ECC on small devices Junfeng Fan Katholieke Universiteit Leuven, - - PowerPoint PPT Presentation

ECC on small devices

Junfeng Fan

Katholieke Universiteit Leuven, Belgium junfeng.fan@esat.kuleuven.be

2

➢ What is a small device?

3

➢ What is a small device?

4

➢ What is a small device?

5

➢ What is a small device?

Trusted Platform Module

6

➢ What is a small device?

Trusted Platform Module Credit Card

7

➢ What is a small device?

Trusted Platform Module Credit Card RFID Tag

8

➢ Why do we want ECC on small devices?

Trusted Platform Module Credit Card RFID Tag

9

➢ Let's take RFID as an example...

10

➢ Let's take RFID as an example...

RFID chip Antenna

11

➢ Let's take RFID as an example...

RFID chip Antenna

12

13

14

15

16

➢ The problem is....privacy.

17

➢ The problem is....privacy.

18

➢ The problem is....privacy.

19

➢ The problem is....privacy.

ID:

Thomas XXX 13.08,1976 Dengerland

20

➢ The problem is....privacy.

ID:

Thomas XXX 13.08,1976 Dengerland

21

➢ The problem is....privacy.

ID:

Thomas XXX 13.08,1976 Dengerland

22

23

➢ What makes a good RFID tag?

24  It works!  It's cheap.  It's secure.  It's untraceable.  It's scalable.  It's fast.

➢ What makes a good RFID tag?

25  It works!  It's cheap.  It's secure.  It's untraceable.  It's scalable.  It's fast.

➢ What makes a good RFID tag?

26  It works!  It's cheap.  It's secure.  It's untraceable.  It's scalable.  It's fast.

➢ What makes a good RFID tag?

27  It works!  It's cheap.  It's secure.  It's untraceable.  It's scalable.  It's fast.

➢ What makes a good RFID tag?

28  It works!  It's cheap.  It's secure.  It's untraceable.  It's scalable.  It's fast.

➢ What makes a good RFID tag?

29  It works!  It's cheap.  It's secure.  It's untraceable.  It's scalable.  It's fast.

➢ What makes a good RFID tag?

30  It works!  It's cheap.  It's secure.  It's untraceable.  It's scalable.  It's fast.

➢ What makes a good RFID tag?

Small area

31  It works!  It's cheap.  It's secure.  It's untraceable.  It's scalable.  It's fast.

➢ What makes a good RFID tag?

Small area Crypto

32  It works!  It's cheap.  It's secure.  It's untraceable.  It's scalable.  It's fast.

➢ What makes a good RFID tag?

Small area Crypto PKC

33  It works!  It's cheap.  It's secure.  It's untraceable.  It's scalable.  It's fast.

➢ What makes a good RFID tag?

Small area Crypto PKC lightweight

34  It works!  It's cheap.  It's secure.  It's untraceable.  It's scalable.  It's fast.

➢ What makes a good RFID tag?

ECC?

Small area Crypto PKC lightweight

35

• Tag's private key: x
• Tag's public key : X(=[-x]P)

➢ The Schnorr Protocol [Schnorr'89]

Reader (Verifier) r2 = TRNG( ) If [v]P + [r2]X == R1 Then accept Tag (Prover) r1=TRNG( ) R1 = [r1]P v=xr2 + r1 mod n R1 r2 v

36

• Tag's private key: x
• Tag's public key : X(=[-x]P)

➢ The Schnorr Protocol [Schnorr'89]

Reader (Verifier) r2 = TRNG( ) If [v]P + [r2]X == R1 Then accept Tag (Prover) r1=TRNG( ) R1 = [r1]P v=xr2 + r1 mod n R1 r2 v Tracing Attack: ([v]P – R1 )r2-1 = [x]P = -X

37

• Reader's private key : KS, KM
• Reader's public key : KP
• Tag's ID: ID, K=FKM(ID)

➢ The Vaudenay Protocol [Vaudenay'07]

Reader (Verifier) a=TRNG( ) ID||K||a' = DecKS(c) If a == a' K == FKM(ID) Then accept ID Tag (Prover) c = EncKP(ID||K||a) a c

38

• Reader's private key : KS, KM
• Reader's public key : KP
• Tag's ID: ID, K=FKM(ID)

➢ The Vaudenay Protocol [Vaudenay'07]

Reader (Verifier) a=TRNG( ) ID||K||a' = DecKS(c) If a == a' K == FKM(ID) Then accept ID Tag (Prover) c = EncKP(ID||K||a) a c If the PKC in use is IND-CPA-secure, then the above RFID scheme is narrow-strong private.

39

➢ An ECC processor for RFID tags

40

➢ An ECC processor for RFID tags

• Performance
• Fast field arithmetic
• Fast group operations
• Physical Security
• Side-channel analysis
• Fault analysis
• Area & Energy
• Smaller ALU
• Less storage

41

➢ Hardware design flow

HDL HDL Logic Synthesis Logic Synthesis Floorplanning Floorplanning Placement Placement Routing Routing Tape-out Circuit Extraction Circuit Extraction Pre-Layout Simulation Pre-Layout Simulation Post-Layout Simulation Post-Layout Simulation Structural Physical Behavioral Design Capture Design Iteration

Timing closure!

Technology/library/manufacturer input

Slides courtesy: Prof. Ingrid Verbauwhede

42

➢ Layout of an integrated circuit

Slides courtesy: Prof. Ingrid Verbauwhede

43

➢ Area

• Gate Equivalent (GE): equivalent of NAND gates

44

➢ Area

• Gate Equivalent (GE): equivalent of NAND gates

A B Y 0 0 1 0 1 1 1 0 1 1 1 0

45

➢ Area

• Gate Equivalent (GE): equivalent of NAND gates

A B Y 0 0 1 0 1 1 1 0 1 1 1 0 D Q Q D Flip-Flop ( ≈ 6 GE ) CLK Q Q D D Q Q CLK D Q Q D Flip-Flop ( ≈ 6 GE ) CLK Q Q D D Q Q CLK

46

500 1000 1500 2000 2500 3000 3500 RSA-1024 2048 ECC-163 978 BLAKE 768 BMW 1536 CubeHash 1024 ECHO 2560 Fugue 960 Grostl 1024 Hamsi 768 JH 1024 Keccak 1600 Luffa 768 Shabal 1408 SHAvite-3 1024 SIMD 3072 Skein 768

➢ Memory requirement

SHA-3 Candidates

(256-bit digest)

* Ideguchi et al, 2009

47

500 1000 1500 2000 2500 3000 3500 RSA-1024 2048 ECC-163 978 BLAKE 768 BMW 1536 CubeHash 1024 ECHO 2560 Fugue 960 Grostl 1024 Hamsi 768 JH 1024 Keccak 1600 Luffa 768 Shabal 1408 SHAvite-3 1024 SIMD 3072 Skein 768

➢ Memory requirement

* Ideguchi et al, 2009

48

500 1000 1500 2000 2500 3000 3500 RSA-1024 2048 ECC-163 978 BLAKE 768 BMW 1536 CubeHash 1024 ECHO 2560 Fugue 960 Grostl 1024 Hamsi 768 JH 1024 Keccak 1600 Luffa 768 Shabal 1408 SHAvite-3 1024 SIMD 3072 Skein 768

➢ Memory requirement

SHA-3 Candidates

(256-bit digest)

* Ideguchi et al, 2009

49

➢ Let's make an ECC processor

 Binary fields v.s. Prime fields  Security level  Coorinate systems  Representation of field elements  Architecture  Physical security properties

50

➢ F2m v.s. Fp

 Use binary fields instead of prime fields  No carry bits, smaller and faster ALU

1-bit Add in GF(2m) 1-bit full-adder

51

➢ Security level

60 80 112 128

ECC K-233 ECC K-283

2011

ECC K-131 S t r e n g t h ECDLP Solvable (Estimation)

2020 ?

ECC-193 ECC K-163

? ?

52

➢ Security level

60 80 112 128

ECC K-233 ECC K-283

2011

ECC K-131 S t r e n g t h ECDLP Solvable (Estimation)

2020 ?

ECC-193 ECC K-163

? ?

53

➢ Coordinate systems

Coordinates Point Representation Inversion Point Multiplication Affine P1=(x1, y1) P2=(x2, y2) Each key bit

• Projective

P1=(X1, Y1, Z1) P2=(X2, Y2, Z2) One

• López-Dahab

(Affine) P1=(x1) P2=(x2) Each key bit Montgomery Ladder (P2 = P1 + P) López-Dahab (Projective) P1=(X1, Z1) P2=(X2, Z2) One * W-coordinate (Affine) P1=(w1) P2=(w2) Each key bit * W-coordinate (Projective) P1=(W1, Z1) P2=(W2, Z2) One

* Binary Edwards Curve only

54

➢ Coordinate systems

Coordinates Point Representation Inversion Point Multiplication Affine P1=(x1, y1) P2=(x2, y2) Each key bit

• Projective

P1=(X1, Y1, Z1) P2=(X2, Y2, Z2) One

• López-Dahab

(Affine) P1=(x1) P2=(x2) Each key bit Montgomery Ladder (P2 = P1 + P) López-Dahab (Projective) P1=(X1, Z1) P2=(X2, Z2) One * W-coordinate (Affine) P1=(w1) P2=(w2) Each key bit * W-coordinate (Projective) P1=(W1, Z1) P2=(W2, Z2) One

* Binary Edwards Curve only

55

➢ Count the number of registers

Algorithm 1: Montgomery Powering Ladder Input: k={1, kt-1,..,k0} and point P Output: [k]P 1: P1← P, P2 ← [2]P 2: for i=t-1 to 0 do 3: if ki=1 then P1← P1 + P2, P2 ← [2]P2

else

P2← P1 + P2, P1 ← [2]P1 4: end for Return P1 Point Addition:

(X1, Z1) + (X2, Z2) T1← x0 X1 ← X1·X2 Z1 ← Z1·X2 T2 ← X1·Z1 Z1 ← X1+Z1 Z1 ← Z1

2

X1 ← T1·Z1 X1 ← X1+T2 T1← c X1 ← X1

2

Z1 ← Z1

2

T1 ← Z1·T1 Z1 ← X1·Z1 T1 ← T1

2

X1 ← X1

2

X1 ← X1+T1

Point Doubling:

2(X1, Z1)

Register: 7

• Mul. : 4
• Sqr. : 1

Register: 3

• Mul. : 2
• Sqr. : 4

56

T1← x0 X1 ← X1·X2 Z1 ← Z1·X2 T2 ← X1·Z1 Z1 ← X1+Z1 Z1 ← Z1

2

X1 ← T1·Z1 X1 ← X1+T2

➢ Common-Z trick (7 --> 6)

T1← c X1 ← X1

2

Z1 ← Z1

2

T1 ← Z1·T1 Z1 ← X1·Z1 T1 ← T1

2

X1 ← X1

2

X1 ← X1+T1

Register: 7

• Mul. : 4
• Sqr. : 1

Register: 3

• Mul. : 2
• Sqr. : 4
• 7 registers in total:

(x0 , X1, Z1, X2, Z2, T1, T2)

• Further reduction:

(x0 , X1, X2, Z, T1, T2)

X1 ← X1·Z2 X2 ← X2·Z1 Z ← Z1·Z2

• Cost for one iteration:

6M+5S → 7M+4S

Point Addition:

(X1, Z1) + (X2, Z2)

Point Doubling:

2(X1, Z1)

57

➢ Circular-shift register file

Slides courtesy: Yongki Lee

58

➢ Power & Energy

59

➢ Power & Energy

 To support the computations

60

➢ Power & Energy

 To support the computations  To support a reasonable reading distance

61

➢ Power & Energy

62

➢ Power & Energy

Pd = α C V2f

Dynamic Power Switch Activity Output capacitance Vdd Clock Frequency

63

➢ A bit-serial multiplier

Input: A(x)={am-1,am-2…a1,a0}, B(x)= {bm-1,bm-2…b1,b0}, and P(x)={1,pm-1…p1,1} Output: C(x) = A(x)B(x) mod P(x) 1: C(x) ← 0; 2: for i = m-1 to 0 do 3: C(x) ← xC(x)+ bi A(x); C(x) ← C(x) mod P(x); 4: end for Return: C(x)

64

➢ A bit-serial multiplier

Bit-serial multiplier

A(x) bi C(x) Cout(x)

[ Delay: ≈ m cycles ]

Input: A(x)={am-1,am-2…a1,a0}, B(x)= {bm-1,bm-2…b1,b0}, and P(x)={1,pm-1…p1,1} Output: C(x) = A(x)B(x) mod P(x) 1: C(x) ← 0; 2: for i = m-1 to 0 do 3: C(x) ← xC(x)+ bi A(x); C(x) ← C(x) mod P(x); 4: end for Return: C(x)

65

➢ Power & Energy

Bit-serial Mul. Bit-serial Mul. Bit-serial Mul.

...

C(x) A(x) bi

Digit-serial Multiplier [ Delay: ≈ m/d cycles ] Bit-serial multiplier

A(x) bi C(x) Cout(x)

[ Delay: ≈ m cycles ]

66

➢ Power & Energy

 Target : One point multiplication within 0.25s

67

➢ Power & Energy

 Target : One point multiplication within 0.25s

1 2 3 4 5 20 40 60 80 100 120

Area [kGE] Cycles [x10^4] Freq [x10kHz] Power [uw] Energy [uJ]

Digit-size of the multiplier

68

➢ Physical attacks

69

➢ Physical attacks

Side-Channel Analysis

70

➢ Physical attacks

Side-Channel Analysis Fault Analysis

71

➢ Power analysis

ECC Processor ECC Processor

VDD GND Oscilloscope

+3,3V

R

72

➢ Simple power analysis

k = (kl-1,kl-2,...,k0) Left-to-right binary method for point multiplication R ← O for i=l-1 downto 0 do R ← [2]R if ki = 1 then R ← R + P end if end for

73

➢ Simple power analysis

k = (kl-1,kl-2,...,k0) Left-to-right binary method for point multiplication R ← O for i=l-1 downto 0 do R ← [2]R if ki = 1 then R ← R + P end if end for

74

➢ Montgomery Ladder?

Algorithm 1: Montgomery Powering Ladder Input: k={1, kt-1,..,k0} and point P Output: [k]P 1: P1← P, P2 ← [2]P 2: for i=t-1 to 0 do 3: if ki=1 then P1← P1 + P2, P2 ← [2]P2

else

P2← P1 + P2, P1 ← [2]P1 4: end for Return P1

75

➢ Montgomery Ladder?

Algorithm 1: Montgomery Powering Ladder Input: k={1, kt-1,..,k0} and point P Output: [k]P 1: P1← P, P2 ← [2]P 2: for i=t-1 to 0 do 3: if ki=1 then P1← P1 + P2, P2 ← [2]P2

else

P2← P1 + P2, P1 ← [2]P1 4: end for Return P1

76

➢ Montgomery Ladder?

Algorithm 1: Montgomery Powering Ladder Input: k={1, kt-1,..,k0} and point P Output: [k]P 1: P1← P, P2 ← [2]P 2: for i=t-1 to 0 do 3: if ki=1 then P1← P1 + P2, P2 ← [2]P2

else

P2← P1 + P2, P1 ← [2]P1 4: end for Return P1

77

➢ Differential power analysis

78

➢ Differential power analysis

k Power Model

79

➢ Differential power analysis

P1, P2, ..., Pn k [k]P1, [k]P2, ...,[k]Pn [k]P1

...

Power Model [k]P2 [k]Pn

...

80

➢ Differential power analysis

P1, P2, ..., Pn k [k]P1, [k]P2, ...,[k]Pn [k]P1

...

Power Model Key guess k=k' [k]P2 [k]Pn

...

81

➢ Differential power analysis

P1, P2, ..., Pn k [k]P1, [k]P2, ...,[k]Pn [k]P1

...

Power Model P1, P2, ..., Pn Key guess k=k' [k]P2 [k]Pn [k']P1, [k']P2, ...,[k']Pn

...

82

➢ Differential power analysis

P1, P2, ..., Pn k [k]P1, [k]P2, ...,[k]Pn [k]P1

...

Power Model P1, P2, ..., Pn Key guess k=k' [k]P2 [k]Pn [k']P1

...

[k']P2 [k']Pn [k']P1, [k']P2, ...,[k']Pn

... ...

83

➢ Differential power analysis

P1, P2, ..., Pn k [k]P1, [k]P2, ...,[k]Pn [k]P1

...

Power Model P1, P2, ..., Pn Key guess k=k' [k]P2 [k]Pn [k']P1

...

[k']P2 [k']Pn [k']P1, [k']P2, ...,[k']Pn

... ...

84

➢ Fault analysis

85

➢ Fault analysis

86

➢ Fault analysis (weak curve) [Biehl+'00]

k P(xP,yP) Q=[k]P

87

➢ Fault analysis (weak curve) [Biehl+'00]

k P(xP,yP) Q=[k]P

 The specified curve is:

E : y2 + a1 xy + a3 y = x3 + a2 x2 + a4 x + a6,

and P(xP,yP) is on E.

 Inject a fault: P(xP,yP) → P'(xP,y'P),

E' : y2 + a1 xy + a3 y = x3 + a2 x2 + a4 x + a'6,

88

➢ Fault analysis (weak curve) [Biehl+'00]

k P(xP,yP) Q=[k]P

 The specified curve is:

E : y2 + a1 xy + a3 y = x3 + a2 x2 + a4 x + a6,

and P(xP,yP) is on E.

 Inject a fault: P(xP,yP) → P'(xP,y'P),

E' : y2 + a1 xy + a3 y = x3 + a2 x2 + a4 x + a'6,

89

➢ Fault analysis (weak curve) [Biehl+'00]

k P(xP,yP) Q=[k]P

 The specified curve is:

E : y2 + a1 xy + a3 y = x3 + a2 x2 + a4 x + a6,

and P(xP,yP) is on E.

 Inject a fault: P(xP,yP) → P'(xP,y'P),

E' : y2 + a1 xy + a3 y = x3 + a2 x2 + a4 x + a'6,

Not used for PA/PD

90

➢Point validation

P(xP,yP) Q=[k]P

PV: Before the point multiplication : 1, check the integrity of curve E. 2, check if P is on the curve or not.

k

91

➢Point validation

P(xP,yP) Q=[k]P

PV: Before the point multiplication : 1, check the integrity of curve E. 2, check if P is on the curve or not. But: Can the adversary inject faults after the validation step?

k

92

➢ Fault analysis (twist curve) [Fouque+'08]

 Consider a curve defined on Fp:

E : y2z = x3 + a xz2 + bz3.

y coordinates is not needed for Montgomery ladder.

 The twist of E:

 E' : εy2z = x3 + a xz2 + bz3,

where ε is quadratic non-residue in Fp.

 Let (xP, - ) be a point on E, then a random fault on xP may

lead to a point on E' with a probability of 1/2. So, it is necessary to perform PV after point multiplication.

93

➢ Fault analysis (twist curve) [Fouque+'08]

 Consider a curve defined on Fp:

E : y2z = x3 + a xz2 + bz3.

y coordinates is not needed for Montgomery ladder.

 The twist of E:

 E' : εy2z = x3 + a xz2 + bz3,

where ε is quadratic non-residue in Fp.

 Let (xP, - ) be a point on E, then a random fault on xP may

lead to a point on E' with a probability of 1/2. So, it is necessary to perform PV after point multiplication.

94

➢ Fault analysis (twist curve) [Fouque+'08]

 Consider a curve defined on Fp:

E : y2z = x3 + a xz2 + bz3.

y coordinates is not needed for Montgomery ladder.

 The twist of E:

 E' : εy2z = x3 + a xz2 + bz3,

where ε is quadratic non-residue in Fp.

 Let (xP, - ) be a point on E, then a random fault on xP may

lead to a point on E' with a probability of 1/2. So, it is necessary to perform PV after point multiplication.

95

➢ Fault analysis (twist curve) [Fouque+'08]

 Consider a curve defined on Fp:

E : y2z = x3 + a xz2 + bz3.

y coordinates is not needed for Montgomery ladder.

 The twist of E:

 E' : εy2z = x3 + a xz2 + bz3,

where ε is quadratic non-residue in Fp.

 Let (xP, - ) be a point on E, then a random fault on xP may

lead to a point on E' with a probability of 1/2. So, it is necessary to perform PV after point multiplication. But: Can the adversary inject faults before the validation step?

96

Passive attacks Active attacks

Safe-error Weak curve Differential

SPA TA Temp- late DPA Doubl. Attack RPA ZPA Carry based M type C type Invalid Point Invalid curve Twist curve Sign change Diff. Fault Indistinguishable PA/PD

√

• ?
• Double-add-always

√

• x
• H
• Montgomery ladder ┴

√

• x

?

• √*
• H

√

• Montgomery ladder ┬

√

• x

x

• √*
• √
• Random key splitting
• ?

√ ? √ x

• ?

? ?

Scalar randomization

• x

x x √ x

• ?

?

Base point blinding

• x

x x √

• ?

*?

• ?

Randomized proj. coord.

• √

√ ? x

• ?

Randomized EC Iso.

• ?

√ ? x

• ?

Randomized Field Iso.

• ?

√ ? x

• ?

Point validity check

• H

√ ? √┬ H √

Curve integrity check

• √
• Coherence check
• H
• ?
• √*

√

√: Effective x: Attacked

• : Not related H: helps the attack

?: Not clear or not published *: Implementation dependent

97

➢ Attacking points

The Schnorr Protocol

• Tag's private key: x
• Tag's public key : X(=[-x]P)

Reader (Verifier) r2 = TRNG( ) If [v]P + [r2]X == R1 Then accept Tag (Prover) r1=TRNG( ) R1 = [r1]P v=xr2 + r1 mod n R1 r2 v

98

➢ Attacking points

The Schnorr Protocol

• Tag's private key: x
• Tag's public key : X(=[-x]P)

Reader (Verifier) r2 = TRNG( ) If [v]P + [r2]X == R1 Then accept Tag (Prover) r1=TRNG( ) R1 = [r1]P v=xr2 + r1 mod n R1 r2 v

99

➢ Attacking points

The Schnorr Protocol

• Tag's private key: x
• Tag's public key : X(=[-x]P)

Reader (Verifier) r2 = TRNG( ) If [v]P + [r2]X == R1 Then accept Tag (Prover) r1=TRNG( ) R1 = [r1]P v=xr2 + r1 mod n R1 r2 v

100

➢ Attacking points

The Schnorr Protocol

• Tag's private key: x
• Tag's public key : X(=[-x]P)

Reader (Verifier) r2 = TRNG( ) If [v]P + [r2]X == R1 Then accept Tag (Prover) r1=TRNG( ) R1 = [r1]P v=xr2 + r1 mod n R1 r2 v

101

➢ Ideally, it would be nice to have...

102

➢ Ideally, it would be nice to have...

P=(x,±1) or P=(x)

103

➢ Ideally, it would be nice to have...

P=(x,±1) or P=(x)

+

No inversions involved in scalar multiplication

104

➢ Ideally, it would be nice to have...

P=(x,±1) or P=(x)

+

No inversions involved in scalar multiplication

+

It has no weak twists

105

➢ Ideally, it would be nice to have...

P=(x,±1) or P=(x)

+

No inversions involved in scalar multiplication

+

It has no weak twists

+

A random (n-bit) fault on curve parameters is not likely to hit a weak curve

106

➢ Ideally, it would be nice to have...

P=(x,±1) or P=(x)

+

No inversions involved in scalar multiplication

+

It has no weak twists

+

A random (n-bit) fault on curve parameters is not likely to hit a weak curve The protocol has minimum attacking points

+

107

➢ Ideally, it would be nice to have...

P=(x,±1) or P=(x)

+

No inversions involved in scalar multiplication

+

It has no weak twists

+

A random (n-bit) fault on curve parameters is not likely to hit a weak curve The protocol has minimum attacking points

+

Lightweight countermeasures

+

108

➢ Comparison

[LBV’08] [FBV’08] [ABFV’08] [KFV'10]

* ECC/BEC over GF(2163) * HECC over GF(283) * NTRU parameter: {N=167, q=128, p=3}

[kGates] [uW] [104 Cycles] [uJ]

109

➢ An ECC processor for RFID (Expected in Nov, 2010)

110

Full-Custom Design

➢ An ECC processor for RFID (Expected in Nov, 2010)

111

Thanks for your attention.