Randomized Signed-Scalar Multiplication of ECC to Resist Power Attacks JaeCheol Ha * and SangJae Moon ** * Korea Nazarene University ** Kyungpook National University

CHES ::: ::: History of Power Attacks Timing Attacks in Crypto ’96 Paul C. Kocher Differential Power Analysis in CRYPTO ’99 Paul C. Kocher, et al 2000 Practical Implementation of Timing Attack in CARDIS ’98 J. F. Dhem Power Analysis Attacks of Modular Exponentiation in CHES’99 T. S. Messerges, et al Timing attack Power analysis attack 2002 Resistance against DPA for ECC in CHES’99 J. S. Coron Randomized Addition-Subtraction Chains against PA in CHES’01 E. Oswald et al

CHES Related Works Coron : Resistance against DPA for ECC Compute Q=kP Random number r : d= k + r  #E(K), Q=dP Random point R : Q ’ =k(R+P), Q=Q ’ -kR Use randomized projective coordinates Oswald, et al : Randomized Addition- Subtraction Chains against PA Randomizing the binary algorithm itself Use the Morain-Olivos method for speeding up the binary alg. Vulnerable to SPA (by Okeya-Sakurai in ACISP ’ 02)

CHES Our Contributions Propose a countermeasure against DPA Randomized signed representation of a scalar integer based on the NAF recoding algorithm Probability analysis of each symbol in the proposed random recording algorithm Propose a addition-subtraction multiplication algorithm against SPA

CHES Preliminaries Elliptic curve over K : E(K) K  2, 3 : y 2 =x 3 + ax + b, a,b  K K=2 : y 2 +xy =x 3 + ax 2 + b Point(x, y) : Solution of a EC equation Scalar multiplication : Q=kP Input point : P n-bit scalar integer k,

CHES Preliminaries Binary scalar multiplication Q=O for i=n -1 to 0 by–-1 do { Q=2Q : Doubling  if (k i ==1) then Q=Q + P } : Addition  Return Q # of doubling : n, average # of addition: n/2

CHES Preliminaries Point operations : K  2, 3 P =(x 1, y 1 ), Q =(x 2, y 2 ), -P =(x 1, -y 1 ), Doubling : 2P = (x 3, y 3 )  x 3 = 2 - x 1 - x 2 y 3 = (x 1 - x 3 ) - y 1  = (3x 1 2 +a)/2y 1 Addition : (P+Q) = (x 3, y 3 )  x 3 = 2 - x 1 - x 2 y 3 = (x 1 - x 3 ) - y 1  = (y 2 - y 1 )/(x 2 - x 1 )

CHES Countermeasures to Power Attacks SPA : distinguish between point doubling and addition from a measured power signal SPA-immune alg.(by Coron) Q[0]=O  for i=n -1 to 0 by–-1 do {  Q[0]=2Q[0] : Doubling  Q[1]=Q[0]+P : Addition  Q[0]=Q[k i ] } : Selection  Return Q[0] DPA : exploit secret key by a statistical analysis of many power consumptions Coron : three countermeasures Oswald, et al : random addition-subtraction alg.

CHES Our Idea Requirement to prevent from SPA Independency of secret information and computational procedures Requirement to prevent from DPA Randomization of computing objects Our idea (DPA) Randomize the scalar(secret) integer Insert a random factor in the NAF alg.

CHES NAF Representation NAF(Non-Adjacent Form) Signed-digit form, Lowest weight form among all signed-digit representation of a given k Addition-Subtraction alg. : Q=dP  Input point P, Secret scalar integer d, n+1= |d| Q=O  for i=n to 0 by–-1 do {  Q=2Q : Doubling  if (d i ==1 ) then Q=Q+P : Addition or if (d i == ) then Q=Q -P } : Subtraction  Return Q # of doubling : n+1, average # of addition: n/3

CHES NAF recoding algorithm Ex) k = ( ) = 478 c = ( ) NAF d = ( ) = 2 9 –2 5 –2 1 =478 where, k i + c i = c i d i 2 0 = (c i+1 d i ), c i+1 : carry, d i : sum Key idea : (c i+1 d i ) = 0 1 = 1 for a signed-digit form NAF recoding algorithm InputOutput k i+1 k i c i c i+1 d i

CHES New Countermeasure(1/5) Random signed-scalar recoding alg. InputOutput k i+1 k i c i r i c i+1 d i Remarks NAF AF NAF AF NAF AF NAF AF NAF If r i =1 & (k i  c i ) =1, AF recoding 01  1 1  01

CHES Numerical Examples NAF recoding  k = ( ) = 478 d = ( ) = 478 Random recoding (case 1)  k = ( ) = 478  c = ( )  r = ( )  d = ( ) = 2 9 – =478 Random recoding (case 2)  r = ( )  d = ( ) = 2 9 – – 2 1 =478

CHES New Countermeasure(2/5) Probability of symbols (O. Egecioglu & C. K Koc) State variable s i  Input : quadruplets (k i+1, k i, c i, r i ) Output : (c i+1, d i ) Next state : (k i+2, k i+1, c i+1, r i+1 ) ? ? The next state is determined by (k i+2, r i+1 ) 

CHES New Countermeasure(3/5) Probability of each symbol Assumption : P(k i =0)=P(k i =1) =1/2  P(r i =0)=P(r i =1) =1/2 P(k i+2, r i+1 ) =1/4  Analyze using a Markov chain model Analysis result P(d i =0)=1/2  P(d i =1)=1/4 P(d i = )=1/4 

CHES SPA resistant Addition-Subtraction alg. Output : Q=dP, d : random signed-scalar integer Insert dummy operations Q[0]=O  P[0]=P, P[1]=P, P[ ]= -P  for i=n to 0 by–-1 do {  Q[0]=2Q[0] : Doubling  Q[1]=Q[0]+P[d i ] : Addition or  Q[ ]=Q[1] Subtraction  Q[0]=Q[d i ] } : Selection Return Q[0] New Countermeasure(4/5)

CHES New Countermeasure(5/5) Comparison n : bit length of scalar integer k * : Coron ’ s SPA-immune alg. ** : Coron ’ s first countermeasure against DPA d = k + r #E(K) m =|r| ( in practice, m =20 bits) Algorithmadditionsdoublings Unprotected ordinary binaryn/2n Unprotected NAFn/3n+1 Protected ordinary binary against SPA*nn Protected ordinary binary against DPA**+SPA*n+mn+mn+mn+m Our proposed algorithm against DPAn/2n+1 Our proposed algorithm against DPA+ SPAn+1

CHES Experimental Result(1/2) Experiments Data signal Response Control signal Trigger signal Control signal Measuring signal Card reader

CHES Experimental Result(2/2) MESD( Multiple-Exponent Single-Data )Attack Assumption : attacker can choose scalar integers and compare two card ’ s averaged power signal Correct scalar digits : (1,0,0,......)  Averaged power difference over 300 traces  (1,0,0,X,…) - (1,0,1,X,…) (1,0,0,X,…) - (New alg.)  No Protected Protected with random scalar

CHES Conclusion Propose a new countermeasure to make DPA infeasible Randomized signed-scalar representation Propose a SPA-immune Addition- Subtraction multiplication alg. Analyze symbol probability of new method using a finite Markov chain model To protect DPA : n/2 additions, n+1 doublings To protect DPA+SPA  : n+1 additions, n+1 doublings