Horizontal Address-Bit DEMA against ECDSA

Kabin, Ievgen; Dyka, Zoya; Kreiser, Dan; Langendoerfer, Peter

doi:10.1109/ntms.2018.8328695

Cited by 18 publications

(7 citation statements)

References 19 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We are aware of some issues of the Montgomery ladder. It is vulnerable to the horizontal Address Bit attack which was presented in [3,16]. The main leakage source is the key dependent addressing of the registers in the algorithm.…”

Section: Discussionmentioning

confidence: 99%

“…The scalar k is a random number. This random number has to be kept secret [2], since otherwise the private key of the user applied for the signature generation can be easily calculated [3]. In ECDH-based protocols for one-side authentication, as for example in [4], the scalar k is the private key in the kP operation performed and has to be kept secret.…”

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Resistance of the Montgomery Ladder Against Simple SCA: Theory and Practice

et al. 2021

Self Cite

View full text Add to dashboard Cite

The Montgomery kP algorithm i.e. the Montgomery ladder is reported in literature as resistant against simple SCA due to the fact that the processing of each key bit value of the scalar k is done using the same sequence of operations. We implemented the Montgomery kP algorithm using Lopez-Dahab projective coordinates for the NIST elliptic curve B-233. We instantiated the same VHDL code for a wide range of clock frequencies for the same target FPGA and using the same compiler options. We measured electromagnetic traces of the kP executions using the same input data, i.e. scalar k and elliptic curve point P, and measurement setup. Additionally, we synthesized the same VHDL code for two IHP CMOS technologies, for a broad spectrum of frequencies. We simulated the power consumption of each synthesized design during an execution of the kP operation, always using the same scalar k and elliptic curve point P as inputs. Our experiments clearly show that the success of simple electromagnetic analysis attacks against FPGA implementations as well as the one of simple power analysis attacks against synthesized ASIC designs depends on the target frequency for which the design was implemented and at which it is executed significantly. In our experiments the scalar k was successfully revealed via simple visual inspection of the electromagnetic traces of the FPGA for frequencies from 40 to 100 MHz when standard compile options were used as well as from 50 MHz up to 240 MHz when performance optimizing compile options were used. We obtained similar results attacking the power traces simulated for the ASIC. Despite the significant differences of the here investigated technologies the designs’ resistance against the attacks performed is similar: only a few points in the traces represent strong leakage sources allowing to reveal the key at very low and very high frequencies. For the “middle” frequencies the number of points which allow to successfully reveal the key increases when increasing the frequency.

show abstract

Section: Discussionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Resistance of the Montgomery Ladder Against Simple SCA: Theory and Practice

et al. 2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…Practical examples of horizontal attacks against asymmetric cryptographic approaches such RSA or ECC are the SPA described in [7], simple electromagnetic analysis (SEMA) attacks e.g. [8], the Big Mac attack [9], the localized EMA attack [10], horizontal collision correlation analysis (HCCA) attacks [11]- [12] , horizontal DPA and DEMA attacks [13], [14]. Vertical attacks corresponding to the new classification are "more than one trace" attacks i.e.…”

Section: Background: Verical and Horizontal Attacksmentioning

confidence: 99%

Horizontal Attacks Against ECC: From Simulations to ASIC

Kabin

Dyka

Klann

et al. 2020

Lecture Notes in Computer Science

Self Cite

View full text Add to dashboard Cite

In this paper we analyse the impact of different compile options on the success rate of side channel analysis attacks. We run horizontal differential side channel attacks against simulated power traces for the same kP design synthesized using two different compile options after synthesis and after layout. As we are interested in the effect on the produced ASIC we also run the same attack against measured power traces after manufacturing the ASIC. We found that the compile_ultra option reduces the success rate significantly from 5 key candidates with a correctness of between 75 and 90 per cent down to 3 key candidates with a maximum success rate of 72 per cent compared to the simple compile option. Also the success rate after layout shows a very high correlation with the one obtained attacking the measured power and electromagnetic traces, i.e. the simulations are a good indicator of the resistance of the ASIC.

show abstract

“…Corresponding to the ECDSA signature generation protocol the scalar k is a random number. This number that has to be kept secret, since otherwise the private key can be easily calculated [2]. In the EC authentication protocol the scalar k is the private key and has to be kept secret.…”

Section: A Implementation Detailsmentioning

confidence: 99%

On the Influence of the FPGA Compiler Optimization Options on the Success of the Horizontal Attack

Kabin

Sosa

Dyka

et al. 2019

2019 International Conference on ReConFigurable Computing and FPGAs (ReConFig)

Self Cite

View full text Add to dashboard Cite

This paper reports about the impact of compiler options on the resistance of cryptographic implementations against side channel analysis attacks. We evaluated four compiler option for six different FPGAs from Intel and Xilinx. In order to ensure fair assessment we synthesized always the same VHDL code, kept the measurement setup and statistical analysis method etc. constant. Our analysis clearly shows that the compiler options have an impact on the success of attacks but also that the impact is unpredictable not only between different FPGAs but also for an individual FPGA.

show abstract

Horizontal Address-Bit DEMA against ECDSA

Cited by 18 publications

References 19 publications

Resistance of the Montgomery Ladder Against Simple SCA: Theory and Practice

Resistance of the Montgomery Ladder Against Simple SCA: Theory and Practice

Horizontal Attacks Against ECC: From Simulations to ASIC

On the Influence of the FPGA Compiler Optimization Options on the Success of the Horizontal Attack

Contact Info

Product

Resources

About