Abstract
The Residue Number System (RNS) arithmetic is gaining grounds in public key cryptography, because it offers fast, efficient and secure implementations over large prime fields or rings of integers. In this paper, we propose a generic, thorough and analytic evaluation approach for protected scalar multiplication implementations with RNS and traditional Side Channel Attack (SCA) countermeasures in an effort to assess the SCA resistance of RNS. This paper constitutes the first robust evaluation of RNS software for Elliptic Curve Cryptography against electromagnetic (EM) side-channel attacks. Four different countermeasures, namely scalar and point randomization, random base permutations and random moduli operation sequence, are implemented and evaluated using the Test Vector Leakage Assessment (TVLA) and template attacks. More specifically, variations of RNS-based Montgomery Powering Ladder scalar multiplication algorithms are evaluated on an ARM Cortex A8 processor using an EM probe for acquisition of the traces. We show experimentally and theoretically that new bounds should be put forward when TVLA evaluations on public key algorithms are performed. On the security of RNS, our data and location dependent template attacks show that even protected implementations are vulnerable to these attacks. A combination of RNS-based countermeasures is the best way to protect against side-channel leakage.
Highlights
The security of embedded devices, even devices with dedicated cryptographic processors, is dependent on resilience against side-channel attacks (SCA)
Considering the above, in this paper, we propose a thorough, generic and broadly applicable practical evaluation based on Test Vector Leakage Assessment (TVLA) and template attacks for Residue Number System (RNS) based scalar multiplication
In Section 3.5.2, we present a series of t-tests for the four variations of the RNS implementation, in order to evaluate the correlation of the implementation leakage to a fixed or a random input point
Summary
The security of embedded devices, even devices with dedicated cryptographic processors, is dependent on resilience against side-channel attacks (SCA). Power consumption [KJJ99], electromagnetic emanations [AARR03] and other forms of side channel information leakage can expose the sensitive data of an implementation (usually a cryptographic key), through the use of various types of SCAs, such as Simple Power Analysis (SPA), Differential Power Analysis (DPA) and Template attacks [CRR03, MO09]. A broad range of countermeasures to protect cryptographic operations that use secret data have been devised, including randomization of the order of operations or masking sensitive values. In Elliptic Curve Cryptography (ECC) traditional countermeasures are focused on randomizing the scalar, randomizing the input point or manipulating the EC parameters and point representation (e.g. randomized projective coordinates approach) [FV12a]. Several research groups explore alternative SCA resistance approaches that are focused on non-traditional arithmetic systems like the Residue Number System (RNS)
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
