BOCK, Estuardo Alpirez, Lukasz Michal CHMIELEWSKI a Konstantina MITELOUDI. Protecting the Most Significant Bits in Scalar Multiplication Algorithms. In 12th International Conference on Security, Privacy, and Applied Cryptography Engineering, SPACE 2022. Jaipur: Springer, 2022, s. 118-137. ISBN 978-3-031-22828-5. Dostupné z: https://dx.doi.org/10.1007/978-3-031-22829-2_7.
Další formáty:   BibTeX LaTeX RIS
Základní údaje
Originální název Protecting the Most Significant Bits in Scalar Multiplication Algorithms
Autoři BOCK, Estuardo Alpirez, Lukasz Michal CHMIELEWSKI (616 Polsko, domácí) a Konstantina MITELOUDI.
Vydání Jaipur, 12th International Conference on Security, Privacy, and Applied Cryptography Engineering, SPACE 2022, od s. 118-137, 20 s. 2022.
Nakladatel Springer
Další údaje
Originální jazyk angličtina
Typ výsledku Stať ve sborníku
Obor 10201 Computer sciences, information science, bioinformatics
Stát vydavatele Švýcarsko
Utajení není předmětem státního či obchodního tajemství
Forma vydání tištěná verze "print"
Impakt faktor Impact factor: 0.402 v roce 2005
Kód RIV RIV/00216224:14330/22:00129801
Organizační jednotka Fakulta informatiky
ISBN 978-3-031-22828-5
ISSN 0302-9743
Doi http://dx.doi.org/10.1007/978-3-031-22829-2_7
UT WoS 000927578200007
Klíčová slova anglicky ECC; Montgomery Ladder; Curve25519; Complete addition formulas; Side-channel analysis
Změnil Změnil: RNDr. Pavel Šmerk, Ph.D., učo 3880. Změněno: 6. 4. 2023 12:56.
Anotace
The Montgomery Ladder is widely used for implementing the scalar multiplication in elliptic curve cryptographic designs. This algorithm is efficient and provides a natural robustness against (simple) side-channel attacks. Previous works however showed that implementations of the Montgomery Ladder using Lopez-Dahab projective coordinates easily leak the value of the most significant bits of the secret scalar, which led to a full key recovery in an attack known as LadderLeak [3]. In light of such leakage, we analyse further popular methods for implementing the Montgomery Ladder. We first consider open source software implementations of the X25519 protocol which implement the Montgomery Ladder based on the ladderstep algorithm from Dull et al. [15]. We confirm via power measurements that these implementations also easily leak the most significant scalar bits, even when implementing Z-coordinate randomisations. We thus propose simple modifications of the algorithm and its handling of the most significant bits and show the effectiveness of our modifications via experimental results. Particularly, our re-designs of the algorithm do not incurring significant efficiency penalties. As a second case study, we consider open source hardware implementations of the Montgomery Ladder based on the complete addition formulas for prime order elliptic curves, where we observe the exact same leakage. As we explain, the most significant bits in implementations of the complete addition formulas can be protected in an analogous way as we do for Curve25519 in our first case study.
Návaznosti
VJ02010010, projekt VaVNázev: Nástroje pro verifikaci bezpečnosti kryptografických zařízení s využitím AI (Akronym: AI-SecTools)
Investor: Ministerstvo vnitra ČR, Tools for AI-enhanced Security Verification of Cryptographic Devices
VytisknoutZobrazeno: 19. 7. 2024 12:30