Joye M.Cryptographic hardware and embedded systems.2005

216 K. Lemke, K. Schramm, and C. Paar

The experimental DPA characteristics do not always correspond to the expected ones (see Fig. 4). The deviations can be explained by the superposing of signals, especially by leakage of the input data. The analysis on the primary origin of each signal obtained turns out to be a difficult task on the ATM163.

The following is the actual code sequence of the modular addition:

The add instruction turns out to be extremely vulnerable against the 8-bit XOR selection function if certain registers are used. In the current example, the instruction add yields significant DPA signals using the 8-bit XOR selection function at the least significant key byte (see Fig. 5). However, this strong dependency was not confirmed at the instruction add

Multiplication modulo The points in time that yield high signals are identified using the advantage, that the key is known. DPA yielded clear correlation signals for the least and most significant byte of the selection function at all relevant positions in time (see Fig. 6). The experimental DPA characteristics are consistent with the expected ones.

As result, the Hamming weight selection function was sucessfully applied, even in presence of a hardware platform that leaks for the most part differential signals.

6Conclusions

This contribution provides an analysis of DPA signals that are revealed in sized primitive operations such as XOR, addition modulo and modular multiplication. The characteristics of the DPA results differ for these basic operations and can support the analysis of an unknown implementation.

The theoretical approach to apply DPA in ciphers and message authentication based on primitive operations is included, as are the specific examples of IDEA, RC6 and the HMAC-Construction.

Experimentally, both an IDEA implementation on an 8051 microcontroller and on an AVR ATM163 microcontroller were evaluated. The Hamming weight model was successfully applied at the primitive operations for both architectures and the expected DPA characteristics were confirmed.

TEAM LinG

Fig. 4. Correlation coefficient versus all key hypotheses using the ADD selection function at two different points in time. The correct key value 229 (0xE5) for the most significant byte of is revealed, but only the characteristic in the lower plot points to a pure signal. During the time of the upper plot (negative) correlation signals on the input data are also proven.

Fig. 5. Correlation coefficient versus all key hypotheses using the XOR selection function at the ldd instruction ldd Z + 3. The correct key value 225 (0xE1) for the least significant byte of is revealed.

TEAM LinG

218 K. Lemke, K. Schramm, and C. Paar

Fig. 6. Correlation coefficient versus all key hypotheses at two points in time. The key value (0x7E24) is confirmed. The selection function used was at the most significant byte (upper plot) and at the least significant byte (lower plot).

Acknowledgements. The authors thank Gregor Leander and Jonathan Hammell for the valuable comments which improved this paper.

References

1.S. Chari, C. Jutla, J. R. Rao, P. Rohatgi, A Cautionary Note Regarding Evaluation of AES Candidates on Smart-Cards, Proceedings of the second AES conference, pp. 135-150, 1999

2.P. Kocher, J. Jaffe, B. Jun, Differential Power Analysis, Advances in Cryptology

—Crypto ’99 Proceedings, LNCS 1666, pages 388-397, Springer, 1999

3.T. Messerges, E. Dabbish, R. Sloan, Investigation of Power Analysis Attacks on Smartcards, USENIX Workshop on Smartcard Techonolgy, USENIX Association, 1999, pp. 151-161

4.R. Mayer-Sommer, Smartly Analyzing the Simplicity and the Power of Simple Power Analysis on Smartcards, Cryptographic Hardware and Embedded Systems

—CHES 2000, LNCS 1965, pages 78-92, Springer, 2000

5.M. Aigner, E. Oswald, Power Analysis Tutorial, available at http://www.iaik.tugraz.ac.at/aboutus/people/oswald/papers/dpa_tutorial.pdf

TEAM LinG

6.E. Oswald, B. Preneel, A Theoretical Evaluation of some NESSIE Candidates regarding their Susceptibility towards Power Analysis Attacks, October 4, 2002, available at http://www.cosic.esat.kuleuven.ac.be/nessie/reports/phase2/kulwp5- 022-1.pdf

7.J. Kelsey, B. Schneier, D. Wagner, C. Hall, Side Channel Cryptanalysis of Product Ciphers, Journal of Computer Security, v. 8, n. 2-3, 2000, pp. 141-158.

8.E. Brier, C. Clavier, F. Olivier, Optimal Statistical Power Analysis, IACR Cryptology ePrint Archive, Report 2003/152, available at: http://eprint.iacr.org/2003/152.pdf

9.L. Goubin, A Sound Method for Switching between Boolean and Arithmetic Masking, Cryptographic Hardware and Embedded Systems — CHES 2001, LNCS 2162, pages 3-15, Springer, 2001

10.J.-S. Coron, A. Tchulkine, A New Algorithm for Switching from Arithmetic to Boolean Masking, Cryptographic Hardware and Embedded Systems — CHES 2003, LNCS 2779, pages 89-97, Springer, 2003

11.X. Lai, J. L. Massey, Markov Ciphers and Differential Cryptanalysis, Advances in Cryptology — Eurocrypt ’91, LNCS 547, pages 17-38, Springer, 1991

12.R. L. Rivest, M. J. B. Robshaw, R. Sidney, X. L. Yin, The Block Cipher, Version 1.1, August 20, 1998

13.M. Bellare, R. Canetti, H. Krawczyk, Message Authentication using Hash Functions

— The HMAC Construction, RSA Laboratories’ CryptoBytes, Vol. 2, No. 1, 1996

14.M. Bellare, R. Canetti, H. Krawczyk, Keying Hash Functions for Message Authentication, Advances in Cryptology — Crypto ’96 Proceedings, LNCS 1109, N. Koblitz ed, Springer, 1996

15.H. Dobbertin, A. Bosselaers, B. Preneel, RIPEMD-160: A Strengthened Version of RIPEMD, Fast Software Encryption, Cambridge Workshop, LNCS 1039, pages 71-82, Springer, 1996, corrected version available at http://www.esat.kuleuven.ac.be/~cosicart/pdf/AB-9601/AB-9601.pdf

16.A. Menezes, P. van Oorschot, S. Vanstone, Handbook of Applied Cryptography, CRC Press, 1996

17.ATmega163 ATmega163L, 8-bit AVR Microcontroller with 16K Bytes In-System Programmable Flash, Rev. 1142E-AVR-02/03, Atmel, available at www.atmel.com

TEAM LinG

Side-Channel Attacks in ECC:

A General Technique for Varying the Parametrization of the Elliptic Curve

Loren D. Olson

Dept. of Mathematics and Statistics

University of Tromsø

N-9037 Tromsø, Norway

Abstract. Side-channel attacks in elliptic curve cryptography occur with the unintentional leakage of information during processing. A critical operation is that of computing nP where is a positive integer and P is a point on the elliptic curve E. Implementations of the binary algorithm may reveal whether P + Q is computed for or P = Q as the case may be. Several methods of dealing with this problem have been suggested. Here we describe a general technique for producing a large number of different representations of the points on E in characteristic all having a uniform implementation of P + Q. The parametrization may be changed for each computation of nP at essentially no cost. It is applicable to all elliptic curves in characteristic and thus may be used with all curves included in present and future standards for

Keywords: Elliptic curves, ECC, cryptography, side-channel attacks, weighted projective curves, uniform addition formula.

1Introduction

Side-channel attacks in elliptic curve cryptography (ECC) have received considerable attention. They take advantage of information unintentionally leaked from a supposedly tamper-resistant device. Such information is often obtained via measurements of power consumption or timing. In ECC, a fundamental operation is the computation of nP where is an integer and P is a point on the elliptic curve E at hand. A naive implementation of the binary algorithm for this computation may reveal whether P + Q is computed for or P = Q (doubling). One method of defense against this attack is to find a parametrization of the points on the elliptic curve E such that the implementation of the group law does not reveal any information in this regard. Several authors have suggested specific parametrizations, notably Liardet and Smart ([1]) with the intersection of two quadric surfaces, Joye and Quisquater ([2]) with a Hessian model, and Billet and Joye ([3]) with the Jacobi quartic. The latter provided a great deal of the motivation for the present work.

We discuss a general technique for producing a large number of different representations of the points on an elliptic curve and its group law all having a uniform computation of P + Q. This gives rise to a corresponding variation in the implementation of ECC to avoid certain side-channel attacks. Concretely, given an elliptic curve E with identity element and any point on it, we may attach to the pair (E, M) a weighted projective quartic curve which is isomorphic to E. On this curve we will be able to compute P+Q in a uniform fashion. The point M and thus the curve may be changed at virtually no cost, so that a new parametrization may be chosen for each computation of nP.

2The General Technique

with identity element Let be a point on E with coordinates Define constants as follows

Let be the affine quartic curve defined by

This will be the affine part of the curve we wish to associate to the elliptic curve E and the point

Conversely, consider a quartic plane curve given by the affine equation

with such that R(S) has no multiple roots. Define

TEAM LinG

222 L.D. Olson

Then the equation

defines an elliptic curve E together with a point on E with coordinates There is an isomorphism between and given by

These formulas are classical and may be found, for example, in Fricke ([5]); here they are slightly modified to conform with the standard notation for the Weierstrass equation.

If we homogenize equation (4) by introducing a variable T to obtain

this equation will define a projective quartic curve in This curve has a singular point at infinity and is not very convenient for our purposes. However, a slight variant of this will prove highly useful, as we shall now see.

A very helpful and unifying concept in studying elliptic curves, parametrizations with quartic curves, and various choices of coordinates is that of weighted projective spaces. A good reference for an introduction to the subject is Reid ([4]).

This concept then encompasses the standard definition of projective space with all and provides a natural context for Jacobian coordinates, Chudnovsky coordinates, López-Dahab coordinates, etc. We may speak of weighted homogeneous polynomials and weighted projective varieties.

Remark 1. Throughout the remainder of this article weighted will refer to the weight system (1,1,2) and We denote the coordinate system in by (S,T,W).

Returning to the material at hand, the weighted homogeneous equation

TEAM LinG

3The Group Law on

where

Brier and Joye ([6]) have previously consolidated these two formulas into one single formula for thus providing a uniform implementation of the computation of P + Q for elliptic curves in Weierstrass form. We briefly recall their computation in the case of as follows:

Thus for

and

TEAM LinG

224 L.D. Olson

Finally, this yields

By the symmetry of and we obtain

TEAM LinG

If we now assume that (i.e. and evaluate the above expressions for and we obtain

Furthermore,

This is exactly the original formula for in the case (i.e. Hence (14) gives us a single uniform formula for in terms of and analogous to Brier and Joye ([6]) in the Weierstrass case. We shall use formula (14) in the calculation of the coordinates of

Then and we have

TEAM LinG