Paper 2016/923
Attacking embedded ECC implementations through cmov side channels
Erick Nascimento, Lukasz Chmielewski, David Oswald, and Peter Schwabe
Abstract
Side-channel attacks against implementations of elliptic-curve cryptography have been extensively studied in the literature and a large tool-set of countermeasures is available to thwart different attacks in different contexts. The current state of the art in attacks and countermeasures is nicely summarized in multiple survey papers, the most recent one by Danger et al. However, any combination of those countermeasures is ineffective against attacks that require only _a single trace_ and directly target a conditional move (cmov) -- an operation that is at the very foundation of all scalar-multiplication algorithms. This operation can either be implemented through arithmetic operations on registers or through various different approaches that all boil down to loading from or storing to a secret address. In this paper we demonstrate that such an attack is indeed possible for ECC software running on AVR ATmega microcontrollers, using a protected version of the popular
Metadata
- Available format(s)
-
PDF
- Category
- Implementation
- Publication info
- Published elsewhere. Minor revision. Selected Areas in Cryptography (SAC 2016)
- Keywords
- ECCMontgomery ladderpower analysisAVRconditional move
- Contact author(s)
- erick nogueira nascimento @ gmail com
- History
- 2016-09-24: received
- Short URL
- https://ia.cr/2016/923
- License
-
CC BY
BibTeX
@misc{cryptoeprint:2016/923,
author = {Erick Nascimento and Lukasz Chmielewski and David Oswald and Peter Schwabe},
title = {Attacking embedded {ECC} implementations through cmov side channels},
howpublished = {Cryptology {ePrint} Archive, Paper 2016/923},
year = {2016},
url = {https://eprint.iacr.org/2016/923}
}
