Paper 2015/882

Using Modular Extension to Provably Protect Edwards Curves Against Fault Attacks

Margaux Dugardin, Sylvain Guilley, Martin Moreau, Zakaria Najm, and Pablo Rauzy

Abstract

Fault injection attacks are a real-world threat to cryptosystems, in particular asymmetric cryptography. In this paper, we focus on countermeasures which guarantee the integrity of the computation result, hence covering most existing and future fault attacks. Namely, we study the modular extension protection scheme in previously existing and newly contributed variants of the countermeasure on elliptic curve scalar multiplication (ECSM) algorithms. We find that an existing countermeasure is incorrect and we propose new “test-free” variant of the modular extension scheme that fixes it. We then formally prove the correctness and security of modular extension: specifically, the fault non-detection probability is inversely proportional to the security parameter. Finally, we implement an ECSM protected with test-free modular extension during the elliptic curve operation to evaluate the efficient of this method on Edwards and twisted Edwards curves.

Note: This version corresponds to the definitive submission for the proceedings of the PROOFS 2016 workshop.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
fault injection attackcountermeasureasymmetric cryptographyelliptic curve cryptographyedwards curvemodular extension
Contact author(s)
pr @ ai univ-paris8 fr
History
2016-08-14: last of 3 revisions
2015-09-13: received
See all versions
Short URL
https://ia.cr/2015/882
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2015/882,
      author = {Margaux Dugardin and Sylvain Guilley and Martin Moreau and Zakaria Najm and Pablo Rauzy},
      title = {Using Modular Extension to Provably Protect Edwards Curves Against Fault Attacks},
      howpublished = {Cryptology ePrint Archive, Paper 2015/882},
      year = {2015},
      note = {\url{https://eprint.iacr.org/2015/882}},
      url = {https://eprint.iacr.org/2015/882}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.