Elliptic Curve Cryptography and Security of Embedded Devices

Similar documents
Square Always Exponentiation

Power Analysis to ECC Using Differential Power between Multiplication and Squaring

Side-channel attacks on PKC and countermeasures with contributions from PhD students

Side-Channel Analysis on Blinded Regular Scalar Multiplications

Horizontal and Vertical Side-Channel Attacks against Secure RSA Implementations

Efficient randomized regular modular exponentiation using combined Montgomery and Barrett multiplications

Blinded Fault Resistant Exponentiation FDTC 06

recover the secret key [14]. More recently, the resistance of smart-card implementations of the AES candidates against monitoring power consumption wa

Randomized Signed-Scalar Multiplication of ECC to Resist Power Attacks

Square Always Exponentiation

Side-Channel Analysis on Blinded Regular Scalar Multiplications

Introduction to Side Channel Analysis. Elisabeth Oswald University of Bristol

Efficient Application of Countermeasures for Elliptic Curve Cryptography

Co-Z Addition Formulæ and Binary Ladders on Elliptic Curves. Raveen Goundar Marc Joye Atsuko Miyaji

Efficient Leak Resistant Modular Exponentiation in RNS

A Simple Architectural Enhancement for Fast and Flexible Elliptic Curve Cryptography over Binary Finite Fields GF(2 m )

Resistance of Randomized Projective Coordinates Against Power Analysis

A DPA attack on RSA in CRT mode

Improved Collision-Correlation Power Analysis on First Order Protected AES

Fast and Regular Algorithms for Scalar Multiplication over Elliptic Curves

FPGA IMPLEMENTATION FOR ELLIPTIC CURVE CRYPTOGRAPHY OVER BINARY EXTENSION FIELD

RSA Key Extraction via Low- Bandwidth Acoustic Cryptanalysis. Daniel Genkin, Adi Shamir, Eran Tromer

A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems

Efficient Modular Exponentiation Based on Multiple Multiplications by a Common Operand

Algorithmic Number Theory and Public-key Cryptography

Accelerating AES Using Instruction Set Extensions for Elliptic Curve Cryptography. Stefan Tillich, Johann Großschädl

Lecture V : Public Key Cryptography

Low-Cost Solutions for Preventing Simple Side-Channel Analysis: Side-Channel Atomicity

Asymmetric Encryption

Gurgen Khachatrian Martun Karapetyan

Fast SPA-Resistant Exponentiation Through Simultaneous Processing of Half-Exponents

Dynamic Runtime Methods to Enhance Private Key Blinding

Public Key 9/17/2018. Symmetric Cryptography Review. Symmetric Cryptography: Shortcomings (1) Symmetric Cryptography: Analogy

Error-free protection of EC point multiplication by modular extension

Power Consumption Analysis. Arithmetic Level Countermeasures for ECC Coprocessor. Arithmetic Operators for Cryptography.

Definition: For a positive integer n, if 0<a<n and gcd(a,n)=1, a is relatively prime to n. Ahmet Burak Can Hacettepe University

Branch Prediction based attacks using Hardware performance Counters IIT Kharagpur

Asymmetric Cryptography

Chapter 4 Asymmetric Cryptography

Security Issues in Cloud Computing Modern Cryptography II Asymmetric Cryptography

Optimal Use of Montgomery Multiplication on Smart Cards

Algorithm for RSA and Hyperelliptic Curve Cryptosystems Resistant to Simple Power Analysis

Side-channel attacks and countermeasures for curve based cryptography

Fast Point Multiplication on Elliptic Curves Without Precomputation

Elliptic Curve Cryptography

CPE 776:DATA SECURITY & CRYPTOGRAPHY. Some Number Theory and Classical Crypto Systems

Side-channel analysis in code-based cryptography

Power Analysis Attacks and Algorithmic Approaches to their Countermeasures for Koblitz Curve Cryptosystems

Fast Multiple Point Multiplication on Elliptic Curves over Prime and Binary Fields using the Double-Base Number System

New Composite Operations and Precomputation Scheme for Elliptic Curve Cryptosystems over Prime Fields

Power Analysis for Secret Recovering and Reverse Engineering of Public Key Algorithms

Hybrid Binary-Ternary Joint Sparse Form and its Application in Elliptic Curve Cryptography

Lazy Leak Resistant Exponentiation in RNS

First-Order DPA Attack Against AES in Counter Mode w/ Unknown Counter. DPA Attack, typical structure

Représentation RNS des nombres et calcul de couplages

Affine Precomputation with Sole Inversion in Elliptic Curve Cryptography

Public Key Algorithms

Elliptic Curve Cryptography

Arithmétique et Cryptographie Asymétrique

Remote Timing Attacks are Practical

1 What are Physical Attacks. 2 Physical Attacks on RSA. Today:

CPSC 467b: Cryptography and Computer Security

Fast Simultaneous Scalar Multiplication on Elliptic Curve with Montgomery Form

7 Cryptanalysis. 7.1 Structural Attacks CA642: CRYPTOGRAPHY AND NUMBER THEORY 1

New Strategy for Doubling-Free Short Addition-Subtraction Chain

Number Theory. Modular Arithmetic

Exponent Blinding Does not Always Lift (Partial) SPA Resistance to Higher-Level Security

Side Channel Analysis and Protection for McEliece Implementations

Other Public-Key Cryptosystems

Outline. 1 Arithmetic on Bytes and 4-Byte Vectors. 2 The Rijndael Algorithm. 3 AES Key Schedule and Decryption. 4 Strengths and Weaknesses of Rijndael

Zero-Value Point Attacks on Elliptic Curve Cryptosystem

Multi-Exponentiation Algorithm

Fast Algorithm in ECC for Wireless Sensor Network

CPSC 467: Cryptography and Computer Security

The RSA Cipher and its Algorithmic Foundations

Partial Key Exposure: Generalized Framework to Attack RSA

Optimal Extension Field Inversion in the Frequency Domain

Practical Fault Countermeasures for Chinese Remaindering Based RSA

Toward Secure Implementation of McEliece Decryption

Revisiting Atomic Patterns for Scalar Multiplications on Elliptic Curves

Selecting Elliptic Curves for Cryptography Real World Issues

Correlation Power Analysis. Chujiao Ma

Low-Resource and Fast Elliptic Curve Implementations over Binary Edwards Curves

Hardware implementations of ECC

6. ELLIPTIC CURVE CRYPTOGRAPHY (ECC)

Formal Fault Analysis of Branch Predictors: Attacking countermeasures of Asymmetric key ciphers

Efficient regular modular exponentiation using multiplicative half-size splitting

Generic Cryptanalysis of Combined Countermeasures with Randomized BSD Representations

Public Key Cryptography

Cryptanalysis on An ElGamal-Like Cryptosystem for Encrypting Large Messages

A Sound Method for Switching between Boolean and Arithmetic Masking

Side Channel Attack to Actual Cryptanalysis: Breaking CRT-RSA with Low Weight Decryption Exponents

Polynomial Interpolation in the Elliptic Curve Cryptosystem

during transmission safeguard information Cryptography: used to CRYPTOGRAPHY BACKGROUND OF THE MATHEMATICAL

Provably Secure Higher-Order Masking of AES

Analysis of cryptographic hash functions

My brief introduction to cryptography

Performance of Finite Field Arithmetic in an Elliptic Curve Cryptosystem

CIS 551 / TCOM 401 Computer and Network Security

Hardware Security Side channel attacks

Transcription:

Elliptic Curve Cryptography and Security of Embedded Devices Ph.D. Defense Vincent Verneuil Institut de Mathématiques de Bordeaux Inside Secure June 13th, 2012 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 1 / 64

Outline Introduction RSA and Elliptic Curve Cryptography Scalar Multiplication Implementation Side-Channel Analysis Improved Atomic Pattern for Scalar Multiplication Square Always Exponentiation Horizontal Correlation Analysis Long-Integer Multiplication Blinding and Shuffling Collision-Correlation Analysis on AES Conclusion V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 2 / 64

Outline Introduction RSA and Elliptic Curve Cryptography Scalar Multiplication Implementation Side-Channel Analysis Improved Atomic Pattern for Scalar Multiplication Square Always Exponentiation Horizontal Correlation Analysis Long-Integer Multiplication Blinding and Shuffling Collision-Correlation Analysis on AES Conclusion V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 2 / 64

Outline Introduction RSA and Elliptic Curve Cryptography Scalar Multiplication Implementation Side-Channel Analysis Improved Atomic Pattern for Scalar Multiplication Square Always Exponentiation Horizontal Correlation Analysis Long-Integer Multiplication Blinding and Shuffling Collision-Correlation Analysis on AES Conclusion V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 2 / 64

RSA (Rivest-Shamir-Adleman) A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, 1978. V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 3 / 64

RSA (Rivest-Shamir-Adleman) Key generation pick at random two primes p and q, and compute n = p q choose e and compute d such that: e d 1 mod (p 1)(q 1) Public key A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, 1978. = {n,e} Private key = {p,q,d} V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 3 / 64

RSA (Rivest-Shamir-Adleman) Encryption / Decryption To encrypt a message m: c = m e To decrypt c: m = c d mod n mod n V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 4 / 64

RSA (Rivest-Shamir-Adleman) Encryption / Decryption To encrypt a message m: c = m e To decrypt c: m = c d mod n mod n Security assumption Given = {n,e}, how to recover d = e 1 mod (p 1)(q 1)? Factorize n to recover p and q! V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 4 / 64

Elliptic Curve Cryptography Independently introduced by Koblitz and Miller in 1985. V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 5 / 64

Elliptic Curve Equation Let K be a field, and E /K an elliptic curve. Then the set of K-rational points E (K) P 2 (K) is an abelian group, with neutral element O. On a field K = F p, p > 3, it has an affine equation: y 2 = x 3 + ax + b V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 6 / 64

Elliptic Curve Group Law Let P 1 = (x 1,y 1 ) and P 2 = (x 2,y 2 ), P 1,P 2 O. P 3 = P 1 + P 2 is given by: { x3 = m 2 x 1 x 2 P1 P 2 y 3 = m (x 1 x 3 ) y 1 K = R V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 7 / 64

Elliptic Curve Group Law O Let P 1 = (x 1,y 1 ) and P 2 = (x 2,y 2 ), P 1,P 2 O. P 3 = P 1 + P 2 is given by: { x3 = m 2 x 1 x 2 y 3 = m (x 1 x 3 ) y 1 P 3 P 3 P1 P 2 m = y 2 y 1 x 2 x 1 if P 1 ±P 2 K = R V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 7 / 64

Elliptic Curve Group Law Let P 1 = (x 1,y 1 ) and P 2 = (x 2,y 2 ), P 1,P 2 O. P 3 = P 1 + P 2 is given by: { x3 = m 2 x 1 x 2 P 1 = P 2 y 3 = m (x 1 x 3 ) y 1 K = R V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 7 / 64

Elliptic Curve Group Law O Let P 1 = (x 1,y 1 ) and P 2 = (x 2,y 2 ), P 1,P 2 O. P 3 = P 1 + P 2 is given by: { x3 = m 2 x 1 x 2 y 3 = m (x 1 x 3 ) y 1 m = 3x 1 2 + a 2y 1 if P 1 = P 2 P 1 = P 2 P3 P 3 K = R V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 7 / 64

Scalar Multiplication Given a point P in E (K) and a positive integer d, we denote dp = P + P + + P. }{{} d times V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 8 / 64

Scalar Multiplication Given a point P in E (K) and a positive integer d, we denote dp = P + P + + P. }{{} d times Elliptic Curve Discrete Logarithm Problem (ECDLP) Given P in E (K) and dp, 1 d #E (K), find d? Much harder than or factoring (which can be solved in subexponential time). V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 8 / 64

Cryptosystems Comparison Estimated equivalent key lengths for ECC and RSA: Security level 80 112 128 192 256 ECC 160 224 256 384 512 RSA 1024 2048 3072 8192 15360 z Very interesting in embedded devices having limited resources. V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 9 / 64

Outline Introduction RSA and Elliptic Curve Cryptography Scalar Multiplication Implementation Side-Channel Analysis Improved Atomic Pattern for Scalar Multiplication Square Always Exponentiation Horizontal Correlation Analysis Long-Integer Multiplication Blinding and Shuffling Collision-Correlation Analysis on AES Conclusion V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 9 / 64

Embedded Devices Constraints Efficiency Most transactions have to take less than 500 ms Small amount of RAM Very low power (hence low frequency) for contactless devices V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 10 / 64

Embedded Devices Constraints Efficiency Most transactions have to take less than 500 ms Small amount of RAM Very low power (hence low frequency) for contactless devices Arithmetic optimizations Exponentiation / scalar multiplication Group operations and point representation Modular arithmetic V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 10 / 64

Expensive operations F p Operations Theoretical Cost Significant operations Negligible operations V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 11 / 64

Expensive operations Inversion (I) F p Operations Theoretical Cost Significant operations Negligible operations V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 11 / 64

Expensive operations Inversion (I) F p Operations Theoretical Cost Significant operations Multiplication (M) Squaring (S, S/M 0.8) Negligible operations V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 11 / 64

Expensive operations Inversion (I) F p Operations Theoretical Cost Significant operations Multiplication (M) Squaring (S, S/M 0.8) Negligible operations Addition (A) Subtraction (A) Negation (N) V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 11 / 64

Expensive operations Inversion (I) F p Operations Theoretical Cost Significant operations Multiplication (M) Squaring (S, S/M 0.8) Negligible operations Addition (A) Subtraction (A) Negation (N) For ECC keylengths, A/M 0.2 and N/M 0.1 on most smart cards. V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 11 / 64

Exponentiation Algorithms Square and multiply Left-to-right Right-to-left ( ( m d = m d 0 m d 1... ( m d ) 2 ) ) 2 2 l 1... m d = m d l 12 l 1 m d l 22 l 2... m d 0 Input: m,n,d N Output: m d mod n a 1 for i = l 1 to 0 do a a 2 mod n if d i = 1 then a a m mod n return a Input: m,n,d N Output: m d mod n a 1 ; b m for i = 0 to l 1 do if d i = 1 then a a b mod n b b 2 mod n return a V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 12 / 64

Scalar Multiplication Algorithms Double and add Left-to-right dp = d 0 P + 2(d 1 P + 2(... + 2(d l 1 P)...)) Input: P E (K),d N Output: dp R O for i = l 1 to 0 do R 2R if d i = 1 then R R + P return R Right-to-left dp = d l 1 2 l 1 P + d l 2 2 l 2 P +... + d 0 P Input: P E (K),d N Output: dp R O ; Q P for i = 0 to l 1 do if d i = 1 then R R + Q Q 2Q return R V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 13 / 64

Refined Algorithms Non-Adjacent Form (NAF) Signed representation minimizing the number of non-zero digits (1/3 vs 1/2). Hence minimize the number of additions. V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 14 / 64

Refined Algorithms Non-Adjacent Form (NAF) Signed representation minimizing the number of non-zero digits (1/3 vs 1/2). Hence minimize the number of additions. Sliding window algorithms Precompute 3P,5P,... to process several scalar bits at a time. Can be combined with the NAF method. V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 14 / 64

Refined Algorithms Non-Adjacent Form (NAF) Signed representation minimizing the number of non-zero digits (1/3 vs 1/2). Hence minimize the number of additions. Sliding window algorithms Precompute 3P,5P,... to process several scalar bits at a time. Can be combined with the NAF method. Co-Z Addition Euclidean Addition Chains [Meloni, WAIFI 2007] Co-Z binary ladder [Goundar, Joye & Miyaji, CHES 2010] V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 14 / 64

Outline Introduction RSA and Elliptic Curve Cryptography Scalar Multiplication Implementation Side-Channel Analysis Improved Atomic Pattern for Scalar Multiplication Square Always Exponentiation Horizontal Correlation Analysis Long-Integer Multiplication Blinding and Shuffling Collision-Correlation Analysis on AES Conclusion V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 14 / 64

Side-Channel Analysis Framework Secret key Inputs Cryptographic operation Outputs

Side-Channel Analysis Framework Secret key Inputs Cryptographic operation leakages Device Outputs

Side-Channel Analysis Framework Secret key Inputs Cryptographic operation Device leakages Measurements Outputs

Side-Channel Analysis Framework Secret key Inputs Cryptographic operation Device leakages Measurements Model & assumptions Outputs

Side-Channel Analysis Framework Secret key Inputs Cryptographic operation Device leakages Measurements Model & assumptions Outputs Information on secret key V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 15 / 64

Simple Side-Channel Analysis (SSCA) Left-to-right square & multiply Side-channel leakage: power, EM, etc. The whole exponent may be recovered using a single trace. V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 16 / 64

Regular Exponentiation Left-to-right algorithms Square & multiply:... V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 17 / 64

Regular Exponentiation Left-to-right algorithms Square & multiply:... Square & multiply always:... V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 17 / 64

Regular Exponentiation Left-to-right algorithms Square & multiply:... Square & multiply always:... Montgomery ladder:... V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 17 / 64

Regular Exponentiation Algorithms Left-to-right Montgomery ladder Input: m,n,d N Output: m d mod n 1: R 0 1 2: R 1 m 3: for i = l 1 to 0 do 4: R 1 di R 0 R 1 mod n 5: R di R di 2 mod n 6: return R 0 Right-to-left Joye ladder Input: m,n,d N Output: m d mod n 1: R 0 1 2: R 1 m 3: for i = 0 to l 1 do 4: R 1 di R 1 di 2 mod n 5: R 1 di R 1 di R di mod n 6: return R 0 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 18 / 64

Regular Scalar Multiplication Left-to-right algorithms Double & add:... V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 19 / 64

Regular Scalar Multiplication Left-to-right algorithms Double & add:... Double & add always:... V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 19 / 64

Regular Scalar Multiplication Left-to-right algorithms Double & add:... Double & add always:... Montgomery ladders:... V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 19 / 64

Regular Scalar Multiplication Algorithms Left-to-right Montgomery ladder Input: P E (K),d N Output: dp 1: R 0 O 2: R 1 P 3: for i = l 1 to 0 do 4: R 1 di R 0 + R 1 5: R di 2R di 6: return R 0 Right-to-left Joye ladder Input: P E (K),d N Output: dp 1: R 0 O 2: R 1 P 3: for i = 0 to l 1 do 4: R 1 di 2R 1 di 5: R 1 di R 1 di + R di 6: return R 0 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 20 / 64

Regular Atomic Exponentiation Square & multiply:... V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 21 / 64

Regular Atomic Exponentiation Square & multiply:... Atomic multiply always:... V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 21 / 64

Regular Atomic Scalar Multiplication Double & add:... V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 22 / 64

Regular Atomic Scalar Multiplication Double & add:... Atomic add always (with a unified group addition):... V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 22 / 64

Regular Atomic Scalar Multiplication Double & add:... Atomic add always (with a unified group addition):... Atomic scalar multiplication using a smaller pattern:... Dbl. Dbl. Add. Dbl. Add.... V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 22 / 64

Leakage on Manipulated Data V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 23 / 64

Leakage on Manipulated Data Noise is generally too high to exploit this leakage directly V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 23 / 64

Leakage on Manipulated Data Noise is generally too high to exploit this leakage directly z Many acquisitions are used to reduce noise influence V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 23 / 64

Differential Analysis Principle Measure N times a side-channel leakage with different data involved and consider the traces T 1,T 2,...,T n. T 1 T 2. t t t + ω t + ω T N t t + ω V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 24 / 64

Differential Analysis Principle Measure N times a side-channel leakage with different data involved and consider the traces T 1,T 2,...,T n. T 1 align vertically the traces on the targeted operation using signal processing tools T 2. t t t + ω t + ω T N t t + ω V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 24 / 64

Differential Analysis Principle Measure N times a side-channel leakage with different data involved and consider the traces T 1,T 2,...,T n. T 1 align vertically the traces on the targeted operation using signal processing tools perform statistical treatment between traces, known inputs or outputs and a guess on a few key bits T 2. T N t t t t + ω t + ω t + ω V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 24 / 64

Differential Analysis Principle Measure N times a side-channel leakage with different data involved and consider the traces T 1,T 2,...,T n. T 1 align vertically the traces on the targeted operation using signal processing tools perform statistical treatment between traces, known inputs or outputs and a guess on a few key bits T 2. T N t t t t + ω t + ω t + ω z Validate the guess or not V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 24 / 64

Differential Side-Channel Analysis Original method introduced in [Kocher, Jaffe & Jun, CRYPTO 99] Hamming weight leakage model Difference of means as a distinguisher V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 25 / 64

Differential Side-Channel Analysis Original method introduced in [Kocher, Jaffe & Jun, CRYPTO 99] Hamming weight leakage model Difference of means as a distinguisher Correlation analysis introduced in [Brier, Clavier & Olivier, CHES 2004] Hamming weight/distance leakage model Pearson correlation factor as a distinguisher V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 25 / 64

Countermeasures for RSA Exponentiation Exponent blinding d = d + r(p 1)(q 1) V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 26 / 64

Countermeasures for RSA Exponentiation Exponent blinding d = d + r(p 1)(q 1) Message/ciphertext additive blinding m = m + rn mod cn, r < c V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 26 / 64

Countermeasures for RSA Exponentiation Exponent blinding d = d + r(p 1)(q 1) Message/ciphertext additive blinding m = m + rn mod cn, r < c Message/ciphertext multiplicative blinding m = r e m mod n, result recovered as r 1 (m ) d mod n V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 26 / 64

Countermeasures for Scalar Multiplication From [Coron, CHES 99]: Scalar blinding d = d + r#e (F p ) V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 27 / 64

Countermeasures for Scalar Multiplication From [Coron, CHES 99]: Scalar blinding d = d + r#e (F p ) Base point projective coordinates blinding (r 2 X : r 3 Y : rz ) V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 27 / 64

Countermeasures for Scalar Multiplication From [Coron, CHES 99]: Scalar blinding d = d + r#e (F p ) Base point projective coordinates blinding (r 2 X : r 3 Y : rz ) Input point blinding Q = d(p + R), result recovered as Q S with S = dr V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 27 / 64

Outline Introduction RSA and Elliptic Curve Cryptography Scalar Multiplication Implementation Side-Channel Analysis Improved Atomic Pattern for Scalar Multiplication Square Always Exponentiation Horizontal Correlation Analysis Long-Integer Multiplication Blinding and Shuffling Collision-Correlation Analysis on AES Conclusion V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 27 / 64

Our Contribution New atomic pattern for right-to-left scalar multiplication implementation Fastest implementation for standard curves considering addition cost A/M 0.1 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 28 / 64

Our Contribution New atomic pattern for right-to-left scalar multiplication implementation Fastest implementation for standard curves considering addition cost A/M 0.1 Theoretical comparison (S/M = 0.8, A/M = 0.2) Previous right-to-left NAF atomic scalar multiplication: - 20 % (M/bit) Best previous scalar multiplication (Co-Z Montgomery ladder (X : Z )-only): - 3.6 % (M/bit) V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 28 / 64

Atomic Right-to-Left Scalar Multiplication Mixed coordinates Multiplication Addition Negation Addition Operations expression using the atomic pattern Addition : [11M+5S] Doubling : [3M+5S] V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 29 / 64

Atomic Right-to-Left Scalar Multiplication Mixed coordinates Multiplication Addition Negation Addition Squaring Addition Negation Addition Operations expression using the atomic pattern Addition : [11M+5S] Doubling : [3M+5S] V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 29 / 64

Atomic Right-to-Left Scalar Multiplication Mixed coordinates Multiplication Addition Negation Addition Squaring Addition Negation Addition Operations expression using the atomic pattern Addition : [11M+5S] Doubling : [3M+5S] V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 29 / 64

Atomic Right-to-Left Scalar Multiplication Mixed coordinates Multiplication Addition Negation Addition Squaring Addition Negation Addition Operations expression using the atomic pattern Addition : [11M+5S] Doubling : [3M+5S] Extended pattern : V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 29 / 64

Atomic Right-to-Left Scalar Multiplication Sq. Neg. Mult. Neg. Mult. Neg. Mult. Neg. Sq. Neg. Mult. Neg. Mult. Neg. Mult. Neg. V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 30 / 64

Atomic Right-to-Left Scalar Multiplication Sq. Neg. Mult. Neg. Mult. Neg. Mult. Neg. Sq. Neg. Mult. Neg. Mult. Neg. Mult. Neg. Add. 1 Add. 2 R 1 Z 2 2 R 6 R 2 4 R 2 X 1 R 1 R 5 Z 1 Z 2 R 1 R 1 Z 2 Z 3 R 5 R 4 R 3 Y 1 R 1 R 2 R 2 R 6 R 1 R 1 R 1 Z 2 1 R 5 R 2 1 R 3 R 3 R 4 R 1 X 2 R 4 R 4 R 6 R R 4 R 6 R 5 + R 4 4 R R 4 R 2 + R 2 R 2 4 R R 1 Z 1 R 6 R 6 + R 2 1 R 3 R 3 R 4 X 3 R 2 + R 6 R R 1 R 1 Y 2 X 3 + R 2 2 R 1 R 1 R 2 Y R 1 R 3 R 3 + R 1 1 R 1 R 3 + R 1 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 30 / 64

Atomic Right-to-Left Scalar Multiplication Sq. Neg. Mult. Neg. Mult. Neg. Mult. Neg. Sq. Neg. Mult. Neg. Mult. Neg. Mult. Neg. Add. 1 Add. 2 Dbl. R 1 Z 2 2 R 6 R 2 4 R 2 X 1 R 1 R 5 Z 1 Z 2 R 1 R 1 Z 2 Z 3 R 5 R 4 R 3 Y 1 R 1 R 2 R 2 R 6 R 1 R 1 R 1 Z 2 1 R 5 R 2 1 R 3 R 3 R 4 R 1 X 2 R 4 R 4 R 6 R R 4 R 6 R 5 + R 4 4 R R 4 R 2 + R 2 R 2 4 R R 1 Z 1 R 6 R 6 + R 2 1 R 3 R 3 R 4 X 3 R 2 + R 6 R R 1 R 1 Y 2 X 3 + R 2 2 R 1 R 1 R 2 Y R 1 R 3 R 3 + R 1 1 R 1 R 3 + R 1 R 1 X 1 2 R 2 Y 1 + Y 1 Z 2 R 2 Z 1 R 4 R 1 + R 1 R 3 R 2 Y 1 R 6 R 3 + R 3 R 2 R 6 R 3 R 1 R 4 + R 1 R 1 R 1 + W 1 R 3 R 1 2 R 4 R 6 X 1 R 5 W 1 + W 1 R 4 R 4 R 3 R 3 + R 4 W 2 R 2 R 5 X 2 R 3 + R 4 R 2 R 2 R 6 R 4 + X 2 R 4 R 6 R 1 R 4 R 4 Y 2 R 4 + R 2 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 30 / 64

Atomic Right-to-Left Scalar Multiplication Sq. Neg. Mult. Neg. Mult. Neg. Mult. Neg. Sq. Neg. Mult. Neg. Mult. Neg. Mult. Neg. Add. 1 Add. 2 Dbl. R 1 Z 2 2 R 6 R 2 4 R 2 X 1 R 1 R 5 Z 1 Z 2 R 1 R 1 Z 2 Z 3 R 5 R 4 R 3 Y 1 R 1 R 2 R 2 R 6 R 1 R 1 R 1 Z 2 1 R 5 R 2 1 R 3 R 3 R 4 R 1 X 2 R 4 R 4 R 6 R R 4 R 6 R 5 + R 4 4 R R 4 R 2 + R 2 R 2 4 R R 1 Z 1 R 6 R 6 + R 2 1 R 3 R 3 R 4 X 3 R 2 + R 6 R R 1 R 1 Y 2 X 3 + R 2 2 R 1 R 1 R 2 Y R 1 R 3 R 3 + R 1 1 R 1 R 3 + R 1 R 1 X 1 2 R 2 Y 1 + Y 1 Z 2 R 2 Z 1 R 4 R 1 + R 1 R 3 R 2 Y 1 R 6 R 3 + R 3 R 2 R 6 R 3 R 1 R 4 + R 1 R 1 R 1 + W 1 R 3 R 1 2 R 4 R 6 X 1 R 5 W 1 + W 1 R 4 R 4 R 3 R 3 + R 4 W 2 R 2 R 5 X 2 R 3 + R 4 R 2 R 2 R 6 R 4 + X 2 R 4 R 6 R 1 R 4 R 4 Y 2 R 4 + R 2 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 30 / 64

Atomic Right-to-Left Scalar Multiplication Sq. Mult. Mult. Mult. Neg. Sq. Neg. Mult. Neg. Mult. Neg. Mult. Neg. Add. 1 Add. 2 Dbl. R 1 Z 2 2 R 6 R 2 4 R 1 X 2 1 R 2 Y 1 + Y 1 R 2 X 1 R 1 R 1 R 1 Z 2 R 3 Y 1 R 1 R 1 Z 1 2 R 4 R 1 X 2 R 4 R 4 R 4 R 2 + R 4 R 1 Z 1 R 1 R 1 R 1 Y 2 R 1 R 1 R 1 R 3 + R 1 R 5 Z 1 Z 2 Z 3 R 5 R 4 R 2 R 2 R 6 R 1 R 1 R 5 R 2 1 R 3 R 3 R 4 R 4 R 6 R 6 R 5 + R 4 R 2 R 2 R 6 R 6 + R 2 R 3 R 3 R 4 X 3 R 2 + R 6 R 2 X 3 + R 2 R 1 R 1 R 2 Y 3 R 3 + R 1 Z 2 R 2 Z 1 R 4 R 1 + R 1 R 3 R 2 Y 1 R 6 R 3 + R 3 R 2 R 6 R 3 R 1 R 4 + R 1 R 1 R 1 + W 1 R 3 R 1 2 R 4 R 6 X 1 R 5 W 1 + W 1 R 4 R 4 R 3 R 3 + R 4 W 2 R 2 R 5 X 2 R 3 + R 4 R 2 R 2 R 6 R 4 + X 2 R 4 R 6 R 1 R 4 R 4 Y 2 R 4 + R 2 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 30 / 64

Atomic Right-to-Left Scalar Multiplication Sq. Add. Mult. Add. Mult. Add. Mult. Add. Add. Sq. Mult. Add. Sub. Mult. Sub. Sub. Mult. Sub. Add. 1 Add. 2 Dbl. R 1 Z 2 2 R 2 Y 1 Z 2 R 5 Y 2 Z 1 R 3 R 1 R 2 R 4 Z 2 1 R 2 R 5 R 4 R 2 R 2 R 3 R 5 R 1 X 1 R 6 X 2 R 4 R 6 R 6 R 5 R 1 R 6 2 R 4 R 5 R 1 R 5 R 1 R 6 R 1 Z 1 R 6 R 6 R 2 2 Z 3 R 1 Z 2 R 1 R 4 + R 4 R 6 R 6 R 1 R 1 R 5 R 3 X 3 R 6 R 5 R 4 R 4 X 3 R 3 R 4 R 2 Y 3 R 3 R 1 R 1 X 1 2 R 2 Y 1 + Y 1 Z 2 R 2 Z 1 R 4 R 1 + R 1 R 3 R 2 Y 1 R 6 R 3 + R 3 R 2 R 6 R 3 R 1 R 4 + R 1 R 1 R 1 + W 1 R 3 R 1 2 R 4 R 6 X 1 R 5 W 1 + W 1 R 3 R 3 R 4 W 2 R 2 R 5 X 2 R 3 R 4 R 6 R 4 X 2 R 4 R 6 R 1 Y 2 R 4 R 2 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 31 / 64

Atomic Right-to-Left Scalar Multiplication Sq. Add. Mult. Add. Mult. Add. Mult. Add. Add. Sq. Mult. Add. Sub. Mult. Sub. Sub. Mult. Sub. Add. 1 Add. 2 Dbl. R 1 Z 2 2 R 2 Y 1 Z 2 R 5 Y 2 Z 1 R 3 R 1 R 2 R 4 Z 2 1 R 2 R 5 R 4 R 2 R 2 R 3 R 5 R 1 X 1 R 6 X 2 R 4 R 6 R 6 R 5 R 1 R 6 2 R 4 R 5 R 1 R 5 R 1 R 6 R 1 Z 1 R 6 R 6 R 2 2 Z 3 R 1 Z 2 R 1 R 4 + R 4 R 6 R 6 R 1 R 1 R 5 R 3 X 3 R 6 R 5 R 4 R 4 X 3 R 3 R 4 R 2 Y 3 R 3 R 1 R 1 X 1 2 R 2 Y 1 + Y 1 Z 2 R 2 Z 1 R 4 R 1 + R 1 R 3 R 2 Y 1 R 6 R 3 + R 3 R 2 R 6 R 3 R 1 R 4 + R 1 R 1 R 1 + W 1 R 3 R 1 2 R 4 R 6 X 1 R 5 W 1 + W 1 R 3 R 3 R 4 W 2 R 2 R 5 X 2 R 3 R 4 R 6 R 4 X 2 R 4 R 6 R 1 Y 2 R 4 R 2 8 multiplications 6 multiplications + 2 squarings V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 31 / 64

Atomic Right-to-Left Scalar Multiplication Sq. Add. Mult. Add. Mult. Add. Mult. Add. Add. Sq. Mult. Add. Sub. Mult. Sub. Sub. Mult. Sub. Add. 1 Add. 2 Dbl. R 1 Z 2 2 R 2 Y 1 Z 2 R 5 Y 2 Z 1 R 3 R 1 R 2 R 4 Z 2 1 R 2 R 5 R 4 R 2 R 2 R 3 R 5 R 1 X 1 R 6 X 2 R 4 R 6 R 6 R 5 R 1 R 6 2 R 4 R 5 R 1 R 5 R 1 R 6 R 1 Z 1 R 6 R 6 R 2 2 Z 3 R 1 Z 2 R 1 R 4 + R 4 R 6 R 6 R 1 R 1 R 5 R 3 X 3 R 6 R 5 R 4 R 4 X 3 R 3 R 4 R 2 Y 3 R 3 R 1 R 1 X 1 2 R 2 Y 1 + Y 1 Z 2 R 2 Z 1 R 4 R 1 + R 1 R 3 R 2 Y 1 R 6 R 3 + R 3 R 2 R 6 R 3 R 1 R 4 + R 1 R 1 R 1 + W 1 R 3 R 1 2 R 4 R 6 X 1 R 5 W 1 + W 1 R 3 R 3 R 4 W 2 R 2 R 5 X 2 R 3 R 4 R 6 R 4 X 2 R 4 R 6 R 1 Y 2 R 4 R 2 8 multiplications 6 multiplications + 2 squarings 16 additions 6 additions + 4 subtractions V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 31 / 64

Atomic Right-to-Left Scalar Multiplication Sq. Add. Mult. Add. Mult. Add. Mult. Add. Add. Sq. Mult. Add. Sub. Mult. Sub. Sub. Mult. Sub. Add. 1 Add. 2 Dbl. R 1 Z 2 2 R 2 Y 1 Z 2 R 5 Y 2 Z 1 R 3 R 1 R 2 R 4 Z 2 1 R 2 R 5 R 4 R 2 R 2 R 3 R 5 R 1 X 1 R 6 X 2 R 4 R 6 R 6 R 5 R 1 R 6 2 R 4 R 5 R 1 R 5 R 1 R 6 R 1 Z 1 R 6 R 6 R 2 2 Z 3 R 1 Z 2 R 1 R 4 + R 4 R 6 R 6 R 1 R 1 R 5 R 3 X 3 R 6 R 5 R 4 R 4 X 3 R 3 R 4 R 2 Y 3 R 3 R 1 R 1 X 1 2 R 2 Y 1 + Y 1 Z 2 R 2 Z 1 R 4 R 1 + R 1 R 3 R 2 Y 1 R 6 R 3 + R 3 R 2 R 6 R 3 R 1 R 4 + R 1 R 1 R 1 + W 1 R 3 R 1 2 R 4 R 6 X 1 R 5 W 1 + W 1 R 3 R 3 R 4 W 2 R 2 R 5 X 2 R 3 R 4 R 6 R 4 X 2 R 4 R 6 R 1 Y 2 R 4 R 2 8 multiplications 6 multiplications + 2 squarings 16 additions 6 additions + 4 subtractions 8 negations 0 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 31 / 64

Implementation 192 bits ECDSA @ 30 MHz (CPU) & 50 MHz (CC) Original : 35 ms, Improved : 30 ms (- 14.5 %) Comparable RAM ( 500 Bytes) and Code size ( 3 KB) V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 32 / 64

Outline Introduction RSA and Elliptic Curve Cryptography Scalar Multiplication Implementation Side-Channel Analysis Improved Atomic Pattern for Scalar Multiplication Square Always Exponentiation Horizontal Correlation Analysis Long-Integer Multiplication Blinding and Shuffling Collision-Correlation Analysis on AES Conclusion V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 32 / 64

Our Contribution New atomic algorithms using squarings only Immune to attacks distinguishing squarings from multiplications Better efficiency than regular ladders Exponentiation algorithms for parallelized squarings with best performances to our knowledge V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 33 / 64

Exponentiation Cost Summary Algorithm Cost / bit S/M = 1 S/M =.8 # reg Square & multiply 1,2,3 0.5M + 1S 1.5M 1.3M 2 Multiply always 2,3 1.5M 1.5M 1.5M 2 Regular ladders 1M + 1S 2M 1.8M 2 1 algorithm unprotected towards the SPA 2 algorithm sensitive to S M discrimination 3 possible sliding window optimization V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 34 / 64

Replacing Multiplications by Squarings x y = (x + y)2 x 2 y 2 (1) 2 ( ) x + y 2 ( ) x y 2 x y = (2) 2 2 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 35 / 64

Regular Atomic Exponentiation Square & multiply:... Atomic Multiply always:... V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 36 / 64

Regular Atomic Exponentiation Square & multiply:... Atomic Multiply always:... Atomic Square always:... V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 36 / 64

Atomic Left-to-Right Algorithm Input: m,n,d N Output: m d mod n 1: R 0 1 ; R 1 m ; R 2 1 2: R 3 m 2 /2 mod n 3: j 0 ; i k 1 4: while i 0 do 5: R Mj,0 R Mj,1 + R Mj,2 mod n 6: R Mj,3 R 2 Mj,3 mod n 7: R Mj,4 R Mj,5 /2 mod n 8: R Mj,6 R Mj,7 R Mj,8 mod n 9: j d i (1 + (j mod 3)) 10: i i M j,9 0 bit j = 0 1 bit j = 1 0 bit 1 bit j = 3 j = 2 11: return R 0 1 1 1 0 2 1 1 1 2 1 M = 2 0 1 2 2 2 2 2 3 0 1 1 3 0 0 0 0 2 0 0 3 3 3 0 3 3 1 1 3 1 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 37 / 64

Atomic Right-to-Left Algorithm Input: m,n,d N Output: m d mod n 1: R 0 m ; R 1 1 ; R 2 1 2: i 0 ; j 0 3: while i k 1 do 4: j d i (1 + (j mod 3)) 5: R Mj,0 R Mj,1 + R 0 mod n 6: R Mj,2 R Mj,3 /2 mod n 7: R Mj,4 R Mj,5 R Mj,6 mod n 8: R Mj,3 R 2 Mj,3 mod n 9: i i + M j,7 0 bit j = 0 1 bit j = 1 0 bit 1 bit j = 3 j = 2 10: return R 1 0 0 2 0 0 0 2 1 M = 2 1 2 2 1 0 1 0 0 2 1 1 0 0 2 0 0 0 0 0 1 2 1 1 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 38 / 64

Cost Comparison Algorithm Cost / bit S/M = 1 S/M =.8 # reg Square & multiply 1,2,3 0.5M + 1S 1.5M 1.3M 2 Multiply always 2,3 1.5M 1.5M 1.5M 2 Regular ladder 1M + 1S 2M 1.8M 2 L.-to-r. square always 3 2S 2M 1.6M 4 R.-to-l. square always 3 2S 2M 1.6M 3 11 % speed-up over Montgomery ladder 1 algorithm unprotected towards the SPA 2 algorithm sensitive to S M discrimination 3 possible sliding window optimization V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 39 / 64

Implementation AT90SC chip @ 30MHz with AdvX arithmetic coprocessor: Algorithm Key len. (b) Code (B) RAM (B) Timing (ms) Mont. ladder Square Always 512 360 128 30 1024 360 256 200 2048 360 512 1840 512 510 192 28 1024 510 384 190 2048 510 768 1740 5 % practical speed-up obtained in practice V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 40 / 64

Parallelization Motivation: Many devices are equipped with multi-core processors Parallelized Montgomery ladder : 1M / bit Squarings are independent in equations (1) and (2) V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 41 / 64

Parallelization Motivation: Many devices are equipped with multi-core processors Parallelized Montgomery ladder : 1M / bit Squarings are independent in equations (1) and (2) We study how to optimize square always algorithms if two parallel squarings are available using space/time trade-offs. V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 41 / 64

Cost Summary We demonstrate that the cost of our parallelized algorithm using λ extra registers tends to: ( 1 + 1 ) S 4λ + 2 Algorithm General cost S/M = 1 S/M = 0.8 Parallel Montgomery ladder 1M 1M 1M Parallel square always λ = 1 7S/6 1.17M 0.93M Parallel square always λ = 2 11S/10 1.10M 0.88M Parallel square always λ = 3 15S/14 1.07M 0.86M.... Parallel square always λ 1S 1M 0.8M V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 42 / 64

Outline Introduction RSA and Elliptic Curve Cryptography Scalar Multiplication Implementation Side-Channel Analysis Improved Atomic Pattern for Scalar Multiplication Square Always Exponentiation Horizontal Correlation Analysis Long-Integer Multiplication Blinding and Shuffling Collision-Correlation Analysis on AES Conclusion V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 42 / 64

Our Contribution New differential analysis on exponentiation using a single trace Any exponentiation algorithm can be subject to this attack Circumvent the exponent blinding countermeasure Require the knowledge of underlying modular multiplication implementation V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 43 / 64

Modular Multiplication Implementation Schoolbook long-integer multiplication x y in base b with x,y < b k Input: x = (x k 1 x k 2...x 0 ) b, y = (y k 1 y k 2...y 0 ) b Output: x y Uses: w = (w 2k 1 w 2k 2...w 0 ) 1: w (00...0) 2: for i = 0 to k 1 do 3: c 0 4: for j = 0 to k 1 do 5: (uv) b w i+j + x i y j + c 6: w i+j v 7: c u 8: w i+k c 9: return w V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 44 / 64

Modular Multiplication Implementation Rows and columns x k 1... x 2 x 1 x 0 y k 1... y 2 y 1 y 0 + x 0 y k 1... x 0 y 2 x 0 y 1 x 0 y 0 + x 1 y k 1 x 1 y k 2... x 1 y 1 x 1 y 0 + x 2 y k 1 x 2 y k 2 x 2 y k 3... x 2 y 0.... + x k 2 y k 1... x k 2 y 2 x k 2 y 1 x k 2 y 0 + x k 1 y k 1 x k 1 y k 2... x k 1 y 1 x k 1 y 0 w 2k 1 w 2k 2 w 2k 3... w 2 w 1 w 0 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 45 / 64

Horizontal Correlation Analysis Vertical: Horizontal:................... Uses N segments from different traces. Uses k 2 segments from a single trace. V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 46 / 64

Horizontal Side-Channel Analysis T 1 T 2 T 3 T s T s+1 T s+2 T...... T s 0,0 T s 0,2 T s 1,0 T s 1,2 T s 1,k 1 T s k 1,0 T s k 1,2 T s k 1,k 1............ We target single-multiplication segments T s i,j of the s-th modular multiplication inside a single leakage trace T. V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 47 / 64

Horizontal Correlation Analysis Considering an atomic multiply-always implementation: Input: m,n,d N Output: m d mod n 1: R 0 1 2: R 1 m 3: i l 1 4: t 0 5: while i 0 do 6: R 0 R 0 R t mod n 7: t t d i 8: i i 1 + t 9: return R 0 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 48 / 64

Horizontal Correlation Analysis Considering an atomic multiply-always implementation: Input: m,n,d N Output: m d mod n 1: R 0 1 2: R 1 m 3: i l 1 4: t 0 5: while i 0 do 6: R 0 R 0 R t mod n 7: t t d i 8: i i 1 + t Execute a single RSA signature m d mod n and collect the execution power trace T. 9: return R 0 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 48 / 64

Horizontal Correlation Analysis Considering an atomic multiply-always implementation: Input: m,n,d N Output: m d mod n 1: R 0 1 2: R 1 m 3: i l 1 4: t 0 5: while i 0 do 6: R 0 R 0 R t mod n 7: t t d i 8: i i 1 + t Execute a single RSA signature m d mod n and collect the execution power trace T. Assuming u most significant bits of d are known by the attacker: d = (d l 1...d l u d l (u+1)...d 1 d 0 ) 9: return R 0 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 48 / 64

Horizontal Correlation Analysis Considering an atomic multiply-always implementation: Input: m,n,d N Output: m d mod n 1: R 0 1 2: R 1 m 3: i l 1 4: t 0 5: while i 0 do 6: R 0 R 0 R t mod n 7: t t d i 8: i i 1 + t 9: return R 0 Execute a single RSA signature m d mod n and collect the execution power trace T. Assuming u most significant bits of d are known by the attacker: d = (d l 1...d l u d l (u+1)...d 1 d 0 ) Let R (u) 0 denote the value of R 0 after processing the u-th bit of d: R (u) 0 = m d l 1...d l u mod n V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 48 / 64

Horizontal Correlation Analysis Let v = u + HW(d l 1...d l u ) i.e. u-th bit multiplication T v T v+1 T v+2 d l u 1 = 1 R (u) 0 d l u 1 = 0 R (u) 0 R (u) 0 R (u) 0 R (u) 0 d l u 2 = 0,1 (u) 2 R 0 m R (u) 0 2 (u) 2 R 0 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 49 / 64

Horizontal Correlation Analysis Let v = u + HW(d l 1...d l u ) i.e. u-th bit multiplication T v T v+1 T v+2 d l u 1 = 1 R (u) 0 d l u 1 = 0 R (u) 0 R (u) 0 R (u) 0 R (u) 0 d l u 2 = 0,1 (u) 2 R 0 m R (u) 0 2 (u) 2 R 0 Compute correlation between: trace segments T v+2 i,j and values D j = m j or trace segments T v+2 i,j and values D i,j = R (u) 0,i m j V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 49 / 64

Horizontal Correlation Analysis Let v = u + HW(d l 1...d l u ) i.e. u-th bit multiplication T v T v+1 T v+2 d l u 1 = 1 R (u) 0 d l u 1 = 0 R (u) 0 R (u) 0 R (u) 0 R (u) 0 d l u 2 = 0,1 (u) 2 R 0 m R (u) 0 2 (u) 2 R 0 Compute correlation between: trace segments T v+2 i,j and values D j = m j or trace segments T v+2 i,j and values D i,j = R (u) 0,i m j If correlation peak: d l (u+1) = 1, or d l (u+1) = 0 otherwise. V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 49 / 64

Experimental Results Correlation trace result on series of Correlation trace result on series of traces T v+2 i,j with D j = m j segments T v+2 i,j with D i,j = R (u) 0,i m j V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 50 / 64

Outline Introduction RSA and Elliptic Curve Cryptography Scalar Multiplication Implementation Side-Channel Analysis Improved Atomic Pattern for Scalar Multiplication Square Always Exponentiation Horizontal Correlation Analysis Long-Integer Multiplication Blinding and Shuffling Collision-Correlation Analysis on AES Conclusion V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 50 / 64

Our Contribution New countermeasure against differential analysis for RSA and ECC Designed to protect from horizontal analysis Implemented at the multi-precision multiplication level V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 51 / 64

Long-Integer Multiplication Shuffling rows and blinding columns Let us shuffle the rows of the multiplication: x k 1... x 2 x 1 x 0 y k 1... y 2 y 1 y 0 + x 0 y k 1... x 0 y 2 x 0 y 1 x 0 y 0 + x 1 y k 1 x 1 y k 2... x 1 y 1 x 1 y 0 + x 2 y k 1 x 2 y k 2 x 2 y k 3... x 2 y 0.... + x k 2 y k 1... x k 2 y 2 x k 2 y 1 x k 2 y 0 + x k 1 y k 1 x k 1 y k 2... x k 1 y 1 x k 1 y 0 w 2k 1 w 2k 2 w 2k 3... w 2 w 1 w 0 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 52 / 64

Long-Integer Multiplication Shuffling rows and blinding columns Choose at random a permutation α of (0,1,...,k 1) and compute: (c,w α(i)+j ) b = w α(i)+j + x α(i) y j + c x k 1... x 2 x 1 x 0 y k 1... y 2 y 1 y 0 + x k 2 y k 1... x k 2 y 2 x k 2 y 1 x k 2 y 0 + x 0 y k 1... x 0 y 2 x 0 y 1 x 0 y 0 + x 2 y k 1 x 2 y k 2 x 2 y k 3... x 2 y 0.. + x k 1 y k 1 x k 1 y k 2... x k 1 y 1 x k 1 y 0 + x 1 y k 1 x 1 y k 2... x 1 y 1 x 1 y 0 w 2k 1 w 2k 2 w 2k 3... w 2 w 1 w 0 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 52 / 64

Long-Integer Multiplication Shuffling rows and blinding columns Choose at random a permutation α of (0,1,...,k 1) and compute: (c,w α(i)+j ) b = w α(i)+j + x α(i) y j + c Still necessary to blind columns: For each row α(i), choose at random a word r, compute and store r x α(i), blind each single-precision multiplication: (c,w α(i)+j ) b = w α(i)+j + x α(i) (y j r) + r x α(i) + c V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 52 / 64

Long-Integer Multiplication Shuffling rows and blinding columns Choose at random a permutation α of (0,1,...,k 1) and compute: (c,w α(i)+j ) b = w α(i)+j + x α(i) y j + c Still necessary to blind columns: For each row α(i), choose at random a word r, compute and store r x α(i), blind each single-precision multiplication: (c,w α(i)+j ) b = w α(i)+j + x α(i) (y j r) + r x α(i) + c z Provides k! different sequences of single-precision multiplications. V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 52 / 64

Long-Integer Multiplication Shuffling rows and blinding columns Choose at random a permutation α of (0,1,...,k 1) and compute: Still necessary to blind columns: (c,w α(i)+j ) b = w α(i)+j + x α(i) y j + c For each row α(i), choose at random a word r, compute and store r x α(i), blind each single-precision multiplication: (c,w α(i)+j ) b = w α(i)+j + x α(i) (y j r) + r x α(i) + c z Provides k! different sequences of single-precision multiplications. z Requires k extra multiplications and 3 extra words of storage. V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 52 / 64

Long-Integer Multiplication Shuffling rows and blinding columns Choose at random a permutation α of (0,1,...,k 1) and compute: Still necessary to blind columns: (c,w α(i)+j ) b = w α(i)+j + x α(i) y j + c For each row α(i), choose at random a word r, compute and store r x α(i), blind each single-precision multiplication: (c,w α(i)+j ) b = w α(i)+j + x α(i) (y j r) + r x α(i) + c z Provides k! different sequences of single-precision multiplications. z Requires k extra multiplications and 3 extra words of storage. z Saves k + 1 multiplications and 4k 1 words of storage compared to the full blinding countermeasure. V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 52 / 64

Long-Integer Multiplication Shuffling rows and columns Let us now shuffle the rows and the columns of the multiplication: V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 53 / 64

Long-Integer Multiplication Shuffling rows and columns Let us now shuffle the rows and the columns of the multiplication: Choose at random two permutations α,β of (0,1,...,k 1) and compute: (c β(j),w α(i)+β(j) ) b = w α(i)+β(j) + x α(i) y β(j) Carry propagation is more complicated and requires a k-word array c. V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 53 / 64

Long-Integer Multiplication Shuffling rows and columns Let us now shuffle the rows and the columns of the multiplication: Choose at random two permutations α,β of (0,1,...,k 1) and compute: (c β(j),w α(i)+β(j) ) b = w α(i)+β(j) + x α(i) y β(j) Carry propagation is more complicated and requires a k-word array c. z Provides (k!) 2 different sequences of single-precision multiplications. V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 53 / 64

Long-Integer Multiplication Shuffling rows and columns Let us now shuffle the rows and the columns of the multiplication: Choose at random two permutations α,β of (0,1,...,k 1) and compute: (c β(j),w α(i)+β(j) ) b = w α(i)+β(j) + x α(i) y β(j) Carry propagation is more complicated and requires a k-word array c. z Provides (k!) 2 different sequences of single-precision multiplications. z Requires no extra multiplication but k extra words of storage. V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 53 / 64

Long-Integer Multiplication Shuffling rows and columns Let us now shuffle the rows and the columns of the multiplication: Choose at random two permutations α,β of (0,1,...,k 1) and compute: (c β(j),w α(i)+β(j) ) b = w α(i)+β(j) + x α(i) y β(j) Carry propagation is more complicated and requires a k-word array c. z Provides (k!) 2 different sequences of single-precision multiplications. z Requires no extra multiplication but k extra words of storage. z Saves k multiplications but uses additional storage compared to the previous countermeasure. V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 53 / 64

Long-Integer Multiplication For instance, using a 32-bit multiplier: bit length k! (k!) 2 256 2 15 2 30 512 2 44 2 88 1024 2 117 2 235 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 54 / 64

Long-Integer Multiplication For instance, using a 32-bit multiplier: bit length k! (k!) 2 256 2 15 2 30 512 2 44 2 88 1024 2 117 2 235 z Also compatible with interleaved multiplications and reductions. V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 54 / 64

Long-Integer Multiplication For instance, using a 32-bit multiplier: bit length k! (k!) 2 256 2 15 2 30 512 2 44 2 88 1024 2 117 2 235 z Also compatible with interleaved multiplications and reductions. z Studying the cost of these countermeasures for hardware implementations requires further investigation. V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 54 / 64

Outline Introduction RSA and Elliptic Curve Cryptography Scalar Multiplication Implementation Side-Channel Analysis Improved Atomic Pattern for Scalar Multiplication Square Always Exponentiation Horizontal Correlation Analysis Long-Integer Multiplication Blinding and Shuffling Collision-Correlation Analysis on AES Conclusion V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 54 / 64

Our Contribution Improved collision-correlation techniques on AES defeating some first-order protected implementations Need less than 1500 acquisitions in our experiments No need to establish a consumption model for correlation V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 55 / 64

AES Overview We focus on AES-128: message M = (m 0 m 1... m 15 ) key K = (k 0 k 1... k 15 ) ciphertext C = (c 0 c 1... c 15 ) for i [0,15] we denote x i = m i k i AES message SubBytes ShiftRows MixColumns key subkey 1 ciphertext V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 56 / 64

AES Overview We focus on AES-128: message M = (m 0 m 1... m 15 ) key K = (k 0 k 1... k 15 ) ciphertext C = (c 0 c 1... c 15 ) for i [0,15] we denote x i = m i k i Our attack targets the first round SubBytes function AES message SubBytes ShiftRows MixColumns key subkey 1 ciphertext V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 56 / 64

Principle Detect internal collisions between data processed in blinded S-Boxes in the first AES round: data1 mask = data2 mask V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 57 / 64

Principle Detect internal collisions between data processed in blinded S-Boxes in the first AES round: data1 mask = data2 mask Two protections against first-order attacks are considered: 1. substitution table masking: S (x i u) = S(x i ) v, with u v same masks u and v for all bytes 2. masked pseudo-inversion in F 2 8 : I (x i u i ) = I(x i ) u i, for 0 i 15 16 different masks but same input and output masks V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 57 / 64

Collision-Correlation Analysis Encrypt N times the same message M Collect the power traces T n, 0 n N 1 T 0 T 1. T N 1 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 58 / 64

Collision-Correlation Analysis Encrypt N times the same message M Collect the power traces T n, 0 n N 1 Consider two instructions whose processing starts at times t 0 and t 1 l points are acquired per instruction processing T 0 T 1. t 0 t 0 + l t 1 t 1 + l t 0 t 0 + l t 1 t 1 + l T N 1 t 0 t 0 + l t 1 t 1 + l V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 58 / 64

Collision-Correlation Analysis Encrypt N times the same message M Collect the power traces T n, 0 n N 1 Consider two instructions whose processing starts at times t 0 and t 1 l points are acquired per instruction processing Construct the two series Θ 0 = (Tt n 0 ) n and Θ 1 = (Tt n 1 ) n of power consumptions segments T 0 T 1. T N 1 Θ 0 Θ 1 t 0 t 0 + l t 1 t 1 + l t 0 t 0 + l t 1 t 1 + l t 0 t 0 + l t 1 t 1 + l V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 58 / 64

Collision-Correlation Analysis Encrypt N times the same message M Collect the power traces T n, 0 n N 1 Consider two instructions whose processing starts at times t 0 and t 1 l points are acquired per instruction processing Construct the two series Θ 0 = (Tt n 0 ) n and Θ 1 = (Tt n 1 ) n of power consumptions segments T 0 T 1. T N 1 Θ 0 Θ 1 t 0 t 0 + l t 1 t 1 + l t 0 t 0 + l t 1 t 1 + l t 0 t 0 + l t 1 t 1 + l Apply a statistical treatment to (Θ 0,Θ 1 ) to identify if same data was involved in T n t 0 and T n t 1 We choose the Pearson correlation factor ˆρ Θ0,Θ 1 (t) = cov(θ 0(t),Θ 1 (t)) σ Θ0 (t)σ Θ1 (t) V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 58 / 64

First Attack Description (1) Principle: detect when two SubBytes inputs (and outputs) are equal in first AES round m 4 k 4 u = m 9 k 9 u x 0 x 1 x 2 x 3 x 4 x 5 x 6 x 7 x 8 x 9 x 10 x 11 x 12 x 13 x 14 x 15 S S S S S S S S S S S S S S S S y 0 y 1 y 2 y 3 y 4 y 5 y 6 y 7 y 8 y 9 y 10 y 11 y 12 y 13 y 14 y 15 k 4 k 9 = m 4 m 9 Result: provide a relation between two key bytes V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 59 / 64

First Attack Description (2) Encrypt N times the same message M and collect the N traces of first AES round For the 120 possible pairs (i 1,i 2 ) compute ˆρ Θi1,Θ i2 (t) When a correlation peak appears a relation between k i1 and k i2 is found Repeat for several random messages M until enough relations are found V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 60 / 64

First Attack Description (2) Encrypt N times the same message M and collect the N traces of first AES round For the 120 possible pairs (i 1,i 2 ) compute ˆρ Θi1,Θ i2 (t) When a correlation peak appears a relation between k i1 and k i2 is found Repeat for several random messages M until enough relations are found zon average 59 messages are needed Total number of traces = 59 N V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 60 / 64

Experimental Results Correlation traces obtained on real traces for N = 25 1 1 Correlation 0.5 0 Correlation 0.5 0-0.5-0.5 100 125 150 175 200 Time 100 125 150 175 200 Time Total number of acquisitions : 25 59 1500 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 61 / 64

Second Attack Description (1) Previous attack cannot be applied to masked inversion if masks are different for each byte 0 u 3 1 u 3 x 0 x 1 x 2 x 3 x 4... x 15 x 0 x 1 x 2 x 3 x 4... x 15 I I I I I... I or I I I I I... I y 0 y 1 y 2 y 3 y 4... y 15 y 0 y 1 y 2 y 3 y 4... y 15 0 u 3 1 u 3 Collision between input and output reveals one key byte except one bit: k i = m i or k i = m i 1 V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 62 / 64

Practical Results Correlation traces obtained on simulated traces for the pseudo-inversion of the first byte in GF(2 8 ) with N = 16 1 Correlation 0.5 0-0.5-1 10 20 30 40 50 60 Time V. Verneuil - Elliptic Curve Cryptography and Security of Embedded Devices 63 / 64

2024 © sciencedocbox.com Privacy Policy | Terms of Service | Feedback