Advertisement

Fast Side-Channel Security Evaluation of ECC Implementations

Shortcut Formulas for Horizontal Side-Channel Attacks Against ECSM with the Montgomery Ladder
  • Melissa AzouaouiEmail author
  • Romain Poussier
  • François-Xavier Standaert
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11421)

Abstract

Horizontal attacks are a suitable tool to evaluate the (nearly) worst-case side-channel security level of ECC implementations, due to the fact that they allow extracting a large amount of information from physical observations. Motivated by the difficulty of mounting such attacks and inspired by evaluation strategies for the security of symmetric cryptography implementations, we derive shortcut formulas to estimate the success rate of horizontal differential power analysis attacks against ECSM implementations, for efficient side-channel security evaluations. We then discuss the additional leakage assumptions that we exploit for this purpose, and provide experimental confirmation that the proposed tools lead to good predictions of the attacks’ success.

Keywords

Elliptic Curve Cryptography (ECC) Side-channel attacks Side-channel security evaluations Horizontal Differential Power Analysis (HDPA) 

Notes

Acknowledgement

François-Xavier Standaert is a senior research associate of the Belgian Fund for Scientific Research. This work has been funded in part by the European Commission through the H2020 project 731591 (acronym REASSURE) and by the ERC Consolidator Grant 724725 (acronym SWORD). The authors would like to thank Vincent Verneuil for the valuable comments and the fruitful discussions.

Supplementary material

References

  1. 1.
  2. 2.
  3. 3.
    Bauer, A., Jaulmes, E., Prouff, E., Wild, J.: Horizontal and vertical side-channel attacks against secure RSA implementations. In: Dawson, E. (ed.) CT-RSA 2013. LNCS, vol. 7779, pp. 1–17. Springer, Heidelberg (2013).  https://doi.org/10.1007/978-3-642-36095-4_1CrossRefzbMATHGoogle Scholar
  4. 4.
    Bauer, A., Jaulmes, E., Prouff, E., Wild, J.: Horizontal collision correlation attack on elliptic curves. In: Lange, T., Lauter, K., Lisoněk, P. (eds.) SAC 2013. LNCS, vol. 8282, pp. 553–570. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-43414-7_28CrossRefGoogle Scholar
  5. 5.
    Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36400-5_3CrossRefGoogle Scholar
  6. 6.
    Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Horizontal correlation analysis on exponentiation. In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 46–61. Springer, Heidelberg (2010).  https://doi.org/10.1007/978-3-642-17650-0_5CrossRefGoogle Scholar
  7. 7.
    Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48059-5_25CrossRefGoogle Scholar
  8. 8.
    Ding, A.A., Zhang, L., Fei, Y., Luo, P.: A statistical model for higher order DPA on masked devices. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 147–169. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44709-3_9CrossRefGoogle Scholar
  9. 9.
    Duc, A., Faust, S., Standaert, F.-X.: Making masking security proofs concrete - or how to evaluate the security of any leaking device. In: Oswald, E., Fischlin, M. (eds.) EUROCRYPT 2015. LNCS, vol. 9056, pp. 401–429. Springer, Heidelberg (2015).  https://doi.org/10.1007/978-3-662-46800-5_16CrossRefGoogle Scholar
  10. 10.
    Fei, Y., Luo, Q., Ding, A.A.: A statistical model for DPA with novel algorithmic confusion analysis. In: Prouff, E., Schaumont, P. (eds.) CHES 2012. LNCS, vol. 7428, pp. 233–250. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-33027-8_14CrossRefGoogle Scholar
  11. 11.
    Gérard, B., Standaert, F.-X.: Unified and optimized linear collision attacks and their application in a non-profiled setting: extended version. J. Cryptogr. Eng. 3(1), 45–58 (2013)CrossRefGoogle Scholar
  12. 12.
    Grosso, V., Standaert, F.-X.: Masking proofs are tight and how to exploit it in security evaluations. In: Nielsen, J.B., Rijmen, V. (eds.) EUROCRYPT 2018. LNCS, vol. 10821, pp. 385–412. Springer, Cham (2018).  https://doi.org/10.1007/978-3-319-78375-8_13CrossRefzbMATHGoogle Scholar
  13. 13.
    Joye, M., Tymen, C.: Protections against differential analysis for elliptic curve cryptography — an algebraic approach —. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 377–390. Springer, Heidelberg (2001).  https://doi.org/10.1007/3-540-44709-1_31CrossRefGoogle Scholar
  14. 14.
    Joye, M., Yen, S.-M.: The montgomery powering ladder. In: Kaliski, B.S., Koç, K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003).  https://doi.org/10.1007/3-540-36400-5_22CrossRefGoogle Scholar
  15. 15.
    Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999).  https://doi.org/10.1007/3-540-48405-1_25CrossRefGoogle Scholar
  16. 16.
    Kocher, P.C.: Timing attacks on implementations of diffie-hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) CRYPTO 1996. LNCS, vol. 1109, pp. 104–113. Springer, Heidelberg (1996).  https://doi.org/10.1007/3-540-68697-5_9CrossRefGoogle Scholar
  17. 17.
    Le, D.-P., Tan, C.H., Tunstall, M.: Randomizing the montgomery powering ladder. In: Akram, R.N., Jajodia, S. (eds.) WISTP 2015. LNCS, vol. 9311, pp. 169–184. Springer, Cham (2015).  https://doi.org/10.1007/978-3-319-24018-3_11CrossRefGoogle Scholar
  18. 18.
    Lomné, V., Prouff, E., Rivain, M., Roche, T., Thillard, A.: How to estimate the success rate of higher-order side-channel attacks. In: Batina, L., Robshaw, M. (eds.) CHES 2014. LNCS, vol. 8731, pp. 35–54. Springer, Heidelberg (2014).  https://doi.org/10.1007/978-3-662-44709-3_3CrossRefGoogle Scholar
  19. 19.
    Mangard, S., Oswald, E., Standaert, F.-X.: One for all - all for one: unifying standard differential power analysis attacks. IET Inf. Secur. 5(2), 100–110 (2011)CrossRefGoogle Scholar
  20. 20.
    Medwed, M., Oswald, E.: Template attacks on ECDSA. In: Chung, K.-I., Sohn, K., Yung, M. (eds.) WISA 2008. LNCS, vol. 5379, pp. 14–27. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-00306-6_2CrossRefGoogle Scholar
  21. 21.
    Poussier, R., Zhou, Y., Standaert, F.-X.: A systematic approach to the side-channel analysis of ECC implementations with worst-case horizontal attacks. In: Fischer, W., Homma, N. (eds.) CHES 2017. LNCS, vol. 10529, pp. 534–554. Springer, Cham (2017).  https://doi.org/10.1007/978-3-319-66787-4_26CrossRefGoogle Scholar
  22. 22.
    NIST FIPS PUB. 186–2: Digital signature standard (DSS). National Institute for Standards and Technology (2000)Google Scholar
  23. 23.
    Rivain, M.: On the exact success rate of side channel analysis in the gaussian model. In: Avanzi, R.M., Keliher, L., Sica, F. (eds.) SAC 2008. LNCS, vol. 5381, pp. 165–183. Springer, Heidelberg (2009).  https://doi.org/10.1007/978-3-642-04159-4_11CrossRefzbMATHGoogle Scholar
  24. 24.
    Schindler, W., Lemke, K., Paar, C.: A stochastic model for differential side channel cryptanalysis. In: Rao, J.R., Sunar, B. (eds.) CHES 2005. LNCS, vol. 3659, pp. 30–46. Springer, Heidelberg (2005).  https://doi.org/10.1007/11545262_3CrossRefGoogle Scholar
  25. 25.
    Wagner, M.: 700+ attacks published on smart cards: the need for a systematic counter strategy. In: Schindler, W., Huss, S.A. (eds.) COSADE 2012. LNCS, vol. 7275, pp. 33–38. Springer, Heidelberg (2012).  https://doi.org/10.1007/978-3-642-29912-4_3CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Melissa Azouaoui
    • 1
    • 2
    Email author
  • Romain Poussier
    • 3
  • François-Xavier Standaert
    • 1
  1. 1.Université Catholique de LouvainLouvain-la-NeuveBelgium
  2. 2.NXP SemiconductorsHamburgGermany
  3. 3.Temasek LaboratoriesNanyang Technological UniversitySingaporeSingapore

Personalised recommendations