Paper 2021/1520

Ark of the ECC: An open-source ECDSA power analysis attack on a FPGA based Curve P-256 implementation

Jean-Pierre Thibault, Colin O’Flynn, and Alex Dewar

Abstract

Power analysis attacks on ECC have been presented since almost the very beginning of DPA itself, even before the standardization of AES. Given that power analysis attacks against AES are well known and have a large body of practical artifacts to demonstrate attacks on both software and hardware implementations, it is surprising that these artifacts are generally lacking for ECC. In this work we begin to remedy this by providing a complete open-source ECDSA attack artifact, based on a high-quality hardware ECDSA core from the CrypTech project. We demonstrate an effective power analysis attack against an FPGA implementation of this core. As many recent secure boot solutions are using ECDSA, efforts into building open-source artifacts to evaluate attacks on ECDSA are highly relevant to ongoing academic and industrial research programs. To demonstrate the value of this evaluation platform, we implement several countermeasures and show that evaluating leakage on hardware is critical to understand the effectiveness of a countermeasure.

Metadata
Available format(s)
PDF
Category
Public-key cryptography
Publication info
Preprint. Minor revision.
Keywords
power analysisECDSAFPGA evaluation
Contact author(s)
coflynn @ newae com
History
2021-11-22: received
Short URL
https://ia.cr/2021/1520
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2021/1520,
      author = {Jean-Pierre Thibault and Colin O’Flynn and Alex Dewar},
      title = {Ark of the ECC: An open-source ECDSA power analysis attack on a FPGA based Curve P-256 implementation},
      howpublished = {Cryptology ePrint Archive, Paper 2021/1520},
      year = {2021},
      note = {\url{https://eprint.iacr.org/2021/1520}},
      url = {https://eprint.iacr.org/2021/1520}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.