Evaluation of resistance of ECC designs protected by different randomization countermeasures against horizontal DPA attacks

Information and Communications Security

Kreiser

et al. 2018

Self Cite

Side channel analysis attacks, especially horizontal DPA and DEMA attacks, are significant threats for cryptographic designs. In this paper we investigate to which extend different multiplication formulae and randomization of the field multiplier increase the resistance of an ECC design against horizontal attacks. We implemented a randomized sequence of the calculation of partial products for the field multiplication in order to increase the security features of the field multiplier. Additionally, we use the partial polynomial multiplier itself as a kind of countermeasure against DPA attacks. We demonstrate that the implemented classical multiplication formula can increase the inherent resistance of the whole ECC design. We also investigate the impact of the combination of these two approaches. For the evaluation we synthesized all these designs for a 250 nm gate library technologies, and analysed the simulated power traces. All investigated protection means help to decrease the success rate of attacks significantly: the correctness of the revealed key was decreased from 99% to 69%.

Section: Contribution Of This Papermentioning

confidence: 94%

Section: Contribution Of This Papermentioning

confidence: 99%

Section: Contribution Of This Papermentioning

confidence: 99%

Section: Design With Randomized Sequence Of Pmsmentioning

confidence: 99%

See 2 more Smart Citations

Methods for Increasing the Resistance of Cryptographic Designs Against Horizontal DPA Attacks

Information and Communications Security

Kreiser

et al. 2018

Self Cite

“…Even if each key bit is processed using exactly the same operation sequence, the data dependability can result in a successfully revealed key if horizontal DPA attacks are applied [10]. Blinding of the elliptic curve (EC) point P or randomization of the projective coordinates of point P once at the beginning of the kP calculation do not provide protection against horizontal DPA attacks [11]. The randomization of the private key k does not hinder horizontal DPA attacks because the revealed randomized key can successfully be used instead of the real private key.…”

Section: Introductionmentioning

confidence: 99%

Horizontal DPA Attacks against ECC: Impact of Implemented Field Multiplication Formula

2019 14th International Conference on Design &Amp; Technology of Integrated Systems in Nanoscale Era (DTIS)

Klann

et al. 2019

Self Cite

Due to the nature of applications such as critical infrastructure and the Internet of Things etc. side channel analysis attacks are becoming a serious threat. Side channel analysis attacks take advantage from the fact that the behavior of crypto implementations can be observed and provides hints that simplify revealing keys. A new type of SCA are the so called horizontal SCAs. Well known randomization based countermeasures are effective means against vertical DPA attacks but they are not effective against horizontal DPA attacks. In this paper we investigate how the formula used to implement the multiplication of GF(2 n )-elements influences the results of horizontal DPA attacks against a Montgomery kPimplementation. We implemented 5 designs with different partial multipliers, i.e. based on different multiplication formulae. We used two different technologies, i.e. a 130 and a 250 nm technology, to simulate power traces for our analysis. We show that the implemented multiplication formula influences the success of horizontal attacks significantly, but we also learned that its impact differs from technology to technology. Our analysis also reveals that the use of different multiplication formulae as the single countermeasure is not sufficient to protect cryptographic designs against horizontal DPA attacks.

Horizontal Attacks Against ECC: From Simulations to ASIC

Lecture Notes in Computer Science

Klann

et al. 2020

Self Cite

In this paper we analyse the impact of different compile options on the success rate of side channel analysis attacks. We run horizontal differential side channel attacks against simulated power traces for the same kP design synthesized using two different compile options after synthesis and after layout. As we are interested in the effect on the produced ASIC we also run the same attack against measured power traces after manufacturing the ASIC. We found that the compile_ultra option reduces the success rate significantly from 5 key candidates with a correctness of between 75 and 90 per cent down to 3 key candidates with a maximum success rate of 72 per cent compared to the simple compile option. Also the success rate after layout shows a very high correlation with the one obtained attacking the measured power and electromagnetic traces, i.e. the simulations are a good indicator of the resistance of the ASIC.