Design of a secure architecture for scalar multiplication on elliptic curves

International audienceEmbedded systems support more and more features. Authentication and confidentiality are part of them. These systems have limitations that put the public-key RSA algorithm at a disadvantage: Elliptic curve cryptography (ECC) becomes more attractive because it requires less energy and less area. A lot of attacks exploit physical access on cryptographic hardware device: power analysis attacks (SPA, DPA), or timing analysis attacks. The coprocessor presented here supports all critical operations of an ECC cryptosystem and has been secured against side channel attacks

Randomized Windows for a Secure Crypto-Processor on Elliptic Curves

International audienceEmbedded systems are increasingly providing secure functionalities, which often rely on some dedicated hardware for symmetric and public-key cryptography. When resources are limited, elliptic curve cryptosystems (ECCs) may be chosen instead of the more widely known RSA, which needs much longer keys for the same security level. However, ECC may be vulnerable, as any other cryptographic implementation, to side channel analysis, which may reveal secret information by analyzing collateral sources of information, such as power consumption. Countermeasures must be thus adopted at the design level, in order to ensure robust and secure operation of the device. We propose here a new scalar multiplication algorithm on an elliptic curve, based on a novel randomized window method. This design is protected against side channel attacks (Timing, Simple and Differential Power Analysis) and it is implemented over prime fields, but it can be applied to binary fields as well. In order to evaluate this countermeasure, we provide its costs, and an estimation of the additional entropy added to the computation against side channels attacks

Characterization of AtMYB59 transcription factor

analysis of a transcription factor induced by cadmium and affecting plant developmen

Tuning of randomized windows against simple power analysis for scalar multiplication on elliptic curves

International audienceThe elliptic curve cryptography (ECC) is relevant in embedded systems, since it can provide an elevated level of security with keys much shorter than the current de-facto standard in public key cryptography, RSA. However, an implementation of ECC may leak information in side-channels (time of computation, power consumption ...). Thus, the operation that manipulates the secret key must be implemented with the goal of reducing such leakage. In this paper we focus on the simple power analysis (SPA) attack: this technique is based on identifying patterns in single power consumption trace that would allow obtaining the sequence of operations performed in the group (addition and doubling of points in the case of elliptic curves). SPA attacks target the scalar multiplication because this operation manipulates the secret key, which is used as the coefficient of the scalar multiplication. Windows methods can improve the performance and the security with respect to the simple Double and Add algorithm. On a Weierstrass curve, however, point operands of group operations cannot be the infinity point; therefore, empty windows (all bits equal to zero) can be still detected by an SPA attack. The leakage of critical data can be decreased by using windows of random width, and by inserting dummy group operations at random times in order to mask the size of windows. However, we show here that computing SPA on several scalar multiplications (using the same secret key and different points) still allows finding long sequences of zero bits in the secret key. We present here an experimental and statistical approach to quantify this attack, allowing the designer to tune the parameters of the scalar multiplication algorithm

An Elliptic Curve Crypto-Processor Secured by Randomized Windows

International audienceEmbedded systems are increasingly providing secure functionalities, which often rely on some dedicated hardware for symmetric and public-key cryptography. When resources are limited, elliptic curve cryptosystemsgraphy (ECC) (ECCs) may be chosen instead of the more widely known RSA, which needs much longer keys for the same security level. However, ECC may be vulnerable, as any other cryptographic implementation, to side channel analysis, which may reveal secret information by analyzing collateral sources of information, such as power consumption. Countermeasures must be thus adopted at the design level, in order to ensure robust and secure operation of the device. We propose here a new scalar multiplication algorithm on an elliptic curve, based on a novel randomized window method. This design is protected against side channel attacks (Timing, Simple and Differential Power Analysis) and it is implemented over prime fields, but it can be applied to binary fields as well. In order to evaluate this countermeasure, we provide its costs, and an estimation of the additional entropy added to the computation against side channels attacks

Drosophila suzukii and wine grapes: host suitability and other possible impacts

Drosophila suzukii is a global pest attacking various berry crops. D. suzukii lays eggs in damaged as well as in intact wine grape berries of the most soft-skinned varieties. Here we describe the relative host suitability of different wine grape cultivars (international and local), compared to other berry crops. Assessment has been performed both in the field and in the laboratory and results were correlated to the change in the surface penetration force and harvest time of the tested varieties. D. suzukii flies can be found feeding on damaged wine grapes during the harvest period, especially when the skins of berries are impacted by cracking, disease and bird damage. From the results of the present study, it is inconclusive that D. suzukii is a vector of Acetobacteria in wine grapes during the latter portion of the season. Further investigation of the interactions between D. suzukii and Acetobacteria would be necessary to determine whether increased levels of Acetobacteria due to D. suzukii activity levels will impact production cost and quality of high-value wine

Dummy operations in scalar multiplication over elliptic curves: a tradeoff between security and performance

International audienceA large number of embedded systems require a high level of security. Elliptic curve cryptography is well suited for these constrained environments, but some countermeasures must be implemented to prevent leakage of critical data through side-channel analyses. This work attempts to propose one such countermeasure, without affecting performance. A windowing approach at the scalar multiplication level saves time, which is then used to perturb the attacker by inserting dummy operations at random instants. To increase our power analysis protection, the length of the windows in the scalar partitioning is chosen randomly. Our countermeasure makes the simple power analysis attack ineffective; robustness against differential power analysis is also increased. In order to meet the target security level, performance, or area constraints, designers only need to choose the suitable parameters of the proposed protected scalar multiplication. A new attack based on pattern identif! ication on several power traces is also explored; this attack may be used against the proposed counter-measure but it is shown that with more dummy doublings the attack becomes ineffective with a small performance penalty

Local Clock Glitching Fault Injection with Application to the ASCON Cipher

International audienceLightweight ciphers such as ASCON facilitate ease of implementation as well as provide better performance over conventional ciphers, thus making it suitable for resource-constrained devices. However, hardware implementations of these ciphers are vulnerable to a multitude of physical attacks (such as fault injections) requiring dedicated countermeasures thus causing a negative impact on security, performance and power consumption. Modeling and understanding the impact of these attacks on cipher operations and end users is mandatory. Further, detection and mitigation of such fault injection attacks is challenging due to the interconnected nature of cipher design, coupled with the varying number of possible design choices and with the forced trade-offs that need to be done in order to implement expensive countermeasures at the lowest possible cost. In this work, we aim to model a fault injection attack on ASCON and analyze its impact on FPGA. In particular, we implement the ASCON cipher and propose a methodology for fault injection attacks using synchronous clock glitching by Digital Clock Manager (DCM) introducing a novel approach of locality, which can be exploited to emulate general delay faults on focused parts of the design, such those induced by pulsed EM injections