You are looking at a specific version 20210804:222746 of this paper. See the latest version.

Paper 2021/1003

SCA-secure ECC in software – mission impossible?

Lejla Batina and Łukasz Chmielewski and Björn Haase and Niels Samwel and Peter Schwabe

Abstract

This paper describes an ECC implementation computing the X25519 key-exchange protocol on the ARM-Cortex M4 microcontroller. This software comes with extensive mitigations against various side-channel and fault attacks and is, to our best knowledge, the first to claim affordable protection against multiple classes of attacks that are motivated by distinct real-world application scenarios. We also present the results of a comprehensive side-channel evaluation. We distinguish between X25519 with ephemeral keys and X25519 with static keys and show that the overhead to protect the two is about 36% and 239% respectively. While this might seem to be a high price to pay for security, we also show that even our (most protected) static implementation is more efficient than widely deployed ECC cryptographic libraries, which offer much fewer protections.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
Elliptic Curve CryptographySide-Channel AnalysisFault Injection
Contact author(s)
lukchmiel @ gmail com
History
2022-11-04: last of 5 revisions
2021-08-03: received
See all versions
Short URL
https://ia.cr/2021/1003
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.