Paper 2017/1204

Horizontal Clustering Side-Channel Attacks on Embedded ECC Implementations (Extended Version)

Erick Nascimento and Lukasz Chmielewski

Abstract

Side-channel attacks are a threat to cryptographic algorithms running on embedded devices. Public-key cryptosystems, including elliptic curve cryptography (ECC), are particularly vulnerable because their private keys are usually long-term. Well known countermeasures like regularity, projective coordinates and scalar randomization, among others, are used to harden implementations against common side-channel attacks like DPA. Horizontal clustering attacks can theoretically overcome these countermeasures by attacking individual side-channel traces. In practice horizontal attacks have been applied to overcome protected ECC implementations on FPGAs. However, it has not been known yet whether such attacks can be applied to protected implementations working on embedded devices, especially in a non-profiled setting. In this paper we mount non-profiled horizontal clustering attacks on two protected implementations of the Montgomery Ladder on Curve25519 available in the µNaCl library targeting electromagnetic (EM) emanations. The first implementation performs the conditional swap (cswap) operation through arithmetic of field elements (cswap-arith), while the second does so by swapping the pointers (cswap-pointer). They run on a 32-bit ARM Cortex-M4F core. Our best attack has success rates of 97.64% and 99.60% for cswap-arith and cswap-pointer, respectively. This means that at most 6 and 2 bits are incorrectly recovered, and therefore, a subsequent brute-force can fix them in reasonable time. Furthermore, our horizontal clustering framework used for the aforementioned attacks can be applied against other protected implementations.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. Minor revision. Proceedings of the 17th Smart Card Research and Advanced Application Conference
Keywords
side-channel attackSCAECCEM analysisARMhorizontal clustering
Contact author(s)
enascimento pub @ gmail com
History
2017-12-31: revised
2017-12-18: received
See all versions
Short URL
https://ia.cr/2017/1204
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2017/1204,
      author = {Erick Nascimento and Lukasz Chmielewski},
      title = {Horizontal Clustering Side-Channel Attacks on Embedded ECC Implementations (Extended Version)},
      howpublished = {Cryptology ePrint Archive, Paper 2017/1204},
      year = {2017},
      note = {\url{https://eprint.iacr.org/2017/1204}},
      url = {https://eprint.iacr.org/2017/1204}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.