Abstract
Elliptic curves based algorithms are nowadays widely spread among embedded systems. They indeed have the double advantage of providing efficient implementations with short certificates and of being relatively easy to secure against side-channel attacks. As a matter of fact, when an algorithm with constant execution flow is implemented together with randomization techniques, the obtained design usually thwarts classical side-channel attacks while keeping good performances. Recently, a new technique that makes randomization ineffective, has been successfully applied in the context of RSA implementations. This method, related to a so-called horizontal modus operandi, introduced by Walter in 2001, turns out to be very powerful since it only requires leakages on a single algorithm execution. In this paper, we combine such kind of techniques together with the collision correlation analysis, introduced at CHES 2010 by Moradi et al., to propose a new attack on elliptic curves atomic implementations (or unified formulas) with input randomization. We show how it may be applied against several state-of-the art implementations, including those of Chevallier-Mames et al., of Longa and of Giraud-Verneuil and also Bernstein and Lange for unified Edward’s formulas. Finally, we provide simulation results for several sizes of elliptic curves on different hardware architectures. These results, which turn out to be the very first horizontal attacks on elliptic curves, open new perspectives in securing such implementations. Indeed, this paper shows that two of the main existing countermeasures for elliptic curve implementations become irrelevant when going from vertical to horizontal analysis.
Similar content being viewed by others
Notes
We shall sometimes need to consider the known value as a pair of variables: in this case we will use the notation (X,Y) instead of X.
In contexts where the adversary is not allowed to choose the algorithm input but knows it, the first step just aims at fixing the input value for the rest of the attack.
Possibly, the observations acquisition phase may mix horizontal and vertical techniques. In this case, the attack will be termed Rectangle.
For readability reasons we do not recall the full patterns but the interested reader can find them in [17].
Guidelines are given in [17] to define the dummy operations in a pertinent way.
In this context, the SNR simply equals ω/4σ 2.
Contrary to the attacks described in Section 4, the attack against Algorithms 2 and 3 does not try to detect two similar operations with a common operand but tries to detect when a same operand is manipulated two times. Even if this scenario is not exactly the one analyzed in this paper, we think that the corresponding attack stays efficient as it is based on the same principles.
If t is odd, it can be right-padded with a zero.
References
Karatsuba, A., Ofman, Y. (eds.): Multiplication of Many-Digital Numbers by Automatic Computers, vol. 145 (1962)
ANSI X9.62: Public Key Cryptography for the Financial Service Industry: The Elliptic Curve Digital Signature Algorithm (ECDSA). American National Standards Institute (1998)
ANSI X9.63: Public Key Cryptography for the Financial Service Industry: Key Agreement and Key Transport Using Elliptic Curve Cryptography. American National Standards Institute (1998)
Baek, Y.-J., Vasyltsov, I.: How to Prevent DPA and Fault Attack in a Unified Way for ECC Scalar Multiplication - Ring Extension Method In:. ISPEC, pp. 225–237 (2007)
Barrett, P.: Implementing the Rivest Shamir and Adleman public key encryption algorithm on a standard digital signal processor. In: Proceedings on Advances in Cryptology—CRYPTO ’86, pp 311–323. Springer-Verlag, London (1987)
Batina, L., Gierlichs, B., Prouff, E., Rivain, M., Standaert, F.-X., Veyrat-Charvillon, N.: Mutual information analysis: a comprehensive study. J. Cryptol. 24(2), 269–291 (2011)
Bauer, A., Jaulmes, E., Prouff, E., Wild, J.: Horizontal and vertical side-channel attacks against secure RSA implementations. In: Dawson, E. (ed.) Topics in Cryptology — CT-RSA 2013, volume 7779 of Lecture Notes in Computer Science, pp. 1–17. Springer (2013)
Bauer, A., Jaulmes, E., Prouff, E., Wild, J.: Horizontal collision correlation attack on elliptic curves. In: Lange, T., Lauter, K.E., Lisonek, P. (eds.) Selected Areas in Cryptography, volume 8282 of Lecture Notes in Computer Science, pp. 553–570. Springer (2013)
Bernstein, D.J., Lange, T.: Analysis and Optimization of Elliptic-Curve Single-Scalar Multiplication. Cryptology ePrint Archive, Report 2007/455, (2007) http://eprint.iacr.org/
Bernstein, D.J., Lange, T.: Faster addition and doubling on elliptic curves. In: Kurosawa, K. (ed.) Advances in Cryptology — Proceedings of ASI-ACRYPT 2007, volume 4833 of Lecture Notes in Computer Science, pp. 29–50. Springer (2007)
Billet, O., Joye, M.: The Jacobi Model of an Elliptic Curve and Side-Channel Analysis. Cryptology ePrint Archive, Report 2002/125 (2002)
Bogdanov, A., Kizhvatov, I., Pyshkin, A.: Algebraic methods in side-channel collision attacks and practical collision detection. In: Chowdhury, D.R., Rijmen, V., Das, A. (eds.) Progress in Cryptology – INDOCRYPT 2008, volume 5365 of LNCS, pp. 251–265. Springer-Verlag (2008)
Booth, A.: A signed binary multiplication technique. Q. J. Mech. Appl. Math. 4(2), 236–240 (1951)
Brickell, E.F.: A survey of hardware implementation of RSA (Abstract). In: CRYPTO, volume 435 of Lecture Notes in Computer Science, pp. 368–370. Springer (1989)
Brier, E., Clavier, C., Olivier, F.: Correlation power analysis with a leakage model. In: Joye, M., Quisquater, J.-J. (eds.) Cryptographic Hardware and Embedded Systems – CHES 2004, volume 3156 of Lecture Notes in Computer Science, pp. 16–29. Springer (2004)
Brier, É., Joye, M.: Weierstraß elliptic curves and side-channel attacks In: Naccache, D., Paillier, P. (eds.) Public Key Cryptography – PKC 2002, volume 2274 of Lecture Notes in Computer Science, pp. 335–345. Springer (2002 )
Chevallier-Mames, B., Ciet, M., Joye, M.: Low-cost solutions for preventing simple side-channel analysis: side-channel atomicity. IEEE Trans. Comput. 53(6), 760–768 (2004)
Ciet, M., Joye, M.: Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults. Cryptology ePrint archive, report 2003/028 (2003)
Clavier, C., Feix, B., Gagnerot, G., Giraud, C., Roussellet, M., Verneuil, V.: ROSETTA for single trace analysis – recovery of secret exponent by triangular trace analysis. In:. INDOCRYPT, pp. 140–155 (2012)
Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Horizontal correlation analysis on exponentiation. In: Soriano, M., Qing, S., Lopez, J. (eds.) ICICS, volume 6476 of Lecture Notes in Computer Science, pp. 46–61. Springer (2010)
Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Improved collision-correlation power analysis on first order protected AES. In: Preneel, B., Takagi, T. (eds.) Cryptographic Hardware and Embedded Systems, 13th International Workshop – CHES 2011, volume 6917 of Lecture Notes in Computer Science, pp. 49–62. Springer (2011)
Clavier, C., Joye, M.: Universal exponentiation algorithm – a first step towards provable SPA-Resistance. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) Cryptographic Hardware and Em- bedded Systems – CHES 2001, volume 2162 of Lecture Notes in Computer Science, pp. 300–308. Springer (2001)
Cohen, H., Frey, G. (eds.): Handbook of Elliptic and Hyperelliptic Curve Cryptography. CRC Press (2005)
Comba, P.G.: Exponentiation cryptosystems on the IBM PC. IBM Syst. J. 29(4), 526–538 (1990)
Coron, J.-S.: Resistance against differential power analysis for elliptic curve cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems – CHES ’99, volume 1717 of Lecture Notes in Computer Science, pp. 292–302. Springer (1999)
Edwards, H.M.: A normal form for elliptic curves. Bull. Am. Math. Soc. 44, 393–422 (2007)
Gandolfi, K., Mourtel, C., Olivier, F.: Electromagnetic analysis: concrete results. In: Koç Ç.K., Naccache, D., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems CHES 2001, volume 2162 of Lecture Notes in Computer Science, pp. 251–261. Springer (2001)
Gierlichs, B., Batina, L., Tuyls, P., Preneel, B.: Mutual information analysis. In: Oswald, E., Rohatgi, P. (eds.) CHES, volume 5154 of Lecture Notes in Computer Science, pp. 426–442. Springer (2008)
Giraud, C., Verneuil, V.: Atomicity improvement for elliptic curve scalar multiplication. In: Gollmann, D., Lanet, J.-L., Iguchi-Cartigny, J. (eds.) Smart Card Research and Advanced Applications, 9th International Conference – CARDIS 2010, volume 6035 of Lecture Notes in Computer Science, pp. 80–101. Springer (2010)
Golić, J., Tymen, C.: Multiplicative masking and power analysis of AES. In: Kaliski, B.S. Jr., Koç, Ç.K., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems – CHES 2002, volume 2523 of Lecture Notes in Computer Science, pp. 198–212. Springer (2002)
Goundar, R.R., Joye, M., Miyaji, A., Rivain, M., Venelli, A.: Scalar multiplication on Weierstraß elliptic curves from co-z arithmetic. J. Cryptographic Engineering 1(2), 161–176 (2011)
Hankerson, D., Menezes, A.J., Vanstone, S.: Guide to elliptic curve cryptography. In: Springer Professional Computing Series (2003)
ISO/IEC JTC1 SC17 WG3/TF5 for the International Civil Aviation Organization: Supplemental Access Control for Machine Readable Travel Documents. Technical Report (2010)
Joye, M., Tymen, C.: Protections against differential analysis for elliptic curve cryptography. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems – CHES 2001, volume 2162 of Lecture Notes in Computer Science, pp. 386–400. Springer
Joye, M.: Highly regular right-to-left algorithms for scalar multiplication. In: Paillier, P., Verbauwhede, I. (eds.) Cryptographic Hardware and Embedded Systems – CHES 2007, volume 4727 of Lecture Notes in Computer Science, pp. 135–147. Springer (2007)
Knuth, D.E.: The Art of Computer Programming, vol. 2, 3rd edn. Addison Wesley (1988)
Koblitz, N.: Elliptic curve cryptosystems. Math. Comput. 48(177), 203–209 (1987)
Koç, Ç.K: Cryptographic Engineering. Springer (2008)
Kocher, P.: Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: Koblitz, N. (ed.) Advances in Cryptology – CRYPTO ’96, volume 1109 of Lecture Notes in Computer Science, pp. 104–113. Springer (1996)
Kocher, P., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) Advances in Cryptology – CRYPTO ’99, volume 1666 of Lecture Notes in Computer Science, pp. 388–397. Springer (1999)
Kocher, P.C., Jaffe, J., Jun, B., Rohatgi, P.: Introduction to differential power analysis. J. Cryptographic Engineering 1(1), 5–27 (1998)
Liardet, P.-Y., Smart, N.P.: Preventing SPA/DPA in ECC systems using the Jacobi form. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems – CHES 2001, volume 2162 of Lecture Notes in Computer Science, pp. 401–411. Springer (2001)
Longa, P.: Accelerating the Scalar Multiplication on Elliptic Curve Cryptosystems over Prime Fields. Master’s thesis: School of Information Technology and Engineering, University of Ottawa, Canada (2007)
Micali, S., Reyzin, L.: Physically observable cryptography (Extended Abstract). In: Naor, M. (ed.) Theory of Cryptography Conference – TCC 2004, volume 2951 of Lecture Notes in Computer Science, pp. 278–296. Springer (2004)
Miller, V.S.: Use of elliptic curves in cryptography. In: Wiliams, H.C. (ed.) Advances in Cryptology – CRYPTO ’85, volume 218 of Lecture Notes in Computer Science, pp. 417–426. Springer (1985)
Montgomery, P.L.: Modular multiplication without trial division. Math. Comp. 44(170), 519–521 (1985)
Montgomery, P.L.: Speeding the pollard and elliptic curve methods of factorization. Math. Comput. 48, 243–264 (1987)
Moradi, A.: Statistical tools flavor side-channel collision attacks. In: Pointcheval, D., Johansson, T. (eds.) EUROCRYPT, volume 7237 of Lecture Notes in Computer Science, pp. 428–445. Springer (2012)
Moradi, A., Mischke, O., Eisenbarth, T.: Correlation-enhanced power analysis collision attack. In: Mangard, S., Standaert, F.-X. (eds.) Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings, volume 6225 of Lecture Notes in Computer Science, pp. 125–139. Springer (2010)
Prouff, E., Rivain, M., Bévan, R.: Statistical analysis of second order differential power a.nalysis. IEEE Trans. Comput. 58(6), 799–811 (2009)
Quisquater, J.-J., Samyde, D.: A new tool for non intrusive analysis of smart cards based on electro-magnetic emissions, the SEMA and DEMA methods. Presented at the rump session of EUROCRYPT 2000 (2000)
Schramm, K., Wollinger, T., Paar, C.: In: Johansson, T. (ed.) Fast Software En- cryption – FSE 2003, volume 2887 of Lecture Notes in Computer Science, pp. 206–222. Springer (2003)
Standaert, F.-X., Malkin, T.G., Yung, M.: A unified framework for the analysis of side-channel attacks. In: EUROCRYPT, volume 5479, Lecture Notes in computer science. pp. 443–461. Springer (2009)
Tunstall, M., Joye, M.: Coordinate blinding over large prime fields. In: Mangard, S., Standaert, F.-X. (eds.) Cryptographic Hardware and Embedded Systems, CHES 2010, 12th International Workshop, Santa Barbara, CA, USA, August 17-20, 2010. Proceedings, volume 6225 of Lecture Notes in Computer Science. Springer (2010)
Verneuil, V.: Elliptic Curve Cryptography and Security of Embedded Devices, PhD thesis, Universite de Bordeaux (2012)
Walter, C.D.: Sliding windows succumbs to big Mac attack. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) Cryptographic Hardware and Embedded Systems – CHES 2001, volume 2162 of Lecture Notes in Computer Science. Springer (2001)
Author information
Authors and Affiliations
Corresponding author
Additional information
The short version of this paper has been published in [8]
Appendices
Appendix A: Extension to Higher Orders
The leakage definition given in 2 stands for contexts where instantaneous leakage about the implementation secret parameter exists. When the latter condition is not verified, the adversary must consider several intermediate values simultaneously to reveal sensitive information. In this context, side-channels are usually called multivariate by opposition with the first class of attacks that are called univariate. Except 2, the framework introduced in Section 2.1 and the formalism given in Section 2.2 continue to be valid. For completeness, we generalize the definition of the leakage coordinates in (2) to encompass contexts where several intermediate results must be observed to reveal information about a sensitive internal processing O(k,X):
where φ i and β i are similar as in (2) and where V i refers to the value manipulated at time t i . Footnote 10
When the general definition (11) is used in place of (2) to model the instantaneous leakage, a prerequisite for a multivariate SCA to be possible is that there exists at least one tuple of coordinates of L that statistically depends on O(s,X). Actually for Horizontal SCA the number of tuples must be high enough for the involved statistical tools to be effective.
Appendix B: Implementations of Modular Multiplications
In Section 4.3, we argued that an adversary may deal with Assumption 1 by using collisions attack. For such a purpose, we focussed on the classical Long Integer Multiplication (LIM) and we showed that horizontal collisions attacks can be applied to distinguish when two multiplications are performed with at least one common operand. Obviously, in practice, there are several other techniques to implement the modular multiplication U⋅V mod p between two t ω-bit long integers. Let us argue here briefly that our attack still applies efficiently in some of these other cases.
Among all existing modular multiplication techniques, two main methods can be highlighted: those which perform long multiplications [1, 13, 24] followed by a global reduction [5, 36] and those where multiplication and reduction are interleaved [14, 46]. The sequence of operations related to those implementations always contain the products U[i]⋅V[j] that were targeted in our attack. Hence, by applying the same approach as described in Section 4.3, it stays possible to distinguish the two following cases: “Case (1)” when the device processes two multiplications with independent operands and “Case (2)” when the device computes the multiplication of two related operands that jointly depend on a secret bit s. We recall hereafter some classical modular multiplication techniques.
Schoolbook Multiplication.
This technique, also called Long Integer Multiplication (LIM), is a digit-by-digit multiplication algorithm where the products U[i]⋅V[j] are executed in the row order. An alternative approach has been introduced by Comba in [24]: it uses the same principle as the LIM but the products are taken in the column order.
Karatsuba-Ofman.
This technique is very popular and is considered as one of the most efficient way to multiply two integers. If t=2n, then U and V can be expressed as followsFootnote 11:
where U H ,V H (resp. U L , V L ) represent the n most significant ω-bit words of U and V (resp. the n least significant ω-bit words). The core idea of Karatsuba-Ofman multiplication is to process UV as follows:
and
It may be checked that the processing of (13) and (14) may be done with 3 multiplications (instead of 4 with the LIM). By applying the idea recursively, the overall complexity is roughly reduced from t 2 to \(t^{\log _{2}(3)}\). When such a multiplication algorithm is used, only the t final elementary multiplications U[i]V[i], with i∈[1,t] can be involved in a collision attack such as described in Section 4.3. This strongly decreases the efficiency of our attack.
Booth’s Multiplication.
The idea here is to rewrite the representation of the operands (for example by using a signed representation) in order to increase the number of zeroes in the latter. The advantage of this method is that it allows a faster multiplication. The multiplication is then performed as the LIM.
Montgomery’s Multiplication.
The principle of this method is to perform the modular multiplication using modular reductions easier to compute, by introducing an integer R, called the radix. R is defined such that R=2tω>p. Every element \(x \in \mathbb {F}_{p}\) is then represented by X=x R m o d p. This is called the Montgomery representation of x. Assume two elements are given in their Montgomery representation U and V. To compute the Montgomery representation Z of their product, we first compute the standard multi-precision multiplication of U and V which is a number of size at most p 2. By applying Montgomery reduction to this result, we obtain Z. Thus, to multiply two elements in Montgomery representation, we only need to perform a single multi-precision multiplication followed by a Montgomery reduction. No division is needed.
In practice, this operation can be made more efficient by interleaving the multiplication and reduction steps. In our case, we will still be able to identify the elementary multiplications needed for the attack.
Appendix C: Projective Coordinates
In Weierstrass (3), points on elliptic curves are described in affine representation, namely using their (x,y)-coordinates. While it seems to be the simplest way to describe points over (E), addition and doubling formulas using affine coordinates require to compute the inverse of an element in \(\mathbb {F}_{p}\), which is a very costly operation. This drawback led embedded systems developers to use other kinds of representations, such as for instance the projective coordinates that enable to perform point operations without requiring any field inversion. Moreover this type of representation avoids the need to resort to special treatment for the point at infinity. This is an advantage compared to the affine coordinates, since it prevents side-channel attacks that exploits the difference of representation between \(\mathcal {O}\) and non-zero points.
To make it clear a point P=(x,y) can be expressed in projective coordinates by a triplet (X:Y:Z) such that X=x Z and Y=y Z. Following this definition, point (X:Y:Z) is the same as point (λ X:λ Y:λ Z) for λ≠0.
Obviously other types of point representations share the same properties listed above with the projective coordinates. Jacobian coordinates or even the Edwards’ ones are examples of such representations. They require a small number of elementary operations in order to add or double points on (E).
Rights and permissions
About this article
Cite this article
Bauer, A., Jaulmes, E., Prouff, E. et al. Horizontal collision correlation attack on elliptic curves. Cryptogr. Commun. 7, 91–119 (2015). https://doi.org/10.1007/s12095-014-0111-8
Received:
Accepted:
Published:
Issue Date:
DOI: https://doi.org/10.1007/s12095-014-0111-8