Abstract
Unified point addition for computing elliptic curve point addition and doubling is considered to be resistant to simple power analysis. Recently, new side-channel attacks, such as recovery of secret exponent by triangular trace analysis and horizontal collision correlation analysis, have been successfully applied to elliptic curve methods to investigate their resistance to side-channel attacks. These attacks turn out to be very powerful since they only require leakage of a single power consumption trace. In this paper, using these side-channel attack analyses, we introduce two vulnerabilities of unified point addition on the binary Huff curve. Also, we propose a new unified point addition method for the binary Huff curve. Furthermore, to secure against these vulnerabilities, we apply an equivalence class to the side-channel atomic algorithm using the proposed unified point addition method.
Highlights
Side-channel attacks (SCAs) are major threats to the security of cryptographic embedded devices.Power analysis, the most actively researched SCA technique, can be used to find secret information by using the power consumption data extracted during the cryptographic operations of embedded devices
We present two vulnerabilities of unified point addition on the binary Huff curve; these vulnerabilities are exploitable by ROSETTA and horizontal collision correlation analysis (HCCA)
We found these vulnerabilities of unified point addition on the binary Huff curve as presented in [9]
Summary
Side-channel attacks (SCAs) are major threats to the security of cryptographic embedded devices. Ghosh et al showed that unified point addition was insecure against SPA They further proposed a modified unified point addition formula for the binary Huff curve which would provide resistance to SPA [9]. We demonstrate two vulnerabilities of unified point addition on the binary Huff curve using ROSETTA and HCCA. In order to show that unified point addition has these weaknesses, we implemented unified point addition on a binary Huff curve on an ARM cortex-m4 processor that performs field multiplications depending on the secret bit value, repeatedly. The proposed method is about 8.5∼17.5% faster than an existing countermeasure that provides same security, i.e., unified point addition using blinding operands of a field multiplication [10]. We explain the vulnerabilities of several unified addition formulae and their countermeasures in the Appendix A
Sign-in/Register to view highlights & summary Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
