You are looking at a specific version 20210927:095300 of this paper. See the latest version.

Paper 2021/1003

SCA-secure ECC in software – mission impossible?

Lejla Batina and Łukasz Chmielewski and Björn Haase and Niels Samwel and Peter Schwabe

Abstract

This paper describes an ECC implementation computing the X25519 key-exchange protocol on the ARM Cortex-M4 microcontroller. This software comes with extensive mitigations against various side-channel and fault attacks and is, to our best knowledge, the first to claim affordable protection against multiple classes of attacks that are motivated by distinct real-world application scenarios. We also present the results of a comprehensive side-channel evaluation. We distinguish between X25519 with ephemeral keys and X25519 with static keys and show that the overhead to protect the two is about 36% and 239% respectively. While this might seem to be a high price to pay for security, we also show that even our (most protected) static implementation is as efficient as widely-deployed ECC cryptographic libraries, which offer much less protection.

Metadata
Available format(s)
PDF
Category
Implementation
Publication info
Preprint. MINOR revision.
Keywords
Elliptic Curve CryptographySide-Channel AnalysisFault Injection
Contact author(s)
lukchmiel @ gmail com
History
2022-11-04: last of 5 revisions
2021-08-03: received
See all versions
Short URL
https://ia.cr/2021/1003
License
Creative Commons Attribution
CC BY
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.