Abstract
Elliptical curves are dedicated for several security applications including Radio Frequency Identification (RFID) devices, smart cards, bankcards, etc. To guarantee effective security of such applications, these cryptographic systems require effective resistance to various types of physical attack. Differential Power-Analysis (DPA) attacks were considered the most efficient attacks against scalar multiplication calculation algorithms. In this paper, we propose a countermeasure method against the DPA attacks, for a scalar multiplication algorithm that is basically secure against Simple Power Analysis (SPA) and safe-error attacks. Our proposal is intended for Elliptic Curves Cryptosystems (ECC) algorithms dedicated to low cost applications. We first introduce the different types of side-channel attacks that ECC-based cryptographic algorithms can suffer, as well as their countermeasure methods existing in the literature. We then present an optimized hardware implementation of the most effective scalar multiplication algorithm against SPA and safe-error attacks. Finally, we present our proposed DPA countermeasure method and its effectiveness against other extensions of DPA attacks. Our proposed method is similar to the Basic Random Initial Point (BRIP) method except that the latter is only applicable for the left-to-right algorithm. The proposed method is based on the randomization of processed data during the computation of the scalar multiplication algorithm and prevents vulnerability to Zero-value Point Attack (ZPA), Refined Power analysis (RPA) attack and double attack. In the last part of our paper, we present comparative analysis in terms of computational cost between our proposed method and other countermeasure algorithms presented in the literature, such as Montgomery-ladder, the BRIP algorithm, the left-to-right algorithm and the Co-Z Mont-Ladder algorithm.
Similar content being viewed by others
Avoid common mistakes on your manuscript.
1 Introduction
Elliptic Curve Cryptography (ECC) has become an interesting technology since its introduction by Miller [1] and Koblitz [2] in 1985 and 1987, respectively. Cryptographic systems based on ECC are very performant in key management thanks to the small size of keys used [3,4,5,6,7,8,9,10]. Additionally, elliptic curve-based algorithms are much faster and have significantly better key generation and exchange rate when compared to other asymmetric algorithms. As a result, ECC has widely used in embedded IoT devices to provide security services such as confidentiality, data authentication, and key exchange [11,12,13,14,15,16]. The security of ECC is ensured by the calculation of the scalar multiplication operation that presents the essential ECC operation wish allows to calculate the public point \(Q=dP\) for a given secret integer d and a base point P. Several algorithms have been proposed to improve the time required to calculate scalar multiplication with different security levels against different types of attacks [17]. One of the main objectives of this paper is to select the best scalar multiplication algorithm suitable for low-cost application and that respects security requirements. The hardware implementation of the scalar multiplication algorithms can cause information leakages through time, energy consumption and electromagnetic field. These leakages are subject to Side Channel Analysis (SCA) attacks, which are considered the most powerful threat to ECC implementations [18]. SCA attacks can be divided into two main categories: the simple power analysis (SPA) attacks and differential power analysis (DPA) attacks.
The Simple Power Analysis (SPA) attack is the simplest type of SCA attack. This attack requires the analysis of a simple trace of the power consumed during a single scalar multiplication process. This helps attackers to determine the secret key by observing the behavior of the circuit during scalar multiplication calculations. The SPA attack is essentially based on the difference in power consumption between the addition and doubling operations. To resist this attack, it is necessary either to use indistinct addition and doubling operations [19] or to unify the number of addition and doubling operations used at each execution in the scalar multiplication process [20]. The first way consists of using the same formula for addition and doubling operations to avoid leakage due to the difference in consumption [21]. The second way consists in proposing new scalar multiplication algorithms that use the same number of operations at each iteration [22].
DPA attack requires several executions of the scalar multiplication algorithm using a large number of inputs to collect power consumption measurements with the same secret key [23]. The power measurements obtained will then be statistically analyzed. To resist the DPA attack, there are several countermeasures methods such as the point blinding method [24], scalar splitting [25, 26], projective coordinate randomization [20], and the randomized field isomorphism method [27]. However, all these countermeasures present certain weaknesses in terms of security. The aim of our paper is to propose a new DPA countermeasure method derived from existing methods and which meets the security requirements of ECC cryptosystems.
The contribution of our paper is based on four important parts. These parts can be summarized as follows:
-
Citing the different techniques used to optimize the hardware implementation of ECC in binary fields.
-
Implementation of the most secure scalar multiplication algorithm against SPA and safe-error attacks existing in the literature.
-
Classification of the most powerful SCA attacks targeting scalar multiplication algorithms and the security analysis of each corresponding counter-measure method.
-
Proposal of a new countermeasure method adapted to the selected scalar multiplication algorithm resistant to the DPA attack and its variations.
Our paper is organized as follows: We provide a related work, in section II, resuming the different studies related to our research. Section III is reserved for the introduction of the preliminary elliptic curves and the description of the different optimization parameters applied. In Section VI, we will present the different side-channel attacks that can affect a scalar multiplication algorithm. Then we will analyze the different countermeasure methods proposed for each attack. The hardware implementation of the most secure scalar multiplication algorithm against SPA and safe error attacks is made in Section V. Section VI is committed to the proposition of our DPA countermeasure method, its security analysis against ZPA RPA and dubbing attacks, and its performance results in comparison with existing work. Finally, we will conclude our paper in Section VII.
2 Related work
Although the security of cryptographic systems has been studied for many years, this context still attracts the attention of many researchers thanks to the development of various types of SCA attacks [28]. Differential analysis attacks involve statistical analysis of multiple power traces, although they can be avoided by various countermeasures including point randomization and scalar randomization.
In [20], Coron et al. have proposed three countermeasure methods to prevent differential power analysis attacks. These three countermeasures rely on inserting random numbers into the calculation of Q = kP. Despite its simplicity of implementation.
and cost-effectiveness, Abar et al. [29] showed later that these methods risks to be broken by new power attacks such as: C-safe fault attacks [30], doubling attacks [31], twist curve fault attacks [32], Refined Power Analysis (RPA) [33] and Zero-value Point Attacks (ZPA) [34]. In fact, the first Coron's countermeasure, based on the scalar k randomization, requires the insertion of an additional random number in the secret key. Fouque et al. found in [31] that the random value inserted must be larger than 20 bits to resist the doubling attack, which increases the computational requirement. Coron's second countermeasure, based on point blinding by adding a secret random point R to the base point P. Fouque et al. have shown the vulnerability and weakness of this method to the doubling attack, since the point R is also doubled at each execution. Furthermore, according to Fan et al. [35], the projective coordinate randomization countermeasure is sensitive to ZPA and RPA attacks, as the zero values targeted by these attacks remain non-randomized as they are multiplied by random values.
To protect algorithmically our cryptosystems against SCA attacks, it is essential to ensure the principles of regularity and atomicity of instructions. The double and add always binary methods [36], as well as the Montgomery ladder method [37], are examples of algorithms based on the principle of uniformity, i.e., they perform the same number of operations regardless the bit value of the k scalar. Numerous studies show that these algorithms are not always effective. Certain works such as [37, 38] have shown the vulnerability of these methods to attacks using key-dependent register addressing, known as address bit attacks. Several horizontal address bit attacks that have proven effective against hardware acceleration of ECC cryptosystems are well described in [39, 40]. Later, Itoh et al. proposed in [41] a countermeasure method for address-bit DPA attacks, a random address Montgomery ladder algorithm.
In this paper, we investigate the effectiveness and limitations of the different countermeasure methods proposed to prevent side-channel attacks such as SPA, DPA, ZPA and RPA. The main objective of our paper is to propose a new effective countermeasure method that meets the security limitations of all other methods and respects the uniformity of our ECC processor calculation.
3 Elliptic curve for low-cost devices
In this section, we will first present the basic operations of elliptic curves. In order to have a lightweight implementation of ECC, it is necessary to deal with some implementation parameters. For this purpose, we will show the effect of the choice of the field and the coordinate system on the implementation cost of our ECC crypto processor.
3.1 Preliminary
An elliptic curve, defined over the finite field \({F}_{p}\), is a set of solutions \(({\text{x}},{\text{y}})\) of a so-called Weierstrass equation:
where \({{\text{a}}}_{1},{{\text{a}}}_{2},{{\text{a}}}_{3}, {{\text{a}}}_{4}, {{\text{a}}}_{6} \in {{\text{F}}}_{{\text{q}}}\). This equation can be simplified according to the characteristic of the field \(\left({F}_{q}\right)\):
-
If char \(\left({F}_{q}\right)\ge 5\), then \({F}_{q}={F}_{p}\), p is a large prime number, and the equation of the curve is given by:
$$E:{y}^{2}={x}^{3}+ax+b, \mathrm{with\;}4{a}^{3}+27{b}^{2}\ne 0$$(2) -
If char \({F}_{q}=3\), then \({F}_{q}={F}_{p}\), p is a prime number, and the equation of the curve is given by:
$$E:{y}^{2}={x}^{3}+ax+b, \mathrm{with\;}4+27{b}^{2}\ne 0$$(3) -
If char \(({{\text{F}}}_{{\text{q}}}) = 2\), then \({{\text{F}}}_{{\text{q}}} = {{\text{F}}}_{2}^{{\text{m}}}\) and the curve equation becomes:
$$E:y^2+xy=x^3+{ax}^2+b,\mathrm{with}\;b\neq0$$(4)
In this paper, we will focus on elliptic curves defined over binary field since their arithmetic operations are easier to implement. However, operators defined in binary field are less costly in terms of area and computational cost than prime field operations. This allows us to reduce the surface area and computational cost, which is required for the implementation of elliptic curves with low-cost devices.
3.2 Group low
Let \({\text{P}}({{\text{x}}}_{{\text{P}}},{{\text{y}}}_{{\text{P}}})\) and \(\mathrm{Q }({{\text{x}}}_{{\text{Q}}},{{\text{y}}}_{{\text{Q}}})\) are two points on the curve \({\text{E}}({{\text{F}}}_{2}^{{\text{m}}})\) and O the point at infinity:
-
We have \(\mathrm{P }+\mathrm{ O }=\mathrm{ O }+\mathrm{ P }=\mathrm{ P}\) for any point \(\mathrm{P }\in \mathrm{ E}({{\text{F}}}_{2}^{{\text{m}}}).\)
-
The opposite of the point P is the point –P of coordinates \(\left({x}_{P},{x}_{P}+{y}_{P}\right)\), with \(\mathrm{P }+ (-{\text{P}}) =\mathrm{ O}\) .
-
If P and Q are not opposed, then \(\mathrm{P }+\mathrm{ Q }=\mathrm{ R}\) with:
$${{\text{x}}}_{{\text{R}}}={\uplambda }^{2}+\uplambda +{{\text{a}}}_{2}+{{\text{x}}}_{{\text{P}}}+{{\text{x}}}_{{\text{Q}}}$$(5)$${{\text{y}}}_{{\text{R}}}= (\lambda +1).{{\text{x}}}_{{\text{R}}}+ \lambda .{{\text{x}}}_{{\text{P}}} + {{\text{y}}}_{{\text{P}}}$$(6)
with \(\lambda =\left({y}_{P}+{y}_{Q}\right)/\left({x}_{P}+{x}_{Q}\right){\text{if}}{x}_{P}\ne {x}_{Q}\)
\(\lambda ={x}_{P}+\left({y}_{P}/{x}_{P}\right){\text{if}}{x}_{P}={x}_{Q}\)
3.3 Scalar multiplication
In an elliptic curve, a multiplication between two points of the curve cannot be performed. Using a succession of addition and doubling operations, it is possible to define the multiplication of a point of the curve by an integer. This is called scalar multiplication. For any integer \({\text{n}}\in \mathrm{ N}\) \({\text{n}}\in {\text{N}}\), the multiplication of the point P by n is defined by: \({\text{n}}.\mathrm{P }=\mathrm{ P }+\mathrm{ P }+ \dots +\mathrm{ P}\) \({\text{n}}.{\text{P}}={\text{P}}+{\text{P}}+\dots +{\text{P}}\), n times.
Scalar multiplication is the main operation of a cryptosystem based on elliptic curves. The security of this operation relies on the fact that knowing P and n we can easily compute \(\mathrm{Q }=[{\text{n}}]{\text{P}}\) \({\text{Q}}=[{\text{n}}]{\text{P}}\), but knowing P and Q it becomes difficult to find the integer n which verifies the equation \([{\text{n}}]{\text{P}}=\mathrm{ Q}\) \([{\text{n}}]{\text{P}}={\text{Q}}\). This property is related to the Discrete Logarithm Problem (DLP). The simplest algorithm to compute scalar multiplication is the algorithm proposed by Coron et al. in 1999 [20], Double-and-Add.
3.4 Lightweight ECC implementation for constrained devices
Elliptic curve cryptosystems are very effective in ensuring data security and data integrity which make them widely used for IoT applications such as Wireless Sensor Networks (WSN) and Radio Frequency Identification (RFID). Despite their small key size and fast implementation, ECC cryptosystems still require intensive calculations. To adapt the implementation of these cryptosystems to limited-resource applications, we need to carefully optimize them in terms of resource requirements and computing power. To have a lightweight implementation of a scalar multiplication algorithm that suits the limited computing power and the limited nature of constrained devices, it is necessary to deal with some parameters that influence the implementation cost. These parameters can be the finite field, the elliptic curve form, and the coordinate system used.
3.4.1 Choice of a finite field
Most elliptic curves are defined in practice on binary fields \({{F}_{2}}^{m}\) or prime fields \({F}_{p}\). The elements of binary fields \({{F}_{2}}^{m}\) are polynomials of degree \(\left(m-1\right)\) with coefficients in \({F}_{2}:\left\{0,1\right\}\). So, each element of \({{F}_{2}}^{m}\) is represented as: \(A=\sum\limits_{i=0}^{m-1}{a}_{i}.{x}^{i}\)
The elements of the prime field are integers modulo p where p is a prime number, and all field operations are computed modulo p. For binary fields, the addition operation corresponds to a simple bit-wise XOR of the polynomial coefficients, and similarly for the subtraction operation. Whereas in \({F}_{p}\) fields, addition is a modular operation with carry propagation. This modular addition is more expensive in area and computation time than the simple XOR [42]. Indeed, the arithmetic on \({F}_{p}\) requires the carry propagation during the addition or multiplication calculation. Binary fields avoid all constraints related to carry propagation during multiplication and addition operations. For this reason, binary fields are considered simpler and faster than prime fields in hardware implementation. Also, the square operation in binary field is much faster than that in prime field [43]. Therefore, to have a lightweight hardware implementation of an elliptic curve scalar multiplication it is suitable to choose the binary filed instead of prime field.
3.4.2 Elliptic curve model used
The choice of a well-defined curve model can speed up scalar multiplication calculation, since the group laws depend on the type of elliptic curve chosen. The first proposed model of elliptic curves is the Montgomery curve [44], which is used to speed up the computation of scalar multiplication in the prime field \({F}_{p}\). For the \({{F}_{2}}^{m}\) binary fields, most elliptic curves models are an adaptation of the models defined for the prime fields \({F}_{p}\). Such was the case for Edwards binary curves [45]. The other models of the elliptic curves in characteristic 2 fields, including Koblitz curves, are Hesienne curves, Huff binary curves, and μ4-normal forms. In this section we will focus on the required costs of the different models of elliptic curves defined over binary field.
The Table 1, presents the cost in number of operations required to perform the scalar multiplication for each model of the elliptic curves defined over \({{F}_{2}}^{m}\) [46].
Indeed, for all the group laws on elliptic curves the computation of point doubling operation is much faster than point addition. In this way, the high number of point addition operations may reduce the performance of the scalar multiplication calculation. In order to have the most efficient elliptical curve model, we will choose the less expensive one in the calculation of the point addition operation.
Table 1 shows that the Koblitz form of elliptic curves has the best features to speed up the calculation of the scalar multiplication in \({{F}_{2}}^{m}\). They require only eight multiplication operations for point addition and three multiplication operations for point doubling.
3.4.3 Choice of coordinate system
From Eqs. 5 and 6, a point addition, as well as a point doubling operation, require one inversion, two multiplications, and one square. However, the inversion operation in finite fields is very expensive compared to other operations. To solve this problem, Eq. 2 of the curve in affine coordinate, is replaced by the equation defined in projective space:
Indeed the conversion from the affine plane to projective is done by the assignments:\(X=x\),\(Y=y\) and \(Z=1\) he conversion in the opposite direction is done by \(x=X/{Z}^{c}\) and \(y=Y/{Z}^{d}\) with c is an integer ∈ [1, 2] and d is an integer ∈ [1, 3] and their values depend on the type of projective coordinates used.
There are three types of projective coordinates for elliptic curves defined on \({{F}_{2}}^{m}\):Standard projective coordinates (with c = 1 and d = 1), Jacobian projective coordinates (with c = 2 and d = 3), and Lopez and Dahab projective coordinates (with c = 1 and d = 2).
Ideally, the most appropriate coordinate system is the one that ill perform the minimum number of operations to calculate an addition and a doubling. Several studies have shown that the Lopez and Dahab coordinates are the best choice for binary fields and are the least expensive in terms of the number of operations required for the scalar multiplication calculation. In addition to the choice of binary operations to perform the calculation of the scalar multiplication operation, the choice of Lopez and Dahab coordinates can further reduce the cost of the implementation in terms of power and area.
Table 2 summarizes the requirements in number of operations of different projective coordinates for \({{F}_{2}}^{m}\) field, where M indicates a multiplication operation, S a square, and I represents an inversion operation. The addition operation is neglected in the binary fields since it is performed by a simple XOR. This table justifies well our choice of the L&D coordinates to reduce the number of operations needed to calculate the doubling and addition operations.
3.5 Lopez and Dahab coordinate system
Lopez and Dahab are projective coordinates with c = 1 and d = 2. The presentation of a point \(P\left(x,y\right)\), in the Lopez and Dahab coordinate system, has three terms \(\left(X=x,Y=y,Z=1\right)\) such that \(\left(X/Z,Y/{Z}^{2}\right)\) defines the equation of the curve E in \({{F}_{2}}^{m}\)[48]. The Eq. (7) of the elliptic curve in projective coordinates becomes in Lopez and Dahab:
The explicit formulas relating to the Lopez and Dahab coordinates are as follows:
-
The point \(\mathrm{O }= (\mathrm{1,0},0)\) \({\text{O}}=(\mathrm{1,0},0)\), presents the point at infinity.
-
The opposite of the point \(P\left(X,Y,Z\right)\) is given by the point \(-P=\left(X,X+Y,Z\right)\).
-
The result \(\left({X}_{3},{Y}_{3},{Z}_{3}\right)\) of the addition of two points \({P}_{1}\left({X}_{1},{Y}_{1},{Z}_{1}\right)\) and \({P}_{2}\left({X}_{2},{Y}_{2},{Z}_{2}\right)\) in Lopez Dahab coordinates is as shown below:
$$\begin{array}{cc}A={Y}_{2}.{Z}_{1}^{2}+{Y}_{1}& E=A.C\\ \begin{array}{c}\mathrm{ B}= {{\text{X}}}_{2}. {{\text{Z}}}_{1} + {{\text{X}}}_{1} \\ \begin{array}{c}C={Z}_{1}.B\\ \begin{array}{c}D={B}^{2}\left(C+{aZ}_{1}^{2}\right)\\ {{\varvec{Z}}}_{3}={{\varvec{C}}}^{2}\end{array}\end{array}\end{array}& \begin{array}{c}{{\varvec{X}}}_{3}={{\varvec{A}}}^{2}+{\varvec{D}}+{\varvec{E}}\\ \begin{array}{c}F={X}_{3}+{X}_{2}.{Z}_{3}\\ \begin{array}{c}G=\left({X}_{2}+{Y}_{2}\right).{Z}_{3}^{2}\\ {{\varvec{Y}}}_{3}=\left({\varvec{E}}+{{\varvec{Z}}}_{3}\right).{\varvec{F}}+{\varvec{G}}\end{array}\end{array}\end{array}\end{array}$$
The result of the point doubling calculation of \({P}_{1}\left({X}_{1},{Y}_{1},{Z}_{1}\right)\) gives the point \(2P=\left({X}_{3},{Y}_{3},{Z}_{3}\right)\), where the coordinates \({X}_{3}\),\({Y}_{3}\) and \({{\text{Z}}}_{3}\) \({{\text{Z}}}_{3}\) are given by the following formulas:
We can conclude that the number of operations necessary to perform the point addition and point doubling in Lopez and Dahab coordinates are identical to the number shown in Table 2.
4 Side-channel attack on ECC
Physical attacks targeting an ECC algorithm can be classified into two main categories: passive and active attacks. Passive attacks allow observing the circuit behavior such as power consumption, electromagnetic radiation, and execution time. Active attacks are disruption attacks such as fault injection or modification of a set of bits. Side-channel attacks have revealed a significant ability to attack the hardware implementation of all modern cryptographic primitives such as AES, RSA and ECC and gain access to shared secret information [49]. For this reason, in this section, we will list and describe the operating principle of different types of side-channel attacks targeting ECC cryptosystems. In addition, we highlight the deficiencies and security limitations of the various countermeasure methods proposed to defeat these attacks.
4.1 Simple power analysis attack (SPA)
The first type of power analysis attacks targeting ECC algorithms is the SPA [9]. Several ECC algorithms are often proposed to prevent these types of attacks by standardizing the number of addition and doubling operations of the scalar multiplication.
The Algorithm1, called double-and-add algorithm, presents the first scalar multiplication algorithm proposed by Coron in 1999 [20]. It returns as output the value \(\left[d\right]P\), where d is its secret key and P is a point on the curve. This algorithm is interpreted as vulnerable to SPA attacks. Coron et al. then proposed Algorithm 2, a modification of the Double-and-add algorithm, as a countermeasure to SPA attacks.
As we can see in Algorithm 2, the lines 3 and 4 compute doubling and addition operation at each execution and whatever the bit value of the scalar d. This method is effective against such attacks, but it is not efficient in terms of computation since all calculation done needs \(\left(n-1\right)\) addition operations and \(\left(n-1\right)\) doubling operations. Moreover, if the value of scalar d is equal to 0, the instruction on line 4 becomes useless. If an attacker injects a fault attack into the \(Q\left[1\right]\) value of line 4, it will be possible to find the scalar value at this step. If the fault is propagated to the output, i.e., the scalar bit is equal to one, otherwise, it is equal to 0. This is called a safe-error attack.
4.2 Differential power analysis attack (DPA)
The DPA attack is a more sophisticated type of side-channel attack [c]. Unlike SPA attack, DPA requires a statistical analysis of a large number of power traces.
4.2.1 DPA explanation
The principle of the DPA attack is based on the fact that the power consumption of a given instruction changes according to the values of the executed bits, 0 or 1. This modification gives the attacker additional information about the data being manipulated. For encryption algorithms, this information can be private parameters. The application of this attack requires the extraction of several power traces which will then be statistically analyzed to find the secret key. This attack has been generalized on elliptic curves by Coron et al. in 1999 in their paper [20]. For an elliptic curve crypto-system, the attacker observes the circuit behavior during a large amount of scalar multiplication. He saves for each scalar multiplication operation the power trace T and the corresponding point P or message m.
The principle of the DPA attack is as follows:
-
Collect N consumption traces \({T}_{i}\) corresponding to the execution of the scalar multiplication operation with N different points \({P}_{i}\) of the curve using the same secret key.
-
Knowing the implemented algorithm, the attacker uses a hypothesis on a part of the key for each input \({P}_{i}\).
-
Recover the result obtained from each message \({P}_{i}\).
-
Choose a selection function to divide the N consumption curves into two subgroups.
-
Calculate the difference between the averages of the subgroups.
If a peak value appears within the difference between the averages, then the adversary assumption about the key portion is true; otherwise, the assumption is false. To find the full secret key, the following attack steps will be replayed for every bit of the scalar.
4.2.2 DPA implementation criteria
To successfully implement the DPA attack in scalar multiplication algorithm, the attacker must be able to obtain several power consumption traces using the same secret key. The traces must be well synchronized to properly analyze them. The efficiency of this attack depends on the number of power traces recovered. In fact, the greater the number of traces used, the more the precision of the attack increases [50].
4.3 Refined power analysis (RPA) attack
RPA attack can be implemented if the attacker can choose special points on the curve for which one of the coordinates, affine or projective, is equal to zero. In the beginning, the attacker chooses the specific point \(S=\left(0,y\right)\). It is assumed then that the \(\left(n-1-i\right)\) most significant bits of k are known by the attacker. The attacker calculates the point \(P= \left[{\left({k}_{\left(n-1\right)} , ... , {k}_{\left(i+1\right)}\right)}^{-1} mod \#E\right]S\). To determine the value of bit i of scalar d, the opponent sends the point P to the scalar multiplication calculation process to compare the obtained results with the estimated one [51]. Goubin et al. have shown in their paper [33] that choosing a special point of coordinate x or y equal to zero makes any randomization ineffective against this type of attack. This is because multiplying the zero coordinate of a specific point \({P}_{0}\) by any random number always gives a zero.
4.4 Zero-value point attack (ZPA)
The ZPA attack is an extension of the RPA attack proposed by Akishita et al. in [34]. The principle of this attack is that even if a point does not have any coordinates equal to zero, the intermediate registers can take a null value during certain calculations of the scalar multiplication with some point P. This attack target the registers of the addition operation. The ZPA attack finds the key from the most significant bit. It is supposed that the attacker knows the most significant bit and looks for the second most significant bit. This is done if the attacker can generate zero-value registers for addition and doubling formulas. If, after executing iteration \(\left(n-2\right)\), the Double \(2Q\) and Addition \(\left(2Q,Q\right)\) operations have zero-value registers, the attacker can determine that the bit value of the scalar at this iteration is equal to 0. Otherwise, if the Double \(3Q\) and Addition \(\left(3Q,Q\right)\) operations have zero-value registers, the scalar bit in this case is equal to 1.
According to Akishita, a point P is said to be a zero-value point if and only if it satisfies the following conditions:
-
\(3{x}^{2}+a=0\).
-
\(5{x}^{4}+2{ax}^{2}-4bx+{a}^{2}=0\).
-
The order of the point P is equal to 3.
-
\(x\left(P\right)=0\) or \(x\left(2P\right)=0\).
-
\(y\left(P\right)=0\) or \(y\left(2P\right)=0\).
The possibility of the auxiliary registers becoming null is great. As mentioned above, the multiplication of a null quantity by a random integer always remains null which makes the randomization of these registers inapplicable to this type of attack.
4.5 DPA counter-measure methods
Several works have shown that SPA countermeasures are inefficient for DPA attacks. For this reason, the protection of the scalar multiplication algorithm against DPA attacks has been the subject of several research studies. To achieve this objective, Coron et al. proposed in [20] three DPA countermeasure methods: randomization of the secret key, blinding of the point P, and randomization of the projective coordinates.
4.5.1 Randomization of the secret key
The first method of DPA countermeasure consists in choosing a random number d and replacing the key k by \({k}{\prime}=k+d\left(\#E\right)\) with \(\left(\#E\right)\) presents the cardinality of the curve. The calculation of \(\left[{k}{\prime}\right]P\) gives \(\left(k+d\left(\#E\right)\right)P=kP+d\left(\#E\right)P=kP\), since \(\left(\#E\right)P=\infty\).
This method is supposed to be effective against DPA, since the number d is chosen randomly, and it changes at each execution. But Okeya et al. showed in their paper [52] that, by statistically analyzing the value of k’, the attacker can obtain information about the value of the secret key k.
Fouque et al. analyzed in [31] the efficiency of this first method of countermeasure against the doubling attack. The doubling attack looks for similarities in the calculations with point P and point \(2P\). We calculate the quantities \(\left[d\right]P\) and \(\left[d\right]2P\) using the double-and-add algorithm. If the result of the doubling operation when calculating \(\left[d\right]P\) at iteration \(\left(i-1\right)\) is similar to that of doubling when calculating \(\left[d\right]2P\) at iteration i, we can conclude that the bit of the scalar d used is equal to zero.
4.5.2 Blinding the point P
The blinding of the point P consists in adding to it a secret random point R, where \(S=dR\). The principle of this method is to calculate \(Q=d\left(R+P\right)\) instead of \(dP\) and then to subtract the quantity S from the value of Q. The values of R and \(S\) must be updated at each execution by calculating \(R={\left(-1\right)}^{b}2R\) and \(S={\left(-1\right)}^{b}2S\), where b is a randomly chosen bit. This makes the DPA attack infeasible since the point changes at each new execution. Fouque et al. have shown in [31] that even the second DPA countermeasure is vulnerable to the doubling attack. In fact, when the attacker sends the point P, the algorithm proceeds with the point \(\left(P+R\right)\). Then it sends the point \(2P\) and the computation process runs with the point \(2\left(P+R\right)\) which is almost equal to \(2P+2R\). Then the attacker compares the execution of two requests sent at iteration (i) and iteration \(\left(i-1\right)\) to find the value of the secret key.
4.5.3 Randomization of projective coordinates
The method of randomizing the projective coordinates [20] consists in multiplying the coordinates \(\left(X,Y,Z\right)\) of the point P by a randomly chosen integer \(\lambda \ne 0\) to obtain \(P\left(\lambda X,\lambda Y,\lambda Z\right)\). This randomization is carried out at the beginning of each execution of the scalar multiplication operation or after each point addition and point doubling operations. Since the value of \(\lambda\) is randomly chosen, so it will be updated at each execution. Ha et al. showed in [53] that this method of countermeasure is not effective against the ZPA attack. Goubin showed that even with the coordinate randomization method, one of the coordinates of this point always remains equal to zero. This makes Coron's third method ineffective against this type of attack.
4.5.4 Random key splitting
The principle of this countermeasure method is to divide the scalar k into two parts: \(k={k}_{1}+{k}_{2}\).Then, execute the operations \({Q}_{1}=\left[{k}_{1}\right]P\) and \({Q}_{2}=\left[{k}_{2}\right]P\). According to Tunstal et al. [54] there are three methods of scalar division to prevent the DPA attack:
-
Additive splitting: by choosing a random number r, we calculate the new key \({k}^{\mathrm{^{\prime}}}=r+\left(k-r\right)\). The scalar multiplication is done in this case by calculating: \(\left[{{\text{k}}}^{\mathrm{^{\prime}}}\right]{\text{P}}= \left[{\text{r}}\right]\mathrm{P }+ \left[{\text{k}}-{\text{r}}\right]{\text{P}}= \left[{\text{r}}\right]\mathrm{P }+ \left[{\text{k}}\right]{\text{P}}-[{\text{r}}]\mathrm{P }= [{\text{k}}]{\text{P}}\) \(\left[{{\text{k}}}^{\mathrm{^{\prime}}}\right]{\text{P}}=\left[{\text{r}}\right]{\text{P}}+\left[{\text{k}}-{\text{r}}\right]{\text{P}}=\left[{\text{r}}\right]{\text{P}}+\left[{\text{k}}\right]{\text{P}}-[{\text{r}}]{\text{P}}=[{\text{k}}]{\text{P}}\)
-
Multiplicative splitting: The multiplicative splitting of the scalar k consists in calculating \(\left[{k}{\prime}\right]P=\left[k.r-1\right].\left[r\right]P\), where r is a randomly chosen number and \(\left(r-1\right)\) is its multiplicative inverse [55].
-
Euclidean splitting: This method allows to replace the scalar multiplication \(\left[k\right]P\) by \(\left[k'\right]P=\left[\left\lfloor\frac kr\right\rfloor\left[r\right]P\right]+\left[kmodr\right]P\). The number r is a chosen random integer of size \(\frac{n}{2}\), where n is the size of the key k [56].
4.5.5 Randomized curve isomorphism
The randomized curve isomorphism method consists in transforming the calculation from a curve E to an isomorphic curve E’ of E, such that for a number \(r\in K\), the coefficients of the curve E’ are \({a}^{\prime}={r}^{4}.a\) and \({b}^{\prime}={r}^{6}.b\). The scalar multiplication is performed in the curve E’. In fact, for any point \(P\in E\), the point \({P}^{\prime}=\left({r}^{2}.x,{r}^{3}.y,z\right)\) is determined to calculate the scalar multiplication \({Q}^{\prime}=\left[k\right]{P}^{\prime}=\left({x}_{Q},{y}_{Q}\right)\). To bring the result back to the initial curve E, the point \(Q=\left({x}_{Q}/{r}^{2},{y}_{Q}/{r}^{3}\right)\) is calculated. Joye et al. showed in their paper in [27] that this method is only successful with the prime fields. Since in binary fields the isomorphism of a point P does not affect its x-coordinate, the system remains vulnerable to DPA attacks. So, it can be seen that this method is not effective with field of characteristic 2. Randomized curve isomorphism can be effective with binary fields if another countermeasure method is included. But Abar et al. noted in their paper [29] that this countermeasure method is still vulnerable to RPA and ZPA attacks.
4.5.6 BRIP (Basic Random Initial Point) method
Mamya et al. have proposed in [57] a new countermeasure method, Basic Random Initial Point, based on the use of a random point. This method is secure against DPA and SPA attacks and supposedly secure against ZPA and RPA attacks. The principle of this method is to calculate the quantity \({Q}^{\prime}=\left[k\right]P+R\), choosing a random point R of the curve. Then, in order to obtain the final result \(Q=\left[k\right]P\), the R point must be subtracted from the quantity Q’. As long as the value of the point R changes at each execution, the output registers of the addition and doubling operations, therefore, change after each execution. Algorithm 3 describes in detail the principal sequence of this method applied to double-and-add-always algorithm. According to Abar et al. [29], this method of countermeasure is effective against several types of power attacks at the same time, but, on the other hand, it is applicable only for left-to-right scalar multiplication algorithm.
In this section, we have listed the different DPA counter-measure methods. It is well known that protecting an algorithm against one type of attack makes it vulnerable to another type. As we have seen, each of these presented DPA countermeasures have weaknesses against ZPA, RPA, and doubling attacks. As we can see from Algorithm 3, the register \({T}_{2}\) is only used when the scalar bit k is equal to 1. In this way, this register can be targeted by a safe-error attack. By injecting an error into \({T}_{2}\) it can be determined whether the bit value of k is equal to 1 or 0. In this way we can easily find out the whole scalar value d after many executions. The BRIP method is thus vulnerable to safe-error attack. Our objective is therefore to propose a new DPA counter-measure method that takes into account other potential attacks and fault attacks.
5 Choice of secure scalar multiplication algorithm
There are several proposed scalar multiplication algorithms, which differ in their cost calculation and security against different types of attacks. For this reason, this section is dedicated for a comparative study between these different algorithms to choose the most secure and efficient one to be implemented.
The first proposed scalar multiplication algorithm is double-and-add (Algorithm 1). Coron et al. have often shown that this algorithm is vulnerable to a simple power analysis (SPA) attack. This algorithm calculates the doubling of point P at each iteration and if the bit value of k is equal to 1 it adds point P to the doubling result. These two operations of the points have different power consumption. A simple power consumption analysis of this algorithm can easily determine when the scalar bit is equal to one and when it is equal to zero. Coron proposed then the double-and-add-always algorithm (Algorithm 2) as a countermeasure for this type of attack. At each iteration, Algorithm 2 performs an addition operation and a doubling operation. Then, depending on the bit value of the d scalar, the output takes either the register value \(Q\left[0\right]\) or \(Q\left[1\right]\). The power consumption of this algorithm is the same at each iteration. The security of algorithm 2 against SPA attacks makes it vulnerable to another type of attack, C-safe-error-attack. If the bit of the scalar is equal to 0, the output of the scalar multiplication algorithm takes the value of the register\(Q\left[0\right]\), so the instruction \(Q\left[1\right]\leftarrow ECADD\left(Q\left[0\right], P\right)\) on line 4 becomes dummy operation. Based on this property, the attacker injects an error on line 4 of the algorithm to find out the bit value of scalar d. If this error propagates to the algorithm output, this means that the scalar bit is equal to 1, otherwise it is equal to 0. To determine the whole binary sequence of the key k, the attacker must repeat this calculation every iteration of the algorithm. To avoid the vulnerability to safe-error attacks, the Montgomery Ladder algorithm (Algorithm 4) is proposed as a counter-measure method for the scalar multiplication.
Fan et al. assumed in [35] that the Montgomery Ladder algorithm is a countermeasure to the C-safe-error attack because it avoids the use of any dummy operations. On the other hand, Joye et al. have demonstrated that the classical Montgomery ladder algorithm of scalar multiplication computation is subject to M-safe- error attacks [22]. Later, Dubeuf et al. demonstrated in [58] the deficiency of Fan et al.'s hypothesis, and showed that Montgomery's algorithm is weak in front of C-safe-error attacks. For example, when the bit-value of the scalar d of algorithm 4 is equal to 0, and if an error is injected in the instruction \(R1 \leftarrow R0 + R1\) of line 3.1, the output will take the value of \({\text{R}}0\). This way the error cannot be transmitted to the output. In this case, the operation \(R1 \leftarrow R0 + R1\) is assumed as a dummy operation. This justifies that the Montgomery ladder algorithm is always subject to the safe-error attack. For this reason, Dubeuf proposed in his paper [58] his scalar multiplication algorithm which is effective against both SPA and Safe-error attacks.
5.1 Dubeuf et al.’s scalar multiplication algorithm
Dubeuf et al. proposed in 2017 [58] a scalar multiplication algorithm secured against SPA and safe-error attacks. This algorithm, presented by Algorithm 5, uses a unified number of addition and doubling operations independently of the bit value of the scalar k and avoids the use of dummy operations. In line 4.2, depending on the value of bit \({k}_{i}\), the algorithm performs either addition or subtraction of point P. If the value of bit \({k}_{i}=0\) the algorithm will executes \(Q=Q-P\), otherwise it calculates \(Q=Q+P\). Dubeuf et al. have presented their algorithm as resistant to C-safe-error attacks. All instructions implemented in this algorithm are used to calculate the final scalar multiplication output. Subsequently, the attacker cannot find dummy operations to successfully apply the safe-error attack.
As we can see from the line 4.2, the Dubeuf algorithm performs either point addition or point subtraction operation depending on the bit value ki. For an elliptic curve, subtracting the point Q from P, consists in adding (-Q) the opposite of the point Q to P. The difference in energy consumption between addition and subtraction operations is related to the calculation of the point's opposite (-Q). This distinction in power consumption between the two operations makes the algorithm vulnerable to SPA attacks. To avoid this security weakness, we have proposed Algorithm 7 to perform and implement addition and subtraction operations over binary fields, using the same number of arithmetic operations. In this case, calculating the opposite of a Q point consists in replacing its y coordinate by (x + y) via a simple XOR between x and y (line 5). This involves the same power consumption for addition and subtraction operations. The attacker is, therefore, unable to differentiate between the two operations and subsequently, he cannot have any information about the key. Thanks to this property, the scalar multiplication algorithm becomes perfectly protected against SPA attacks.
These advantages do not avoid the vulnerability of this algorithm to DPA attacks. Using the same private key during several executions of the scalar multiplication algorithm increases vulnerability to DPA attacks. Therefore, it still insufficient to protect the algorithm against SPA attacks, it is also necessary to protect it against DPA attacks. The objective of this article is to propose a new counter-measure method, dedicated to the Dubeuf’s algorithm, to prevent its susceptibility to DPA attacks.
5.2 Hardware implementation results
To optimize the hardware implementation of this chosen scalar multiplication algorithm, we used the computational blocks described in Fig. 1. These blocks are implemented by using the parameters described in section III.D.
As illustrated in Fig. 1, our hierarchical structure is decomposed of four blocks of calculation. The first block allows to calculate the arithmetic operations defined over binary field. Then, the affine-projective conversion operation is carried out in the second block. The third block is dedicated to the calculation of Lopez & Dahab addition and doubling operations. And finally, the fourth block is devoted to reconverting the obtained results into affine coordinates by the projective-affine conversion operation.
5.2.1 Arithmetic operations
The calculation of the multiplication of two binary numbers is performed using Bit-Serial Multiplication (BSM) algorithm. Table 3 presents the binary multiplication performance calculation in comparison with other modular multipliers.
The results mentioned in Table 3 show that our implementation of the multiplication operation is the least expensive in number of LUTs. Consequently, we can see that the Bit-Serial Multiplication algorithm, implemented using Virtex-7 board, presents the best computation performance for \({F}_{2}^{163}\) binary field and offers a significant optimization in the number of occupied slices and LUTs. In addition, we can notice from the synthesis results obtained in Table 3, that our implementation is the fastest in execution time compared to other variants of multiplication operations.
The binary modular inversion is performed based on Modified Almost Inversion Algorithm (MAIA). This algorithm is considered as a variant of the Extended Euclidean Algorithm (EEA), dedicated to the calculation with integers [64]. The hardware implementation costs of the MAIA algorithm in comparison with the other inversion computation algorithms in \({F}_{2}^{163}\) is described in Table 4. As shown from this table, MAIA has been selected as the less complex than other variants of modular inversion algorithms in number of slices and LUTs.
5.2.2 Doubling addition operations
Before performing the scalar multiplication operation, the doubling and addition algorithms must first be implemented in \({{F}_{2}}^{m}\) field. There are several algorithms for calculating point doubling and point addition in projective coordinates, which differ in the number of the required operations: multiplication and square. As indicated in section III.D.4, the Lopez and Dahab (L&D) projective coordinate system gives us the least expensive addition and doubling algorithms in terms of number of arithmetic operations. For this reason, we have chosen the LD-doubling algorithm presented by Algorithm 6 [65], for point doubling calculation, which requires only 3M and 5S.
For point addition calculations, L&D coordinate systems offer the best choice in terms of arithmetic operations required [66]. Therefore, we have implemented our proposition: LD-affine addition/subtraction algorithm, which presents a modified version of the algorithm proposed in [66]. Our proposed algorithm mixes affine and projective coordinates to reduce as much as possible the number of multiplication and square operations required. As presented in Table 2, it needs a total of 8M and 5S operations instead of 12M and 6S for the L&D addition algorithm. Furthermore, as mentioned in section V-A, this algorithm differs from the initial algorithm [66] by line 5. Indeed, if the selection bit s is equal to 1, the coordinate \({Y}_{0}\) takes the value \(\left(x+y\right)\), in this way the algorithm executes the point subtraction \({P}_{1}-{P}_{0}\). Otherwise, \({Y}_{0}\) gets the value of y and in this case the addition operation \({P}_{1}+{P}_{0}\) is performed. Consequently, this algorithm performs point addition and subtraction operations at the same time, using the same number of multiplication and square operations, ensuring perfect protection against SPA attacks.
5.2.3 Scalar multiplication operation
In this section, we present the synthesis implementation results of the scalar multiplication algorithm described in V-A. We have performed the scalar multiplication calculation, in \({F}_{2}^{163}\) field, based on the calculation blocks defined in Fig. 1.
We have chosen the BSM algorithm, and the MAIA algorithm to compute respectively the multiplication and inversion operations. Thanks to their low complexity compared to other algorithm variants, these two algorithms enabled us to optimize our implementation by decreasing the number of resources needed. On the other hand, we have seen in section (III.D.3) that the projective L&D coordinates offer an important reduction in the number of arithmetic operations required to perform the addition and doubling operations. All these factors have a great impact on the reduction of the consumption of our implementation in number of resources and arithmetic operations. Consequently, the calculation of the scalar multiplication using Algorithm 5 requires a number of n doubling operations and \(\left(n+1\right)\) adding operations.
Our binary processor was implemented on \({F}_{2}^{162}\) field using a Virtex-7 FPGA device, without using any on-board blocks or DSP. Table 5 provides a performance comparison between the implementation of scalar multiplication computation designed in this paper and others proposed in existing studies, in terms of number of occupied slices, number of LUTs, execution time, maximum frequency and efficiency. According to [67], the calculation of the efficiency of our work is done according to the following formula:
where m is the number of bits or the order of finite filed used, a refers to the number of occupied slices and t is the execution time of our implementation. The measurement unit of the efficiency factor is Kbps/slice. The calculation of this term permits to compare implementations carried out using the same finite field order but that differ in hardware architecture.
However, increasing the efficiency factor of a scalar multiplication implementation depends on increasing the area and the processing time. A compromise between these two parameters (area and number of slices) must be found to obtain the best efficiency value. Based on this metric, we calculated the efficiency of each analyzed work to compare them with our implementation. As it is indicated in Table 5, our implementation uses only 4045 slices and an execution time of 2.6 μs. By analyzing this hardware implementation, we can conclude that the combination of our results provides a good efficiency compared to other works that use the same FPGA device. The required implementation time of our combination is respectively 18.23% and 42.82% less than the fastest previous work [68] and [69]. In addition, the efficiency is, respectively, 19.43% and 24.52% higher. Based on the results obtained in Table 5, we note that our implementation has the best efficiency results.
6 Our proposed counter-measure method
In this section, we will describe our DPA counter-measure method applied for the Dubeuf algorithm previously described. This countermeasure is based on the point randomization method. We have previously cited several methods of DPA countermeasure based on scalar, point, and isomorphism randomizations. But as explained in Sect. 3.5, each method has its failures against certain other types of attacks. For this reason, we have decided to propose a new counter-measure method that is secure against most power attack variants.
6.1 Security analysis against DPA
Our proposal presented by algorithm 6, is inspired by the BRIP method, thanks to its effectiveness against many power attacks, except that it is only applicable to the double-and-add algorithm. The BRIP method consists in calculating \(k\left[P\right]+R\) instead of \(\left[k\right]P\) and subtracting the point R afterward to retrieve the appropriate result of \(\left[k\right]P\). This method is assumed to be resistant against DPA. Likewise, our algorithm is based on the use of random point R to randomize all the registers used in the doubling and addition operations. The random point R will be inserted at the initialization step of point P, in line 3 of Algorithm 6. This means that the randomization will not affect the uniformity of the addition and doubling operations used in our algorithm. As shown in Algorithm 6, we have kept the same structure of the main algorithm, Algorithm 5. In this way, our algorithm remains effective against SPA attacks.
First, during the “for” loop, a point R was added when the doubling operation was performed. This causes the randomization of the output \({Q}_{0}\) in line 5.1, which will take as a result the quantity \(2P+2R\) instead of \(2P\).
In the remainder of the calculation, to recover the correct result of the scalar multiplication \(\left[2k\right]P\), we will subtract the value \(2R\). For this purpose, the first point R will be subtracted from \({Q}_{0}\) in line 5.2 by adding the point \({Q}_{1}\), which is equal to \(-R\). In the same way, and after executing the entire "For" loop, the second point R is again subtracted from \({Q}_{0}\) in line 7. With this proposed method, the results of the addition and doubling operations will be modified in each new execution of the algorithm since the R value will be modified each time.
The application of our countermeasure method on the Dubeuf algorithm meets the two required criteria for resistance to DPA attacks [75]. The first criteria consists in randomizing treated data during scalar multiplication, and the second one is to ensure constant power consumption at each execution of the algorithm. The Dubeuf’s original algorithm performs the same number of operations at each iteration, resulting in the same amount of power consumption. In addition, the proposed counter-measure method involves the randomization of the data processed during the scalar multiplication. We can thus confirm that our countermeasure method is secure against DPA attack. This method avoids any leakage of secret information by randomizing the processing data during scalar multiplication calculations.
6.2 Security analysis against ZPA/RPA
In this section we will demonstrate that our proposition is resistant to ZPA and RPA attacks. Unlike the Coron’s countermeasure method described in section IV-E-3, the insertion of a random point in the calculation process avoids the possibility of having a specific point \(\left(0,y\right)\) or a zero- value register. Precisely, if the attacker enters a specific point P with coordinates (0,y) and wants to apply a ZPA or RPA attack on our algorithm, no propagation of this zero-coordinate will occur in the calculation.
Our countermeasure method consists in adding a random point R with coordinates (x, y) to the initial point P, which changes completely the value of point P, and the zero value of its x coordinate. Even if we have zero-value registers in our computation algorithm, our countermeasure method is still effective. It ensures propagation of the randomization to the addition and doubling operations, which then leads to the randomization of all registers used in the computation process. All these properties prove the effectiveness of our countermeasure method against different attacks: DPA, ZPA, RPA, and doubling.
6.3 Calculation results
In this section, we present a comparative study between our proposed method and the existing countermeasure methods in terms of required number of arithmetic operations. Consequently, the calculation of scalar multiplication, using our method, requires in total n doubling operations and \(2\left(n+1\right)\) addition operations, with n presents the bit length of our scalar k used. Table 6 presents the number of operations required for our proposed algorithm to perform a scalar multiplication operation in comparison with some existing works. For each cited algorithm, we give the cost per bit of the arithmetic operations used and the additional cost, which results the number of operations performed outside the for loop.
The results obtained in Table 6 show that our proposed algorithm has an acceptable computational performance compared to other scalar multiplication algorithms considering the high security ensured. As it is written in Algorithm 6, our proposal requires two addition operations outside the main loop: one operation during the initialization step (line 3) and another after the end of the for loop (line 7). Moreover, an Affine-to-Projective conversion function is performed at the end of our algorithm requiring only one inversion operation. As a result, the number of additional operations calculated in our proposal is 1I + 16M + 10S instead of 1I + 32M + 12S for the BRIP algorithm.
7 Conclusion
In this paper, we carried out a comparative study between various scalar multiplication algorithms to select the Dubeuf algorithm as the most secure one against SPA and safe-error attacks. Then, we applied the different hardware optimization methods to ensure a lightweight implementation of this algorithm over binary field. This algorithm is very effective against SPA attacks but it still remains vulnerable to differential power analysis attacks such as DPA, ZPA, and RPA. To ensure the security of this algorithm against these types of attack, we have carried out a comparative analysis between the different countermeasure methods proposed to combat these threats.
The weaknesses of these various countermeasure techniques led us to develop a new countermeasure suitable for the Dubeuf et al. algorithm. Our countermeasure method is based on the integration of a random point during the initialization step in order to randomize all the scalar multiplication operation execution. The security analysis of our proposal has demonstrated its effectiveness against DPA, ZPA and RPA attacks, as well as keeping the security of the algorithm against SPA attacks. In terms of computational performance, our algorithm presents an acceptable calculation cost compared with other literature methods. In this paper, our aim is to ensure perfect security against differential power analysis attacks. However, to improve our proposal in terms of computational cost, it will be important to apply additional hardware optimization methods. To achieve this goal, we can propose future contributions that will focus on optimizing the binary field multiplication operation, as it represents the most consuming arithmetic operation.
Data availability
Data sharing not applicable to this article as no datasets were generated or analyzed during the current study.
References
Miller VS (1985) Use of elliptic curves in cryptography. In: Conference on the theory and application of cryptographic techniques. Berlin, Heidelberg: Springer Berlin Heidelberg, pp. 417–426. https://doi.org/10.1007/3-540-39799-X_31
Koblitz BN (1987) Elliptic Curve Cryptosystems 4(177):203–209
Fernández-Caramés TM, Fraga-Lamas P (2018) A Review on the Use of Blockchain for the Internet of Things. IEEE Access 6(May):32979–33001. https://doi.org/10.1109/ACCESS.2018.2842685
Manzoor A, Braeken A, Kanhere SS, Ylianttila M, Liyanage M (2021) Proxy re-encryption enabled secure and anonymous IoT data sharing platform based on blockchain. J Netw Comput Appl 176:102917. https://doi.org/10.1016/j.jnca.2020.102917
Yeh L, Chen P, Pai C, Liu T (2020) An energy-efficient dual-field elliptic curve cryptography processor for internet of things applications. IEEE Transactions on Circuits and Systems II: Express Briefs 67(9):1614–1618
Hammi B, Fayad A, Khatoun R, Zeadally S, Begriche Y (2020) A Lightweight ECC-Based Authentication Scheme for Internet of Things (IoT). IEEE Syst J 14(3):3440–3450. https://doi.org/10.1109/JSYST.2020.2970167
Gyamfi E, Ansere JA, Xu L (2019) ECC Based lightweight cybersecurity solution for IoT networks utilising multi-access mobile edge computing, 2019 4th Int. Conf Fog Mob Edge Comput FMEC 2019:149–154. https://doi.org/10.1109/FMEC.2019.8795315
Bansal M, Gupta S, Mathur S (2021) Comparison of ECC and RSA algorithm with DNA encoding for IoT security. In : 2021 6th international conference on inventive computation technologies (ICICT). IEEE, pp 1340–1343. https://doi.org/10.1109/ICICT50816.2021.9358591
Yadav AK (2021) Significance of elliptic curve cryptography in blockchain IoT with comparative analysis of RSA algorithm. Proc - IEEE 2021 Int Conf Comput Commun Intell Syst ICCCIS 2021:256–262. https://doi.org/10.1109/ICCCIS51004.2021.9397166
Ahmed AA (2021) Lightweight digital certificate management and efficacious symmetric cryptographic mechanism over industrial Internet of Things. Sensors 21(8):2810. https://doi.org/10.3390/s21082810
Munoz-Ausecha C, Ruiz-Rosero J, Ramirez-Gonzalez G (2021) RFID applications and security review. Computation 9(6):69. https://doi.org/10.3390/computation9060069
Arslan A, Çolak SA, Ertürk S (2021) A secure and privacy friendly ECC based RFID authentication protocol for practical applications. Wirel Pers Commun 120(4):2653–2691. https://doi.org/10.1007/s11277-021-08552-7
Noori D, Shakeri H, Niazi Torshiz M (2020) Scalable, efficient, and secure RFID with elliptic curve cryptosystem for Internet of Things in healthcare environment. EURASIP J Inf Secur 2020:1–11. https://doi.org/10.1186/s13635-020-00114-x
Yang XC, Xu CX, Li CR (2020) ECC-Based RFID Authentication Protocol. J Electron Sci Technol 18(4):320–329. https://doi.org/10.11989/JEST.1674-862X.70517019
Alaoui HL, El Ghazi A, Zbakh M (2021) Touhafi A highly efficient ECC-based authentication protocol for RFID. J Sens 2021:1–16
Rostampour S, Safkhani M, Bendavid Y, Bagheri N (2020) ECCbAP: A secure ECC-based authentication protocol for IoT edge devices. Pervasive Mob Comput 67:101194. https://doi.org/10.1016/j.pmcj.2020.101194
Wenger E, Grossschadl J (2012) An 8-bit AVR-based elliptic curve cryptographic RISC processor for the internet of things. In: 2012 45th Annual IEEE/ACM International Symposium on Microarchitecture Workshops. IEEE, pp 39–46. https://doi.org/10.1109/MICROW.2012.20
Kadir SA, Sasongko A, Zulkifli M (2011) Simple power analysis attack against elliptic curve cryptography processor on FPGA implementation. Proc 2011 Int Conf Electr Eng Informat ICEEI 2011(July):11–14. https://doi.org/10.1109/ICEEI.2011.6021757
Clavier C, Marc MJ (2001) Universal exponentiation algorithm a first step towards provable SPA-resistance, Cryptogr. Hardw. Embed. Syst. 2001 Third Int. Work. Paris, Fr. May 14–16, 2001 Proc. 3. Springer Berlin Heidelberg, 2162:300–308. https://doi.org/10.1007/3-540-44709-1_25
Coron JS (1999) Resistance against differential power analysis for elliptic curve cryptosystems, Cryptogr. Hardw. Embed. Syst. First Int. CHES’99 Worcester, MA, USA, August 12–13, 1999, 1717:292–302. https://doi.org/10.1007/3-540-48059-5_25
Certicom Research (2009) Standards for efficient cryptography, SEC 1: Elliptic Curve Cryptography. Stand Effic Cryptogr 1(Sec 1)1–22. https://doi.org/10.1002/smj
Joye M, Yen SM (2003) The Montgomery Powering Ladder, International workshop on cryptographic hardware and embedded systems. Berlin, Heidelberg : Springer Berlin Heidelberg 20022, 523:291–302. https://doi.org/10.1007/3-540-36400-5_22
Kocher P, Jaffe J, Jun B, Rohatgi P (2011) Introduction to differential power analysis. J Cryptogr Eng 1:5–27
Ha JC, Moon SJ (2003) Randomized signed-scalar multiplication of ECC to resist power attacks, Cryptogr. Hardw. Embed. Syst. 2002 4th Int. Work. Redw. Shores, CA, USA, August 13–15, 2002, 2523:551–563. https://doi.org/10.1007/3-540-36400-5_40
Feix B, Roussellet M, Venelli A (2014) Side-channel analysis on blinded regular scalar multiplications. In: Progress in Cryptology--INDOCRYPT 2014: 15th International Conference on Cryptology in India, New Delhi, India, Proceedings 15. Springer International Publishing, pp 3–20. https://doi.org/10.1007/978-3-319-13039-2_1
Chmielewski Ł, Massolino PMC, Vliegen J, Batina L, Mentens N (2017) Completing the complete ECC formulae with countermeasures. J Low Power Electron Appl 7(1):1–13. https://doi.org/10.3390/jlpea7010003
Joye M, Tymen C (2001) Protections against Differential Analysis for ECC. Cryptogr Hardw Embed Syst — CHES’01 LNCS 2162:377–390
Kabin I, Dyka Z, Klann D, Langendoerfer P (2019) Horizontal DPA attacks against ECC: impact of implemented field multiplication formula. In: 2019 14th International Conference on Design & Technology of Integrated Systems In Nanoscale Era (DTIS). IEEE, pp 1–6. https://doi.org/10.1109/DTIS.2019.8735011
Abar R, Valencia C, López J (2019) Survey for performance & security problems of passive side-channel attacks countermeasures in ECC, Cryptology ePrint Archive, pp 1–43. [Online] Available: https://eprint.iacr.org/2019/010.pdf
Fouque PA, Guilley S, Murdica C, Naccache D (2016) Safe-errors on SPA protected implementations with the atomicity technique. The New Codebreakers: Essays Dedicated to David Kahn on the Occasion of His 85th Birthday (2016) 9100:479–493. https://doi.org/10.1007/978-3-662-49301-4_30
Fouque PA, Valette F (2003) The doubling attack–why upwards is better than downwards. In: Cryptographic hardware and embedded systems-CHES 2003: 5th International Workshop, Cologne, Germany, September 8–10, 2003. Proceedings 5. Springer Berlin Heidelberg, pp 269–280. https://doi.org/10.1007/978-3-540-45238-6_22
Fouque PA, Lercier R, Réal D, Valette F (2008) Fault attack on elliptic curve with montgomery ladder implementation. 2008 5th Work. Fault Diagnosis Toler Cryptogr IEEE 2008, 2008:92–98. https://doi.org/10.1109/FDTC.2008.15
Goubin L (2003) A refined power-analysis attack on elliptic curve cryptosystems, Public Key Cryptogr. 2003 6th Int. Work. Pract. Theory Public Key Cryptogr. Miami, FL, USA, January 6–8, 2003 Proc 6 Springer Berlin Heidelb 2567:199–210. https://doi.org/10.1007/3-540-36288-6_15
Akishita T, Takagi T (2003) Zero-value point attacks on elliptic curve cryptosystem. Inf Secur 6th Int Conf ISC 2003, Bristol, UK, Oct. 1–3, 2003. Springer Berlin Heidelb 2851:218–233. https://doi.org/10.1007/10958513_17
Fan J, Guo X, De Mulder E, Schaumont P, Preneel B, Verbauwhede I (2010) State-of-the-art of secure ECC implementations: A survey on known side-channel attacks and countermeasures. Proc 2010 IEEE Int Symp Hardware-Oriented Secur Trust HOST 2010:76–87. https://doi.org/10.1109/HST.2010.5513110
Di Matteo S, Baldanzi L, Crocetti L, Nannipieri P, Fanucci L, Saponara (2021) Secure elliptic curve crypto-processor for real-time iot applications. Energies 14(15). https://doi.org/10.3390/en14154676
Tang H, Ju T, Li Y (2020) Address Collision Attacks on ECSM Protected by ADPA. 2020 17th Int Comput Conf Wavelet Act Media Technol Inf Process ICCWAMTIP 2020:235–239. https://doi.org/10.1109/ICCWAMTIP51612.2020.9317495
Kabin I, Dyka Z, Klann D, Aftowicz M, Langendoerfer P (2021) Resistance of the Montgomery Ladder Against Simple SCA: Theory and Practice. J Electron Test Theory Appl 37(3):289–303. https://doi.org/10.1007/s10836-021-05951-3
Kabin I, Dyka Z, Klann D, Langendoerfer P (2020) Horizontal Attacks Against ECC: From Simulations to ASIC, Computer Security: ESORICS 2019 International Workshops, IOSec, MSTEC, and FINSEC, Luxembourg City, Luxembourg, September 26–27, 2019, 11981(LNCS):64–76. https://doi.org/10.1007/978-3-030-42051-2_5
Mathematik VDFM (2023) Horizontal address-bit SCA attacks against ECC and appropriate countermeasures. Thèse de doctorat. BTU Cottbus-Senftenberg. https://doi.org/10.26127/BTUOpen-6397
Itoh K, Izu T, Takenaka M (2003) Address-bit differential power analysis of cryptographic schemes OK-ECDH and OK-ECDSA. In: Cryptographic hardware and embedded systems-CHES 2002: 4th International Workshop Redwood Shores, CA, USA, August 13–15, 2002 Revised Papers 4. Springer Berlin Heidelberg, pp 129–143
Gallin G (2018) Unités arithmétiques et cryptoprocesseurs matériels pour la cryptographie sur courbe hyperelliptique. Thèse de doctorat. Rennes 1
Rashidi B (2017) A survey on hardware implementations of elliptic curve cryptosystems. arXiv preprint arXiv:1710.08336. http://arxiv.org/abs/1710.08336
Montgomery PL (1987) Speeding the Pollard and Elliptic Curve Methods of Factorization. Math Comput 48(177):243. https://doi.org/10.2307/2007888
Bernstein DJ, Lange T, Rezaeian Farashahi R (2008) Binary edwards curves. Lect Notes Comput. Sci (including Subser Lect Notes Artif Intell Lect Notes Bioinformatics).LNCS 5154(800):244–265. https://doi.org/10.1007/978-3-540-85053-3_16
Loiseau A (2019) Implémentation légère et sécurisée pour la cryptographie sur Courbes Elliptiques pour l'Internet des Objets. Thèse de doctorat. Ecole des Mines of Saint-Etienne
Taverne J (2010) Implementation Efficiente de la Multiplication Scalaire utilisant la Parallelisation 1–34
López J, Dahab R (1999) Improved algorithms for elliptic curve arithmetic in GF(2n), International Workshop on Selected Areas in Cryptography. Berlin, Heidelberg : Springer Berlin Heidelberg 1998, 1556:(107):201–212. https://doi.org/10.1007/3-540-48892-8_16
Liptak C, Mal-Sarkar S, Kumar SAP (2022) Power analysis side channel attacks and countermeasures for the internet of things. In: 2022 IEEE Physical Assurance and Inspection of Electronics (PAINE). IEEE, pp 1–7 https://doi.org/10.1109/PAINE56030.2022.10014854
Lucas A (2019) Support logiciel robuste aux attaques passives et actives pour l'arithmétique de la cryptographie asymétrique sur des (très) petits coeurs de calcul. Thèse de doctorat. Université de Rennes
Murdica C, Guilley S, Danger JL, Hoogvorst P, Naccache D (2012) Same values power analysis using special points on elliptic curves, Third International Workshop, COSADE 2012, Darmstadt, Germany, May 3–4, 2012. Proceedings 3. Springer Berlin Heidelberg LNCS 7275:183–198. https://doi.org/10.1007/978-3-642-29912-4_14
Okey, K, Sakurai K (2000) Power analysis breaks elliptic curve cryptosystems even secure against the timing attack. In: Progress in Cryptology—INDOCRYPT 2000: First International Conference in Cryptology in India Calcutta, India, Proceedings 1. Springer Berlin Heidelberg, p. 178–190
Ha JC, Park JH, Moon SJ, Yen SM (2007) Provably secure countermeasure resistant to several types of power attack for ECC, Information Security Applications: 8th International Workshop, WISA 2007, Jeju Island, Korea, August 27–29, 2007, Revised Selected Papers 8. Springer Berlin Heidelberg 2007. LNCS 4867:333–344. https://doi.org/10.1007/978-3-540-77535-5_24
Tunstall M, Papachristodoulou L, Papagiannopoulos K (2018) Boolean exponent splitting. Cryptology ePrint archive, pp 1–22. https://eprint.iacr.org/2018/1226.pdf
Trichina E, Bellezza A (2003) Implementation of Elliptic Curve Cryptography with Built-in Counter Measures against Side Channel Attacks, Lect. Notes Comput. Sci. (including Subser. Lect. Notes Artif. Intell. Lect. Notes Bioinformatics) 2523:98–113. https://doi.org/10.1007/3-540-36400-5_9
Ciet M, Joye M (2003) (Virtually) free randomization techniques for elliptic curve cryptography, Inf. Commun. Secur. 5th Int. Conf. ICICS 2003, Huhehaote, China, Oct. 10–13, 2003. Proc. 5. Springer Berlin Heidelberg 2836:348–359. https://doi.org/10.1007/978-3-540-39927-8_32
Mamiya H, Miyaji A, Morimoto H (2004) Efficient countermeasures against RPA, DPA, and SPA, Int. Work. Cryptogr. Hardw. Embed. Syst. Berlin, Heidelb. Springer Berlin Heidelberg 2004, 3156:343–356. https://doi.org/10.1007/978-3-540-28632-5_25
Dubeuf J, Hely D, Beroulle V (2017) Enhanced Elliptic Curve Scalar Multiplication Secure Against Side Channel Attacks and Safe Errors, Constructive Side-Channel Analysis and Secure Design: 8th International Workshop, COSADE 2017, Paris, France, April 13–14, 2017, Revised Selected Papers 8. Springer International LNCS Publishing 10348(1)65–82. https://doi.org/10.1007/978-3-319-64647-3_5
Islam MM, Hossain MS, Shahjalal MD, Hasan MK, Jang YM (2020) Area-Time Efficient Hardware Implementation of Modular Multiplication for Elliptic Curve Cryptography. IEEE Access 8:73898–73906. https://doi.org/10.1109/ACCESS.2020.2988379
Sharma A, Bhadada R (2017) KOM multiplier for ECC implementation in FPGA. Int J Control Theory and Appl 10:677–683
Abu Khadra S, Abdulrahman SESE, Ismail NA (2020) Parallel implementation for ECCP based on Montgomery ladder algorithm. In: J Physics: Conference Series. IOP Publishing, p 012046. https://doi.org/10.1088/1742-6596/1447/1/012046
Gallin G, Tisserand A (2019) Generation of finely-pipelined GF ($P$P) multipliers for flexible curve based cryptography on FPGAs. IEEE Trans Comput 68(11):1612–1622
Islam MM, Hossain MS, Hasan MK, Shahjalal M, Jang YM (2020) Design and implementation of high-performance ecc processor with unified point addition on twisted edwards curve. Sensors 20(18):1–19. https://doi.org/10.3390/s20185148
Morales-Sandoval M, Feregrino-Uribe C (2005) A hardware architecture for elliptic curve cryptography and lossless data compression. Proc - 15th Int Conf Electron Commun Comput CONIELECOMP 2005, 2005(December):113–118. https://doi.org/10.1109/CONIEL.2005.8
Brown M, Hankerson D, López J, Menezes A (2001) Software Implementation of the NIST Elliptic. Lect Notes Comput Sci 2020:250–265
Hankerson D, Vanstone S, Menezes A (2004) Guide to elliptic curve cryptography, Springer-Verlag. New York. https://doi.org/10.1007/b97644
Ecc P, Salarifard R, Bayat-sarmadi S, Mosanaei-boorani H (2018) A Low-Latency and Low-Complexity Point-Multiplication in ECC, IEEE Trans. Circuits Syst I Regul Pap 65(9):2869–2877
Khan ZUA, Benaissa M (2017) High-Speed and Low-Latency ECC Processor Implementation over GF(2m) on FPGA, IEEE Trans. Very Large Scale Integr Syst 25(1):165–176. https://doi.org/10.1109/TVLSI.2016.2574620
Li L, Li S (2016) High-performance pipelined architecture of elliptic curve scalar multiplication over GF(2m), IEEE Trans. Very Large Scale Integr Syst 24(4):1223–1232. https://doi.org/10.1109/TVLSI.2015.2453360
Lara-Nino CA, Diaz-Perez A, Morales-Sandoval M (2019) Energy/Area-efficient scalar multiplication with Binary Edwards curves for the IoT. Sensors 19(3):1–35. https://doi.org/10.3390/s19030720
Azarderakhsh R, Reyhani-Masoleh A (2012) Efficient FPGA implementations of point multiplication on binary edwards and generalized hessian curves using Gaussian normal basis, IEEE Trans. Very Large Scale Integr Syst 20(8):1453–1466. https://doi.org/10.1109/TVLSI.2011.2158595
Sutter GD, Deschamps J, Imaña JL (2013) Efficient Elliptic Curve Point Multiplication Using Digit-Serial Binary Field Operations. IEEE Trans Ind Electron 60(1):217–225
Benselama ZA, Bencherif MA, Khorissi N, Bencherchali MA (2014) Low cost reconfigurable Elliptic Crypto-hardware. Proc IEEE/ACS Int Conf Comput Syst Appl AICCSA 2014:788–792. https://doi.org/10.1109/AICCSA.2014.7073281
Imran M, Shafi I, Jafri AR (2017) Hardware design and implementation of ECC based crypto processor for low-area-applications on FPGA. In: 2017 International Conference on Open Source Systems & Technologies (ICOSST). IEEE, pp 54–59
Al-zubaidie M, Zhang Z, Zhang J (2019) Efficient and secure ECDSA algorithm and its applications: a survey. arXiv preprint arXiv:1902.10313
Izu T, Möller B, Takagi T (2005) Improved Elliptic Curve Multiplication Methods Resistant against Side Channel Attacks. IEICE Trans Fundam Electron Commun Comput Sci E88-A(1):161–171. https://doi.org/10.1093/ietfec/E88-A.1.161
Hutter M, Joye M, Sierra Y (2011) Memory-constrained implementations of elliptic curve cryptography in Co-Z coordinate representation, Progress in Cryptology–AFRICACRYPT 2011: 4th International Conference on Cryptology in Africa, Dakar, Senegal, July 5–7, 2011. Proceedings 4. Springer Berlin Heidelberg, 2011. LNCS 6737:170–187. https://doi.org/10.1007/978-3-642-21969-6_11
Rivain M (2011) Fast and regular algorithms for scalar multiplication over elliptic curves., IACR Cryptol. ePrint Arch 2:338. http://dblp.uni-trier.de/db/journals/iacr/iacr2011.html#Rivain11
Author information
Authors and Affiliations
Corresponding author
Ethics declarations
Informed consent
Not applicable.
Human participants and/or animals
Not applicable.
Competing interests
The authors declare no competing of interest.
Conflicts of interest
The authors declare no conflict of interest.
Additional information
Publisher's Note
Springer Nature remains neutral with regard to jurisdictional claims in published maps and institutional affiliations.
Rights and permissions
Springer Nature or its licensor (e.g. a society or other partner) holds exclusive rights to this article under a publishing agreement with the author(s) or other rightsholder(s); author self-archiving of the accepted manuscript version of this article is solely governed by the terms of such publishing agreement and applicable law.
About this article
Cite this article
Gabsi, S., Kortli, Y., Beroulle, V. et al. Proposal of a lightweight differential power analysis countermeasure method on elliptic curves for low-cost devices. Multimed Tools Appl 83, 74657–74683 (2024). https://doi.org/10.1007/s11042-024-18368-9
Received:
Revised:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s11042-024-18368-9