Cryptology ePrint Archive: Report 2015/882

Using Modular Extension to Provably Protect Edwards Curves Against Fault Attacks

Margaux Dugardin and Sylvain Guilley and Martin Moreau and Zakaria Najm and Pablo Rauzy

Abstract: Fault injection attacks are a real-world threat to cryptosystems, in particular asymmetric cryptography. In this paper, we focus on countermeasures which guarantee the integrity of the computation result, hence covering most existing and future fault attacks. Namely, we study the modular extension protection scheme in previously existing and newly contributed variants of the countermeasure on elliptic curve scalar multiplication (ECSM) algorithms. We find that an existing countermeasure is incorrect and we propose new “test-free” variant of the modular extension scheme that fixes it. We then formally prove the correctness and security of modular extension: specifically, the fault non-detection probability is inversely proportional to the security parameter. Finally, we implement an ECSM protected with test-free modular extension during the elliptic curve operation to evaluate the efficient of this method on Edwards and twisted Edwards curves.

Category / Keywords: implementation / fault injection attack, countermeasure, asymmetric cryptography, elliptic curve cryptography, edwards curve, modular extension

Date: received 11 Sep 2015, last revised 14 Aug 2016

Contact author: pr at ai univ-paris8 fr

Available format(s): PDF | BibTeX Citation

Note: This version corresponds to the definitive submission for the proceedings of the PROOFS 2016 workshop.

Version: 20160814:122545 (All versions of this report)

Short URL: ia.cr/2015/882

Discussion forum: Show discussion | Start new discussion


[ Cryptology ePrint archive ]