Paper 2021/1003

SCA-secure ECC in software – mission impossible?

Lejla Batina, Łukasz Chmielewski, Björn Haase, Niels Samwel, and Peter Schwabe

Abstract

This paper describes an ECC implementation computing the X25519 key-exchange protocol on the ARM Cortex-M4 microcontroller. This software comes with extensive mitigations against various side-channel and fault attacks and is, to our best knowledge, the first to claim affordable protection against multiple classes of attacks that are motivated by distinct real-world application scenarios. We also present the results of a comprehensive side-channel evaluation. We distinguish between X25519 with ephemeral keys and X25519 with static keys and show that the overhead to protect the two is about 36% and 239% respectively. While this might seem to be a high price to pay for security, we also show that even our (most protected) static implementation is as efficient as widely-deployed ECC cryptographic libraries, which offer much less protection.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
Elliptic Curve CryptographySide-Channel AnalysisFault Injection
Contact author(s)
lukchmiel @ gmail com
History
2021-09-27: last of 2 revisions
2021-08-03: received
See all versions
Short URL
https://ia.cr/2021/1003
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/1003,
      author = {Lejla Batina and Łukasz Chmielewski and Björn Haase and Niels Samwel and Peter Schwabe},
      title = {SCA-secure ECC in software – mission impossible?},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1003},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/1003}},
      url = {https://eprint.iacr.org/2021/1003}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.