Paper 2020/1368

On the Worst-Case Side-Channel Security of ECC Point Randomization in Embedded Devices

Melissa Azouaoui, François Durvaux, Romain Poussier, François-Xavier Standaert, Kostas Papagiannopoulos, and Vincent Verneuil

Abstract

Point randomization is an important countermeasure to protect Elliptic Curve Cryptography (ECC) implementations against side-channel attacks. In this paper, we revisit its worst-case security in front of advanced side-channel adversaries taking advantage of analytical techniques in order to exploit all the leakage samples of an implementation. Our main contributions in this respect are the following: first, we show that due to the nature of the attacks against the point randomization (which can be viewed as Simple Power Analyses), the gain of using analytical techniques over simpler divide-and-conquer attacks is limited. Second, we take advantage of this observation to evaluate the theoretical noise levels necessary for the point randomization to provide strong security guarantees and compare different elliptic curve coordinates systems. Then, we turn this simulated analysis into actual experiments and show that reasonable security levels can be achieved by implementations even on low-cost (e.g. 8-bit) embedded devices. Finally, we are able to bound the security on 32-bit devices against worst-case adversaries.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Published elsewhere. MINOR revision.INDOCRYPT 2020
Keywords
Side-Channel AnalysisElliptic Curve CryptographyPoint RandomizationBelief PropagationSingle-Trace Attacks
Contact author(s)
melissa azouaoui @ nxp com
History
2020-11-02: received
Short URL
https://ia.cr/2020/1368
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2020/1368,
      author = {Melissa Azouaoui and François Durvaux and Romain Poussier and François-Xavier Standaert and Kostas Papagiannopoulos and Vincent Verneuil},
      title = {On the Worst-Case Side-Channel Security of ECC Point Randomization in Embedded Devices},
      howpublished = {Cryptology ePrint Archive, Paper 2020/1368},
      year = {2020},
      note = {\url{https://eprint.iacr.org/2020/1368}},
      url = {https://eprint.iacr.org/2020/1368}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.