hardware overhead, and is an effective option that avoids the use of bulky
and inconvenient on-field measurement setup
Fault Template Attacks on Block Ciphers Exploiting Fault Propagation
Fault attacks (FA) are one of the potent practical threats to modern cryptographic implementations. Over the years the FA techniques have evolved, gradually moving towards the exploitation of device-centric properties of the faults. In this paper, we exploit the fact that activation and propagation of a fault through a given combinational circuit (i.e., observability of a fault) is data-dependent. Next, we show that this property of combinational circuits leads to powerful Fault Template
Attacks (FTA), even for implementations having dedicated protections against both power and fault-based vulnerabilities. The attacks found in this work are applicable even if the fault injection is made at the middle rounds of a block cipher, which are out of reach for most of the other existing fault analysis strategies. Quite evidently, they also work for a known-plaintext scenario. Moreover, the middle round attacks are entirely blind in the sense that no access to the ciphertexts (correct/faulty)
or plaintexts are required. The adversary is only assumed to have the power of repeating an unknown plaintext several times. Practical validation over a hardware implementation of SCA-FA protected PRESENT, and simulated evaluation on a public software implementation of protected AES prove the efficacy of the proposed attacks
Exploiting Safe Error based Leakage of RFID Authentication Protocol using Hardware Trojan Horse
Radio-Frequency Identification tags are used for several applications requiring authentication mechanisms, which if subverted can lead to dire consequences. Many of these devices are based on low-cost Integrated Circuits which are designed in off-shore fabrication facilities and thus raising concerns about their trust. Recently, a lightweight entity authentication protocol called LCMQ was proposed, which is based on Learning Parity with Noise, Circulant Matrix, and Multivariate Quadratic problems. This protocol was proven to be secure against Man-in-the-middle attack and cipher-text only attacks. In this paper, we show that in the standard setting, although the authentication uses two bit keys, and , knowledge of only is sufficient to forge the authentication. Based on this observation, we design a stealthy malicious modification to the circuitry based on the idea of Safe-errors to leak and thus can be used to forge the entire authentication mechanism. We develop a Field Programmable Gate Array prototype of the design which is extremely lightweight and can be implemented using four Lookup tables
Leak Me If You Can: Does TVLA Reveal Success Rate?
Test Vector Leakage Assessment Methodology (TVLA) has
emerged as a popular side-channel testing methodology as it can detect the presence of side-channel information in leakage measurements. However, in its current form, TVLA results cannot be used to quantify side-channel vulnerability. In this paper, we extend the TVLA testing beyond its current scope. Precisely, we derive concrete relationship between TVLA and signal to noise ratio (SNR). The linking of the two metrics, allows direct computation of success rate (SR) from TVLA, and thus unify
these popular side channel detection and evaluation metrics. This, to our knowledge, is the first work in this direction. An end-to-end methodology is proposed, which can be easily automated, to derive attack SR starting from TVLA testing. The proposed methodology can take leakage model as a input and report attack SR which is validated on simulated and practical measurements. Not to surprise, the methodology performs better when the leakage model is accurately profiled. The methodology, although still limited to first-order leakage, is also further extended to (first order)
multivariate setting