1. In The Name of Allah Fault attacks on ECC
Fereshte Mozafari
Arezoo Dabaghi

2. FLOW Introduction Fault attacks
Differential fault attack & its countermeasure
Sign change fault attack & its countermeasure
References
Hardware Security and Trust, CE, SUT

3. Introduction Elliptic curve is cryptographically strong
An EC over Fp (p > 3) satisfy with:
Y2 = x3 + ax2 + b (mod p)
In cryptosystems based on EC, a crucial computation is the scalar multiplication of a public base point P with a secret scalar factor k.
Q = kP
Attacks aim to recover the value of k.
Elliptic curve is cryptographically strong
Hardware Security and Trust, CE, SUT

4. Fault Attacks Differential Fault Attack(DFA)
Sign Change Fault Attack(SCFA)
M Safe- Error Analysis
C Safe- Error Analysis
Invalid Curve Analysis
Invalid Point Analysis
Hardware Security and Trust, CE, SUT

5. Differential fault attack(0)
Scalar multiplication
Q = k.P
P, 𝐸 /𝐹 𝑝 , p

6. Differential fault attack(1)
Preliminaries
If enforce a fault randomly in a register than can recover secret key in expected polynomial time
binary length of n is k
𝑄 𝑖 value stored in variable Q before iteration I
𝑄′ 𝑖 𝑖𝑠 a disturbed Q−value
Hardware Security and Trust, CE, SUT

7. Differential fault attack(2)
Method
Run ECSM once and collect the correct result ( 𝑄 𝑛 )
Enforce register fault in a register holding the variable Q , in iteration n-m < j < n
n-1 j
𝑄′ 𝑗
Hardware Security and Trust, CE, SUT

8. Differential fault attack(3)
3. Find the index of the first iteration j’ with j’ > j and 𝑘 𝑗′ =1
n-1 j’ j
𝑄′ 𝑗′
Hardware Security and Trust, CE, SUT

9. Differential fault attack(4)
4. find candidate for the disturbed Q-value 𝑄′ 𝑗′ 1. check each i with ( n-m < i < n) as candidate for j’ 2. x = {0; 1} 𝑛−𝑖 as candidate for the n-i most significant bit of k
n-1
j’=i j
𝑥 𝑥
Hardware Security and Trust, CE, SUT

10. Differential fault attack(4)
4. find candidate for the disturbed Q-value 𝑄′ 𝑗′
n-1
j’=i j
(𝑥 𝑥 . 2 𝑖 .P)’
𝑄′ 𝑥𝑖 = 𝑄′ 𝑗′
𝑄 𝑥𝑖 𝑡 = 𝑄 𝑛 - 𝑥 𝑥 . 2 𝑖 .P
Hardware Security and Trust, CE, SUT

11. Differential fault attack(5)
5. For each choice of x and i we consider all disturbed Q- values ( 𝑄′ 𝑥𝑖 ) with can derive from 𝑄 𝑥𝑖 by flipping one bit. 6. calculate 𝑄′ 𝑛 by :
Hardware Security and Trust, CE, SUT

12. Differential fault attack(6)
7. if 𝑄′ 𝑛 is identical by 𝑄′ 𝑛 of device
i as a candidate for j’
𝑄′ 𝑥𝑖 as a candidate for 𝑄′ 𝑗′
binary representation of x as a candidate for upper n-j’ of k
Hardware Security and Trust, CE, SUT

13. Countermeasure for DFA
intermediate results (Qi , Hi )should be regularly checked
randomize the scalar k
Hardware Security and Trust, CE, SUT

14. SCFA on ECC(1) Over NAF-based left-to-right doubling algorithm
Hardware Security and Trust, CE, SUT

15. SCFA on ECC(2)
Basic idea: recover the bits of k in pieces of 1 ≤ r ≤ m bits
A SCF changes the sign of y-coordinate of an attacked point
Q  Qf
Hardware Security and Trust, CE, SUT

16. SCFA on ECC(3) the only unknown part is Li (k)
This allows to recover bits of k starting from the LSB
Hardware Security and Trust, CE, SUT

17. Injection of SCF on Qi ‘(1)
Input: access to algorithm1
n the length of private key, k > 0 in NAF
Q = kP, m a parameter for acceptable amount of
offline work
Output: k with probability at least 1/2
#Step1: Collect faulty output
collect the set S by including SCF on Qi’
Hardware Security and Trust, CE, SUT

18. Injection of SCF on Qi ‘(2)
#step2: Inductive Retrieval of Secret Key Bits
1. Set s := -1
2. While(s < n-1) do
3. Set
4. For all lengths of r = 1,2,…,m do
5. For all valid NAF-patterns x = (xs+1,xs+2,…,xs+r) do
S+1 LSBs of k are known
Compute known LSB part
Try all possible bit pattern with length r
Hardware Security and Trust, CE, SUT

19. Injection of SCF on Qi ‘(3)
6. Set 7. For all do 8. If then 9. conclude ks+1 = xs+1, ks+2 = xs+2,…, ks+r = xs+r , set s := s + r
Compute test condidate Tx
Verify Tx
Hardware Security and Trust, CE, SUT

20. Injection of SCF on Qi ‘(4)
10. If no test candidate satisfies the verification step,then assume that ks+1 = 0, set s := s continue at Line Verify Q = kP If this fails then output ”failure” 13. Output “k”
Hardware Security and Trust, CE, SUT

21. Countermeasure for SCFA(1)
Uses a second elliptic curve whose order is a small prime number(t) to verify the final results
E = Ep := E( Fp )
Et := E( Ft )
Ept is defined with parameters Apt and Bpt
Apt ≡ Ap mod p, Apt ≡ At mod t
Bpt ≡ Bp mod p, Bpt ≡ Bt mod t
Qpt = k Ppt
Hardware Security and Trust, CE, SUT

22. Countermeasure for SCFA(2)
Attacks in Line 4 cannot yield a faulty output
Hardware Security and Trust, CE, SUT

23. References
1. J. Blomer, M. Otto, J. Seifert“Sign Change Fault Attacks On Elliptic Curve Cryptosystems,” Fault Diagnousis and Tolerance iv Cryptograghy , pp , J. Fan, I. Verbouwhede, “An Updated Survey on Secure ECC Implementations: Attacks, Countermeasures and Cost,” Cryptography and Security, pp , J. Fan, X. Gue, E. Mulder, “State-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures,” International Symposium on Hardware-Oriented Security and Trust , pp , I. Biehel, B. Meyer, V. Muller, "Diferential Fault Attacks on Elliptic Curve Cryptosystems," Advance in Cryptography, pp , B. Johannes, O. Martin, S. Jean-Pierre, ‘Sign Change Fault Attacks on Elliptic Curve Cryptosystems”
Hardware Security and Trust, CE, SUT

24. When that you think every thing is hidden and no one can see within , remember my friend , God can