Improving the Big Mac Attack on Elliptic Curve Cryptography

Danger, Jean‐Luc; Guilley, Sylvain; Hoogvorst, Philippe; Murdica, Cédric; Naccache, David

doi:10.1007/978-3-662-49301-4_23

Cited by 17 publications

(20 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However the authors do not comment on any atomicity algorithm in [6]. In the following section, we recall a methodology mentioned in [7] that proposes an improvisation of the HCCA for the atomicity algorithms.…”

Section: Theoretical Hypothesis Behind Attack Successmentioning

confidence: 99%

“…In this paper we show how the countermeasure idea can be applied in case of the well-known atomicity algorithms by introducing minimal overhead, such that the final transformation is resistant against the advanced horizontal attacks. In [7] HCCA attack has been improvised in the light of Big Mac attack by observing the operand sharing property from multiple pairs of field multiplication instead of looking into a single pair. We note here that the countermeasure design can transform the atomicity algorithm into a safe form which is resistant against even the improved attack by [7].…”

Section: Introductionmentioning

confidence: 99%

“…In [7] HCCA attack has been improvised in the light of Big Mac attack by observing the operand sharing property from multiple pairs of field multiplication instead of looking into a single pair. We note here that the countermeasure design can transform the atomicity algorithm into a safe form which is resistant against even the improved attack by [7].…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Improved Atomicity to Prevent HCCA on NIST Curves

Das

Roy

Mukhopadhyay

2016

Proceedings of the 3rd ACM International Workshop on ASIA Public-Key Cryptography

View full text Add to dashboard Cite

The Big Mac attack showed that an RSA implementation, protected with conventional side-channel countermeasures can be exploited on the basis of an operand sharing property of field multiplications with a single trace of side-channel leakage. In fact this property of operand sharing among field multiplications underlying the computation of an exponentiation algorithm can be utilized to break a wide range of RSA and elliptic curve implementations, thus imposing a serious threat. The ECC algorithms designed with sidechannel atomic blocks to protect against simple side-channel analysis are seen to vulnerable to an advanced form of horizontal attack by detecting this operand sharing property among field operations. We demonstrate how to resist an atomicity-equipped ECC algorithm by transforming the algorithm into a safe form which is based on rearranging the order of operands in field multiplications underlying an addition or doubling, keeping the atomicity property intact.

show abstract

Section: Theoretical Hypothesis Behind Attack Successmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 1 more Smart Citation

Improved Atomicity to Prevent HCCA on NIST Curves

Das

Roy

Mukhopadhyay

2016

Proceedings of the 3rd ACM International Workshop on ASIA Public-Key Cryptography

View full text Add to dashboard Cite

show abstract

“…In 2013, Bauer et al [4] (see [5] for an extended version) combined the ideas of [11] with Moradi et al 's collision correlation analysis [42] and obtained a very powerful single-trace attack which thwarts many of the state-of-the-art countermeasures. Recently, further works have built on the ideas of improving Big Mac [15] and collision correlations [29]. Another trend of attacks uses clustering algorithms to launch a single-trace attack on ECC.…”

Section: Introductionmentioning

confidence: 99%

“…-We extend existing correlation-based single-trace attacks (in particular, [4,5,15,29,52]) to scalar multiplications with precomputations. While this type of correlation attacks have been conjectured to form a serious threat to scalar multiplication algorithms with precomputations already before, we are not aware of any works that would have studied this in depth before this paper.…”

Section: Introductionmentioning

confidence: 99%

Single-Trace Side-Channel Attacks on Scalar Multiplications with Precomputations

Järvinen

Balasch

2017

Smart Card Research and Advanced Applications

View full text Add to dashboard Cite

Abstract. Single-trace side-channel attacks are a serious threat to elliptic curve cryptography in practice because they can break also cryptosystems where scalars are nonces (e.g., ECDSA). Previously it was believed that single-trace attacks can be avoided by using scalar multiplication algorithms with regular patterns of operations but recently we have learned that they can be broken with correlation tests to decide whether different operations share common operands. In this work, we extend these attacks to scalar multiplication algorithms with precomputations. We show that many algorithms are vulnerable to our attack which correlates measurements with precomputed values. We also show that successful attacks are possible even without knowledge of precomputed values by using clustering instead of correlations. We provide extensive evidence for the feasibility of the attacks with simulations and experiments with an 8-bit AVR. Finally, we discuss the effectiveness of certain countermeasures against our attacks.

show abstract

Profiled Attacks Against the Elliptic Curve Scalar Point Multiplication Using Neural Networks

Barenghi

Carrera

Mella

et al. 2021

Network and System Security

View full text Add to dashboard Cite

In recent years, machine learning techniques have been successfully applied to improve side-channel attacks against different cryptographic algorithms. In this work, we deal with the use of neural networks to attack elliptic curve-based cryptosystems. In particular, we propose a deep learning based strategy to retrieve the scalar from a double-and-add scalar-point multiplication. As a proof of concept, we conduct an effective attack against the scalar-point multiplication on NIST standard curve P-256 implemented in BearSSL, a timing side-channel hardened public library. The experimental results show that our attack strategy allows to recover the secret scalar value with a single trace from the attacked device and an exhaustive search over a set containing a few hundreds of the sought secret.

show abstract

Improving the Big Mac Attack on Elliptic Curve Cryptography

Cited by 17 publications

References 15 publications

Improved Atomicity to Prevent HCCA on NIST Curves

Improved Atomicity to Prevent HCCA on NIST Curves

Single-Trace Side-Channel Attacks on Scalar Multiplications with Precomputations

Profiled Attacks Against the Elliptic Curve Scalar Point Multiplication Using Neural Networks

Contact Info

Product

Resources

About