Horizontal address-bit DPA against montgomery kP implementation

Kabin, Ievgen; Dyka, Zoya; Kreiser, Dan; Langendoerfer, Peter

doi:10.1109/reconfig.2017.8279800

Cited by 19 publications

(16 citation statements)

References 22 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The modification done in Algorithm 2 in comparison to the Algorithm 1 refers to the initialization phase and the processing of k l−2 . The operation flow for processing k l−2 (see lines 2-8 in Algorithm 2) differs from the operation flow in the main loop (see lines [9][10][11][12][13][14][15][16][17]. The processing of key bit k l−2 consists of 5 multiplications, 5 squarings, 3 additions and 8 write to register operations, independent of the value of k l−2 .…”

Section: Our Implementation Of the Montgomery Kpmentioning

confidence: 99%

“…Since the use of registers in the Montgomery kP algorithm depends on the value of the processed bit k i of the scalar k, horizontal differential SCA attacks can be successful. Due to the nature of this SCA leakage -the addressing of the registers/blocks -this kind of attacks was denoted as horizontal bus and address bit DPA in [10]. Please note that in Fig.…”

Section: Our Implementation Of the Montgomery Kpmentioning

confidence: 99%

“…Here we performed an automated simple analysis attack. In [10] horizontal differential analysis attacks are described. The difference to [10] is that in this paper we do not calculate any statistical parameters such a mean value, variation, etc.…”

Section: Automated Simple Ema Attackmentioning

confidence: 99%

“…In [10] horizontal differential analysis attacks are described. The difference to [10] is that in this paper we do not calculate any statistical parameters such a mean value, variation, etc. The difference to usual simple analysis attacks is that we automated our attack with the goal to make the attack effective and fast.…”

Section: Automated Simple Ema Attackmentioning

confidence: 99%

See 3 more Smart Citations

Resistance of the Montgomery Ladder Against Simple SCA: Theory and Practice

et al. 2021

Self Cite

View full text Add to dashboard Cite

The Montgomery kP algorithm i.e. the Montgomery ladder is reported in literature as resistant against simple SCA due to the fact that the processing of each key bit value of the scalar k is done using the same sequence of operations. We implemented the Montgomery kP algorithm using Lopez-Dahab projective coordinates for the NIST elliptic curve B-233. We instantiated the same VHDL code for a wide range of clock frequencies for the same target FPGA and using the same compiler options. We measured electromagnetic traces of the kP executions using the same input data, i.e. scalar k and elliptic curve point P, and measurement setup. Additionally, we synthesized the same VHDL code for two IHP CMOS technologies, for a broad spectrum of frequencies. We simulated the power consumption of each synthesized design during an execution of the kP operation, always using the same scalar k and elliptic curve point P as inputs. Our experiments clearly show that the success of simple electromagnetic analysis attacks against FPGA implementations as well as the one of simple power analysis attacks against synthesized ASIC designs depends on the target frequency for which the design was implemented and at which it is executed significantly. In our experiments the scalar k was successfully revealed via simple visual inspection of the electromagnetic traces of the FPGA for frequencies from 40 to 100 MHz when standard compile options were used as well as from 50 MHz up to 240 MHz when performance optimizing compile options were used. We obtained similar results attacking the power traces simulated for the ASIC. Despite the significant differences of the here investigated technologies the designs’ resistance against the attacks performed is similar: only a few points in the traces represent strong leakage sources allowing to reveal the key at very low and very high frequencies. For the “middle” frequencies the number of points which allow to successfully reveal the key increases when increasing the frequency.

show abstract

Section: Our Implementation Of the Montgomery Kpmentioning

confidence: 99%

Section: Our Implementation Of the Montgomery Kpmentioning

confidence: 99%

Section: Automated Simple Ema Attackmentioning

confidence: 99%

Section: Automated Simple Ema Attackmentioning

confidence: 99%

See 2 more Smart Citations

Resistance of the Montgomery Ladder Against Simple SCA: Theory and Practice

et al. 2021

Self Cite

View full text Add to dashboard Cite

show abstract

“…Practical examples of horizontal attacks against asymmetric cryptographic approaches such RSA or ECC are the SPA described in [7], simple electromagnetic analysis (SEMA) attacks e.g. [8], the Big Mac attack [9], the localized EMA attack [10], horizontal collision correlation analysis (HCCA) attacks [11]- [12] , horizontal DPA and DEMA attacks [13], [14]. Vertical attacks corresponding to the new classification are "more than one trace" attacks i.e.…”

Section: Background: Verical and Horizontal Attacksmentioning

confidence: 99%

Horizontal Attacks Against ECC: From Simulations to ASIC

et al. 2020

Self Cite

View full text Add to dashboard Cite

In this paper we analyse the impact of different compile options on the success rate of side channel analysis attacks. We run horizontal differential side channel attacks against simulated power traces for the same kP design synthesized using two different compile options after synthesis and after layout. As we are interested in the effect on the produced ASIC we also run the same attack against measured power traces after manufacturing the ASIC. We found that the compile_ultra option reduces the success rate significantly from 5 key candidates with a correctness of between 75 and 90 per cent down to 3 key candidates with a maximum success rate of 72 per cent compared to the simple compile option. Also the success rate after layout shows a very high correlation with the one obtained attacking the measured power and electromagnetic traces, i.e. the simulations are a good indicator of the resistance of the ASIC.

show abstract

Methods for Increasing the Resistance of Cryptographic Designs Against Horizontal DPA Attacks

Kabin

Dyka

Kreiser

et al. 2018

Information and Communications Security

Self Cite

View full text Add to dashboard Cite

Side channel analysis attacks, especially horizontal DPA and DEMA attacks, are significant threats for cryptographic designs. In this paper we investigate to which extend different multiplication formulae and randomization of the field multiplier increase the resistance of an ECC design against horizontal attacks. We implemented a randomized sequence of the calculation of partial products for the field multiplication in order to increase the security features of the field multiplier. Additionally, we use the partial polynomial multiplier itself as a kind of countermeasure against DPA attacks. We demonstrate that the implemented classical multiplication formula can increase the inherent resistance of the whole ECC design. We also investigate the impact of the combination of these two approaches. For the evaluation we synthesized all these designs for a 250 nm gate library technologies, and analysed the simulated power traces. All investigated protection means help to decrease the success rate of attacks significantly: the correctness of the revealed key was decreased from 99% to 69%.

show abstract

Horizontal address-bit DPA against montgomery kP implementation

Cited by 19 publications

References 22 publications

Resistance of the Montgomery Ladder Against Simple SCA: Theory and Practice

Resistance of the Montgomery Ladder Against Simple SCA: Theory and Practice

Horizontal Attacks Against ECC: From Simulations to ASIC

Methods for Increasing the Resistance of Cryptographic Designs Against Horizontal DPA Attacks

Contact Info

Product

Resources

About