In The Name of Allah Fault attacks on ECC Fereshte Mozafari Arezoo Dabaghi
FLOW Introduction Fault attacks Differential fault attack & its countermeasure Sign change fault attack & its countermeasure References Hardware Security and Trust, CE, SUT
Introduction Elliptic curve is cryptographically strong An EC over Fp (p > 3) satisfy with: Y2 = x3 + ax2 + b (mod p) In cryptosystems based on EC, a crucial computation is the scalar multiplication of a public base point P with a secret scalar factor k. Q = kP Attacks aim to recover the value of k. Elliptic curve is cryptographically strong Hardware Security and Trust, CE, SUT
Fault Attacks Differential Fault Attack(DFA) Sign Change Fault Attack(SCFA) M Safe- Error Analysis C Safe- Error Analysis Invalid Curve Analysis Invalid Point Analysis Hardware Security and Trust, CE, SUT
Differential fault attack(0) Scalar multiplication Q = k.P P, 𝐸 /𝐹 𝑝 , p
Differential fault attack(1) Preliminaries If enforce a fault randomly in a register than can recover secret key in expected polynomial time binary length of n is k 𝑄 𝑖 value stored in variable Q before iteration I 𝑄′ 𝑖 𝑖𝑠 a disturbed Q−value Hardware Security and Trust, CE, SUT
Differential fault attack(2) Method Run ECSM once and collect the correct result ( 𝑄 𝑛 ) Enforce register fault in a register holding the variable Q , in iteration n-m < j < n n-1 j 𝑄′ 𝑗 Hardware Security and Trust, CE, SUT
Differential fault attack(3) 3. Find the index of the first iteration j’ with j’ > j and 𝑘 𝑗′ =1 n-1 j’ j 𝑄′ 𝑗′ Hardware Security and Trust, CE, SUT
Differential fault attack(4) 4. find candidate for the disturbed Q-value 𝑄′ 𝑗′ 1. check each i with ( n-m < i < n) as candidate for j’ 2. x = {0; 1} 𝑛−𝑖 as candidate for the n-i most significant bit of k n-1 j’=i j 𝑥 𝑥 Hardware Security and Trust, CE, SUT
Differential fault attack(4) 4. find candidate for the disturbed Q-value 𝑄′ 𝑗′ n-1 j’=i j (𝑥 𝑥 . 2 𝑖 .P)’ 𝑄′ 𝑥𝑖 = 𝑄′ 𝑗′ 𝑄 𝑥𝑖 𝑡 = 𝑄 𝑛 - 𝑥 𝑥 . 2 𝑖 .P Hardware Security and Trust, CE, SUT
Differential fault attack(5) 5. For each choice of x and i we consider all disturbed Q- values ( 𝑄′ 𝑥𝑖 ) with can derive from 𝑄 𝑥𝑖 by flipping one bit. 6. calculate 𝑄′ 𝑛 by : Hardware Security and Trust, CE, SUT
Differential fault attack(6) 7. if 𝑄′ 𝑛 is identical by 𝑄′ 𝑛 of device i as a candidate for j’ 𝑄′ 𝑥𝑖 as a candidate for 𝑄′ 𝑗′ binary representation of x as a candidate for upper n-j’ of k Hardware Security and Trust, CE, SUT
Countermeasure for DFA intermediate results (Qi , Hi )should be regularly checked randomize the scalar k Hardware Security and Trust, CE, SUT
SCFA on ECC(1) Over NAF-based left-to-right doubling algorithm Hardware Security and Trust, CE, SUT
SCFA on ECC(2) Basic idea: recover the bits of k in pieces of 1 ≤ r ≤ m bits A SCF changes the sign of y-coordinate of an attacked point Q Qf Hardware Security and Trust, CE, SUT
SCFA on ECC(3) the only unknown part is Li (k) This allows to recover bits of k starting from the LSB + - Hardware Security and Trust, CE, SUT
Injection of SCF on Qi ‘(1) Input: access to algorithm1 n the length of private key, k > 0 in NAF Q = kP, m a parameter for acceptable amount of offline work Output: k with probability at least 1/2 #Step1: Collect faulty output collect the set S by including SCF on Qi’ Hardware Security and Trust, CE, SUT
Injection of SCF on Qi ‘(2) #step2: Inductive Retrieval of Secret Key Bits 1. Set s := -1 2. While(s < n-1) do 3. Set 4. For all lengths of r = 1,2,…,m do 5. For all valid NAF-patterns x = (xs+1,xs+2,…,xs+r) do S+1 LSBs of k are known Compute known LSB part Try all possible bit pattern with length r Hardware Security and Trust, CE, SUT
Injection of SCF on Qi ‘(3) 6. Set 7. For all do 8. If then 9. conclude ks+1 = xs+1, ks+2 = xs+2,…, ks+r = xs+r , set s := s + r Compute test condidate Tx Verify Tx Hardware Security and Trust, CE, SUT
Injection of SCF on Qi ‘(4) 10. If no test candidate satisfies the verification step,then assume that ks+1 = 0, set s := s + 1 11. continue at Line 2 12. Verify Q = kP If this fails then output ”failure” 13. Output “k” Hardware Security and Trust, CE, SUT
Countermeasure for SCFA(1) Uses a second elliptic curve whose order is a small prime number(t) to verify the final results E = Ep := E( Fp ) Et := E( Ft ) Ept is defined with parameters Apt and Bpt Apt ≡ Ap mod p, Apt ≡ At mod t Bpt ≡ Bp mod p, Bpt ≡ Bt mod t Qpt = k Ppt Hardware Security and Trust, CE, SUT
Countermeasure for SCFA(2) Attacks in Line 4 cannot yield a faulty output Hardware Security and Trust, CE, SUT
References 1. J. Blomer, M. Otto, J. Seifert“Sign Change Fault Attacks On Elliptic Curve Cryptosystems,” Fault Diagnousis and Tolerance iv Cryptograghy , pp. 36-52, 2006. 2. J. Fan, I. Verbouwhede, “An Updated Survey on Secure ECC Implementations: Attacks, Countermeasures and Cost,” Cryptography and Security, pp. 265-282, 2012. 3. J. Fan, X. Gue, E. Mulder, “State-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures,” International Symposium on Hardware-Oriented Security and Trust , pp. 165-171, 2010. 4. I. Biehel, B. Meyer, V. Muller, "Diferential Fault Attacks on Elliptic Curve Cryptosystems," Advance in Cryptography, pp. 131-141, 2000. 5. B. Johannes, O. Martin, S. Jean-Pierre, ‘Sign Change Fault Attacks on Elliptic Curve Cryptosystems” Hardware Security and Trust, CE, SUT
When that you think every thing is hidden and no one can see within , remember my friend , God can