In The Name of Allah

Fault attacks on ECC

Fereshte MozafariArezoo Dabaghi

FLOWIntroductionFault attacksDifferential fault attack & its countermeasureSign change fault attack & its

countermeasureReferences

Hardware Security and Trust, CE, SUT 2

Introduction An EC over Fp (p > 3) satisfy with:

Y2 = x3 + ax2 + b (mod p)In cryptosystems based on EC, a crucial

computation is the scalar multiplication of a public base point P with a secret scalar factor k.

Q = kP

Attacks aim to recover the value of k. Hardware Security and Trust, CE, SUT 3

Fault AttacksDifferential Fault Attack(DFA) Sign Change Fault Attack(SCFA)M Safe- Error AnalysisC Safe- Error AnalysisInvalid Curve AnalysisInvalid Point Analysis

Hardware Security and Trust, CE, SUT 4

Differential fault attack(0)

5

Scalar multiplication

P, , p

Q = k.P

Differential fault attack(1)Preliminaries

If enforce a fault randomly in a register

than can recover secret key in expected

polynomial time

binary length of n is k

value stored in variable Q before iteration

I

e Hardware Security and Trust, CE, SUT 6

Differential fault attack(2)Method

1.Run ECSM once and collect the correct result ()

2.Enforce register fault in a register holding the variable Q , in iteration n-m < j < n

Hardware Security and Trust, CE, SUT 7

j

𝑄 ′ 𝑗

0n-1

Differential fault attack(3)3. Find the index of the first iteration j’ with j’ > j and =1

Hardware Security and Trust, CE, SUT 8

j

𝑄 ′ 𝑗 ′

0n-1 j’

Differential fault attack(4)4. find candidate for the disturbed Q-value

1. check each i with ( n-m < i < n) as candidate for j’ 2. x = as candidate for the n-i most significant bit of k

Hardware Security and Trust, CE, SUT 9

j 0n-1 j’=i

𝑥𝑥

Differential fault attack(4)4. find candidate for the disturbed Q-value

Hardware Security and Trust, CE, SUT 10

j

𝑄 ′𝑥𝑖=𝑄 ′ 𝑗 ′

0n-1 j’=i

. .P)’

= - . .P

Differential fault attack(5)5. For each choice of x and i we consider all

disturbed Q- values () with can derive from by flipping

one bit.6. calculate by :

Hardware Security and Trust, CE, SUT 11

Differential fault attack(6)7. if is identical by of device

i as a candidate for j’ as a candidate for binary representation of x as a candidate for upper n-j’ of k

Hardware Security and Trust, CE, SUT 12

Countermeasure for DFAintermediate results (Qi , Hi )should be

regularly checkedrandomize the scalar k

Hardware Security and Trust, CE, SUT 13

SCFA on ECC(1)Over NAF-based left-to-right doubling

algorithm

14Hardware Security and Trust, CE, SUT

SCFA on ECC(2)Basic idea: recover the bits of k in pieces of 1

≤ r ≤ m bitsA SCF changes the sign of y-coordinate of an

attacked point

Q Qf

Hardware Security and Trust, CE, SUT 15

SCFA on ECC(3)

the only unknown part is Li (k)This allows to recover bits of k starting from

the LSB

Hardware Security and Trust, CE, SUT 16

+ -

Injection of SCF on Qi ‘(1)Input: access to algorithm1 n the length of private key, k > 0 in NAF

Q = kP, m a parameter for acceptable amount of offline workOutput: k with probability at least 1/2#Step1: Collect faulty output collect the set S by including SCF on Qi

’

Hardware Security and Trust, CE, SUT 17

Injection of SCF on Qi ‘(2)#step2: Inductive Retrieval of Secret Key Bits

1. Set s := -12. While(s < n-1) do 3. Set

4. For all lengths of r = 1,2,…,m do 5. For all valid NAF-patterns x = (xs+1,xs+2,…,xs+r) do

Hardware Security and Trust, CE, SUT 18

S+1 LSBs of k are known

Compute known LSB part

Try all possible bit pattern with length r

Injection of SCF on Qi ‘(3)6. Set

7. For all do 8. If then 9. conclude ks+1 = xs+1,

ks+2 = xs+2,…, ks+r = xs+r ,

set s := s + r

Hardware Security and Trust, CE, SUT 19

Compute test condidate Tx

Verify Tx

Injection of SCF on Qi ‘(4)10. If no test candidate satisfies the verification step,then assume that ks+1 = 0, set s := s + 1

11. continue at Line 212. Verify Q = kP If this fails then output ”failure”13. Output “k”

Hardware Security and Trust, CE, SUT 20

Countermeasure for SCFA(1)Uses a second elliptic curve whose order

is a small prime number(t) to verify the final results E = Ep := E( Fp )

Et := E( Ft )

Ept is defined with parameters Apt and Bpt

Apt ≡ Ap mod p, Apt ≡ At mod t

Bpt ≡ Bp mod p, Bpt ≡ Bt mod t

Qpt = k Ppt

Hardware Security and Trust, CE, SUT 21

Countermeasure for SCFA(2)Attacks in Line 4 cannot yield a faulty output

Hardware Security and Trust, CE, SUT 22

References1. J. Blomer, M. Otto, J. Seifert“Sign Change Fault Attacks On Elliptic Curve Cryptosystems,” Fault Diagnousis and Tolerance iv Cryptograghy , pp. 36-52, 2006.2. J. Fan, I. Verbouwhede, “An Updated Survey on Secure ECC Implementations: Attacks, Countermeasures and Cost,” Cryptography and Security, pp. 265-282, 2012.3. J. Fan, X. Gue, E. Mulder, “State-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures,” International Symposium on Hardware-Oriented Security and Trust , pp. 165-171, 2010.4. I. Biehel, B. Meyer, V. Muller, "Diferential Fault Attacks on Elliptic Curve Cryptosystems," Advance in Cryptography, pp. 131-141, 2000.5. B. Johannes, O. Martin, S. Jean-Pierre, ‘Sign Change Fault Attacks on Elliptic Curve Cryptosystems”

Hardware Security and Trust, CE, SUT 23

When that you think every thing is hidden and no one can see within , remember my friend , God

can