Cryptology ePrint Archive: Report 2015/882

Using Modular Extension to Provably Protect ECC Against Fault Attacks

Pablo Rauzy and Martin Moreau and Sylvain Guilley and Zakaria Najm

Abstract: Fault injection attacks are a real-world threat to cryptosystems, in particular asymmetric cryptography. In this paper, we focus on countermeasures which guarantee the integrity of the computation result, hence covering most existing and future faults attacks. Namely, we study the modular extension protection scheme in previously existing and newly contributed variants of the countermeasure on elliptic curve scalar multiplication (ECSM) algorithms. We find that an existing countermeasure is incorrect and we propose new ``test-free'' variant of the modular extension scheme that fixes it. We then formally prove the correctness and security of modular extension: specifically, the fault non-detection probability is inversely proportional to the security parameter. Finally, we implement an ECSM protected with test-free modular extension on an ARM Cortex-M4 microcontroller. A systematic fault injection campaign for several values of the security parameter confirms our theoretical prediction about the security of the obtained implementation, and provides figures for practical performance.

Category / Keywords: implementation / fault injection attack, countermeasure, asymmetric cryptography, elliptic curve cryptography, modular extension

Date: received 11 Sep 2015, last revised 13 Oct 2015

Contact author: pablo rauzy at inria fr

Available format(s): PDF | BibTeX Citation

Note: Big update of the work presented in this paper.

Version: 20151013:102435 (All versions of this report)

Short URL: ia.cr/2015/882

Discussion forum: Show discussion | Start new discussion