An Efficient Countermeasure against Correlation Power-Analysis Attacks with Randomized Montgomery Operations for DF-ECC Processor

详细信息    查看全文

• 作者：Jen-Wei Lee (1) jenweilee@gmail.com
  Szu-Chi Chung (1) phonchi@si2lab.org
  Hsie-Chia Chang (1) hcchang@si2lab.org
  Chen-Yi Lee (1) cylee@si2lab.org
• 关键词：Elliptic curve cryptography (ECC) &#8211 ; side ; channel attacks &#8211 ; power ; analysis attacks &#8211 ; Montgomery algorithm
• 刊名：Lecture Notes in Computer Science
• 出版年：2012
• 出版时间：2012
• 年：2012
• 卷：7428
• 期：1
• 页码：548-564
• 全文大小：2.6 MB
• 参考文献：1. Koblitz, N.: Elliptic Curve Cryptosystems. Math. Comp. 48, 203–209 (2001)
  2. Miller, V.S.: Use of Elliptic Curves in Cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)
  3. McIvor, C.J., McLoone, M., McCanny, J.V.: Hardware Elliptic Curve Cryptographic Processor over GF(p). IEEE Trans. Circuits Syst. I 53(9), 1946–1957 (2006)
  4. Sakiyama, K., Batina, L., Preneel, B., Verbauwhede, I.: Multicore Curve-Based Cryptoprocessor With Reconfigurable Modular Arithmetic Logic Units over GF(2 n ). IEEE Trans. Comput. 56(9), 1269–1282 (2007)
  5. Lai, J.-Y., Huang, C.-T.: A Highly Efficient Cipher Processor for Dual-Field Elliptic Curve Cryptography. IEEE Trans. Circuits Syst. II 56(5), 394–398 (2009)
  6. Chen, J.-H., Shieh, M.-D., Lin, W.-C.: A High-Performance Unified-Field Reconfigurable Cryptographic Processor. IEEE Trans. VLSI Syst. 18(8), 1145–1158 (2010)
  7. Kocher, P., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)
  8. Montgomery, P.: Speeding the Pollard and Elliptic Curve Methods of Factorization. Math. Comp. 48, 243–264 (1987)
  9. Lee, J.-W., Chen, Y.-L., Tseng, C.-Y., Chang, H.-C., Lee, C.-Y.: A 521-bit Dual-Field Elliptic Curve Cryptographic Processor With Power Analysis Resistance. In: European Solid-State Circuits Conference (ESSCIRC 2010), pp. 206–209 (2010)
  10. Brier, E., Clavier, C., Olivier, F.: Correlation Power Analysis with a Leakage Model. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 16–29. Springer, Heidelberg (2004)
  11. IEEE: Standard Specifications or Public-Key Cryptography. IEEE Std. 1363 (2000)
  12. Hwang, D., Tiri, K., Hodjat, A., Lai, B.-C., Yang, S., Schaumont, P., Verbauwhede, I.: AES-Based Security Coprocessor IC in 0.18-μm CMOS With Resistance to Differential Power Analysis Side-Channel Attacks. IEEE J. Solid-State Circuits 41(4), 781–792 (2006)
  13. Tokunaga, C., Blaauw, D.: Securing Encryption Systems With a Switched Capacitor Current Equalizer. IEEE J. Solid-State Circuits 45(1), 23–31 (2010)
  14. Liu, P.-C., Chang, H.-C., Lee, C.-Y.: A True Random-Based Differential Power Analysis Countermeasure Circuit for an AES Engine. IEEE Trans. Circuits Syst. II 59(2), 103–107 (2012)
  15. Coron, J.-S.: Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems. In: Ko莽, 脟.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)
  16. Joye, M., Tymen, C.: Protections against Differential Analysis for Elliptic Curve Cryptography. In: Ko莽, 脟.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 377–390. Springer, Heidelberg (2001)
  17. Montgomery, P.: Modular Multiplication Without Trial Division. Math. Comp. 44, 519–521 (1985)
  18. Kaliski, B.: The Montgomery Inverse and Its Applications. IEEE Trans. Comput. 44(8), 1064–1065 (1995)
  19. Cohen, H., Miyaji, A., Ono, T.: Efficient Elliptic Curve Exponentiation Using Mixed Coordinates. In: Ohta, K., Pei, D. (eds.) ASIACRYPT 1998. LNCS, vol. 1514, pp. 51–65. Springer, Heidelberg (1998)
  20. Golic, J.D.: New Methods for Digital Generation and Postprocessing of Random Data. IEEE Trans. Comp. 55, 1217–1229 (2006)
  21. Chen, Y.-L., Lee, J.-W., Liu, P.-C., Chang, H.-C., Lee, C.-Y.: A Dual-Field Elliptic Curve Cryptographic Processor With a Radix-4 Unified Division Unit. In: IEEE Int. Symp. on Circuits Syst. (ISCAS 2011), pp. 713–716 (2011)
• 作者单位：1. Department of Electronics Engineering and Institute of Electronics, National Chiao Tung University, Hsinchu, Taiwan
• ISSN：1611-3349

文摘

Correlation power-analysis (CPA) attacks are a serious threat for cryptographic device because the key can be disclosed from data-dependent power consumption. Hiding power consumption of encryption circuit can increase the security against CPA attacks, but it results in a large overhead for cost, speed, and energy dissipation. Masking processed data such as randomized scalar or primary base point on elliptic curve is another approach to prevent CPA attacks. However, these methods requiring pre-computed data are not suitable for hardware implementation of real-time applications. In this paper, a new CPA countermeasure performing all field operations in a randomized Montgomery domain is proposed to eliminate the correlation between target and reference power traces. After implemented in 90-nm CMOS process, our protected 521-bit dual-field elliptic curve cryptographic (DF-ECC) processor can perform one elliptic curve scalar multiplication (ECSM) in 4.57ms over GF(p 521) and 2.77ms over GF(2409) with 3.6% area and 3.8% power overhead. Experiments from an FPGA evaluation board demonstrate that the private key of unprotected device will be revealed within 103 power traces, whereas the same attacks on our proposal cannot successfully extract the key value even after 106 measurements.