Paper 2021/1003
SCA-secure ECC in software – mission impossible?
Lejla Batina and Łukasz Chmielewski and Björn Haase and Niels Samwel and Peter Schwabe
Abstract
This paper describes an ECC implementation computing the X25519 key-exchange protocol on the ARM Cortex-M4 microcontroller. This software comes with extensive mitigations against various side-channel and fault attacks and is, to our best knowledge, the first to claim affordable protection against multiple classes of attacks that are motivated by distinct real-world application scenarios. We also present the results of a comprehensive side-channel evaluation. We distinguish between X25519 with ephemeral keys and X25519 with static keys and show that the overhead to protect the two is about 36% and 239% respectively. While this might seem to be a high price to pay for security, we also show that even our (most protected) static implementation is as efficient as widely-deployed ECC cryptographic libraries, which offer much less protection.
Metadata
- Available format(s)
- Category
- Implementation
- Publication info
- Preprint. MINOR revision.
- Keywords
- Elliptic Curve CryptographySide-Channel AnalysisFault Injection
- Contact author(s)
- lukchmiel @ gmail com
- History
- 2022-11-04: last of 5 revisions
- 2021-08-03: received
- See all versions
- Short URL
- https://ia.cr/2021/1003
- License
-
CC BY