[PPT] - Protection of cryptographic keys recodings against physical attacks PowerPoint Presentation

SLIDE 1

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Protection of cryptographic keys recodings against physical attacks

Author: Simon RASTIKIAN Supervisor: Arnaud TISSERAND

SLIDE 2

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

PLAN

Introduction
Elliptic Curve Cryptography
Side Channel Attacks
Application

SLIDE 3

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Introduction

Public-key cryptography conceived by W. Diffie & M. Hellman.
Then comes RSA.
Then ECC by N. Koblitz & V. Miller basing their schemes on ECDLP.
What about security?

SLIDE 4

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Elliptic Curve Cryptography

An elliptic curve over a field K is defined by the Weierstrass equation [1]

E: 𝑧2 + 𝑏1𝑦𝑧 + 𝑏3𝑧 = 𝑦3 + 𝑏2𝑦2 + 𝑏4𝑦 + 𝑏6 Where 𝑏1, 𝑏2, 𝑏3, 𝑏4, 𝑏6 ∈ 𝐿 𝑏𝑜𝑒 Δ ≠ 0 Δ = −𝑒2

2𝑒8 − 8𝑒4 3 − 27𝑒6 2 + 9𝑒2𝑒4𝑒6

𝑒2 = 𝑏1

2 + 4𝑏_2

𝑒4 = 2𝑏4 + 𝑏1𝑏3 𝑒6 = 𝑏3

2 + 4𝑏6

𝑒8 = 𝑏1

2𝑏6 + 4𝑏2𝑏6 − 𝑏1𝑏3𝑏4 + 𝑏2𝑏3 2 − 𝑏4 2

SLIDE 5

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Elliptic Curve Cryptography

𝐹1, 𝐹2 are isomorphic over K if ∃𝑣, 𝑠, 𝑡, 𝑢 ∈ 𝐿 𝑥𝑗𝑢ℎ 𝑣 ≠ 0 such that

[1]: Φ ∶ 𝐿2 → 𝐿2 Transforms equation 𝐹1 into equation 𝐹2. 𝑦, 𝑧 → (𝑣2𝑦 + 𝑠, 𝑣3𝑧 + 𝑣2𝑡𝑦 + 𝑢)

SLIDE 6

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Elliptic Curve Cryptography

Over prime fields Fp p > 3 : y2 = x3 + ax + b where a, b ∈ K Δ = −16 (4a3 + 27b2) Over binary fields F2𝑛: If 𝑏1 ≠ 0 then 𝑧2 + 𝑦𝑧 = 𝑦3 + 𝑏𝑦2 + 𝑐 𝑥ℎ𝑓𝑠𝑓 𝑏, 𝑐 ∈ 𝐿 Δ = 𝑐 If 𝑏1 = 0 then 𝑧2 + 𝑑𝑧 = 𝑦3 + 𝑏𝑦 + 𝑐 𝑥ℎ𝑓𝑠𝑓 𝑏, 𝑐, 𝑑 ∈ 𝐿 Δ = 𝑑4 Over optimal extension fields F3𝑛: If 𝑏1

2 ≠ −𝑏2 then 𝑧2 = 𝑦3 + 𝑏𝑦2 + 𝑐 𝑥ℎ𝑓𝑠𝑓 𝑏, 𝑐 ∈ 𝐿

Δ = −𝑏3𝑐 If 𝑏1

2 = −𝑏2 then 𝑧2 = 𝑦3 + 𝑏𝑦

+ 𝑐 𝑥ℎ𝑓𝑠𝑓 𝑏, 𝑐 ∈ 𝐿 Δ = −𝑏3

SLIDE 7

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Elliptic Curve Cryptography

Additive law +: 𝐹 𝐿 → 𝐹(𝐿) defined by the chord-and-tangent rule

Point addition and point doubling on the curve 𝑧2 = 𝑦3 − 𝑦 + 1 defined over R [5].

SLIDE 8

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Mathematically ∀𝑄, 𝑅 ∈ 𝐹(𝐿) :

1. Identity : 𝑄 + ∞ = ∞ + 𝑄 = 𝑄 2. Negative : −𝑄 = − 𝑦, 𝑧 = 𝑦, −𝑧 and 𝑦, 𝑧 + 𝑦, −𝑧 = ∞ 3. Point addition : 𝑄 = 𝑦1, 𝑧1 , 𝑅 = 𝑦2, 𝑧2 𝑏𝑜𝑒 𝑄 ≠ ±𝑅 𝑢ℎ𝑓𝑜 4. Point doubling : if 𝑄 ≠ −𝑄 then 2 𝑄 = 𝑦3, 𝑧3 where

Elliptic Curve Cryptography

𝑄 + 𝑅 = 𝑦3, 𝑧3 𝑥ℎ𝑓𝑠𝑓 𝑦3 =

𝑧2−𝑧1 𝑦2−𝑦1 2

and 𝑧3 =

𝑧2−𝑧1 𝑦2−𝑦1

𝑦1 − 𝑦3 − 𝑧1 𝑦3 =

3𝑦1+𝑏 2𝑧1 2

− 2𝑦1 and 𝑧3 =

3𝑦1

2+𝑏

2𝑧1

𝑦1 − 𝑦3 − 𝑧1

SLIDE 9

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Let E be an elliptic curve defined over Fp . Suppose P ∈ 𝐹(Fp) has a prime

rder n.

<P>={∞,P, 2P, …, (n-1) P} is a cyclic group. ECDLP: Key pair generation: Given E, p, P, n (public parameter). Choose random integer k in [1,n-1] (secret key). Compute Q=kP. ECDLP problem : Given E, p, P, n (public) and Q=kP. Find k (secret key).

Elliptic Curve Cryptography

SLIDE 10

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

No sub-exponential complexity algorithm for solving ECDLP.
Pollard’s rho attack and Shanks attack solve it in Ο(√𝑜).

Elliptic Curve Cryptography

Symmetric key size (bits) RSA and DH key size (bits) ECC key size (bits) 80 (SKIPJACK ) 1024 160 112 (Triple-DES) 2048 224 128 (AES-Small) 3072 256 192 (AES-Medium) 7680 384 256 (AES-Large) 15360 521 NIST comparision of ECC, RSA and DH key for different security requierements.

SLIDE 11

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Projective coordinates: c,d postitive integers .

An equivalence relation on the set 𝐿3\{(0,0,0)} noted as 𝑌1, 𝑍

1, 𝑎1 ~(𝑌2, 𝑍 2, 𝑎2) exists if 𝑌1 = 𝜇𝑑𝑌2, 𝑍 1 = 𝜇𝑒𝑍 2, 𝑎1 = 𝜇𝑎2 𝑔𝑝𝑠 𝜇 ∈ 𝐿∗

The projective point is the representative class 𝑌: 𝑍: 𝑎 = {(𝜇𝑑𝑌, 𝜇𝑒𝑍, 𝜇𝑎)|𝜇 ∈ 𝐿∗} 1-1 correspondance between the projective points such that 𝑎 ≠ 0 and the affine points.

Elliptic Curve Cryptography

SLIDE 12

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Several projective coordinates :
1. Standard projective coordinates (c=1 and d=1): (X,Y,Z) with 𝑎 ≠ 0

corresponds to the affine point (

𝑌 𝑎 , 𝑍 𝑎) and (0:1:0) to ∞

2. Jacobian projective coordinates (c=2 and d=3): (X,Y,Z) with 𝑎 ≠ 0

corresponds to the affine point(

𝑌 𝑎2 , 𝑍 𝑎3) and (1:1:0) to ∞.

3. Chudnovsky coordiates: The Jacobian point is represented with redundancy

(X:Y:Z:Z²:Z³)

Elliptic Curve Cryptography

SLIDE 13

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Side Channel Attacks

Making assumption about the knowledge that an attacker has about the

security.

It is best to make stronger assumption than Kerckhoff’s principle.
Electronic circuits are enherently leaky.

SLIDE 14

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Power analysis attack is the observation and the study of the power

consuption of the cryptegraphic device.

Two types of power analysis attacks are well-known:
1. Simple power attack (SPA): Visual examination of graphs of the current

used by a device overtime. Small number of power traces is needed.

2. Differential power attack (DPA): Does not require detailed knowledge

about the device. It is a statistical analysis of the power consumption measurements from a cyptosystem. Large number of power traces is needed.

Side Channel Attacks

SLIDE 15

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

How to compute Q=kP?
Classical algorithm : Double-and-Add

Side Channel Attacks

Input : 𝑙 = 𝑙𝑜−1𝑙𝑜−2 … 𝑙0 , 𝑄 ∈ 𝐹(F𝑞) Output: Q=kP 𝑅 ← ∞ For i form n-1 to 0 do Q ← 2 𝑅 (DBL) If ki = 1 then 𝑅 ← 𝑅 + 𝑄 (ADD)

SLIDE 16

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Side Channel Attacks

Power consumption measure of Double-and-Add algorithm from left to right coded on FPGA [5].

SLIDE 17

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

In Jacobian coordinates ADD = 12 M + 4 S DBL = 4M + 4S

Side Channel Attacks

Power consumption measure of Double-and-Add algorithm from left to right coded on FPGA [5].

SLIDE 18

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

In Jacobian coordinates ADD = 12 M + 4 S DBL = 4M + 4S

Side Channel Attacks

Power consumption measure of Double-and-Add algorithm from left to right coded on FPGA [5].

SLIDE 19

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

NAF algorithms coded in C language.
w-NAF algorithm for point multiplication ressembles to Double-and-Add but

with different secret key representation.

Subtracting a point is easy beacause -(X,Y,Z) = (X,-Y,Z).
A width-w NAF of k is the expression 𝑙 = 𝑗=0

𝑚−1 𝑙𝑗2𝑗 𝑥ℎ𝑓𝑠𝑓 𝑙𝑗 < 2𝑥−1 and

𝑙𝑗 are either odd or zero except 𝑙𝑚−1 ≠ 0. At most one of any consecutive digits is nonzero.

Unique representation given k and w noted 𝑂𝐵𝐺

𝑥(𝑙).

𝑀𝑓𝑜𝑕𝑢ℎ 𝑂𝐵𝐺

𝑥 𝑙

= Length k + 1

Side Channel Attacks

SLIDE 20

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Width-w NAF algorithm:

Side Channel Attacks

Input: k positive integer, w Output: 𝑂𝐵𝐺

𝑥 𝑙

𝑗 ← 0 While 𝑙 ≥ 0 do : if k is odd then 𝑙𝑗 ← 𝑙 𝑛𝑝𝑒𝑡 2𝑥, 𝑙 ← 𝑙 − 𝑙𝑗 else 𝑙𝑗 ← 0 𝑙 ←

𝑙 2 , 𝑗 ← i + 1

Return 𝑂𝐵𝐺

𝑥 𝑙 = (𝑙𝑗−1… 𝑙0)

mods is a function that keeps 𝑙𝑗 ∈ −2𝑥−1 , 2𝑥−1 − 1

SLIDE 21

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Window NAF method for point multiplication algorithm:

Side Channel Attacks

Input: k positive integer, w, 𝑄 ∈ 𝐹 F𝑟 Output: 𝑙𝑄 Calculate 𝑂𝐵𝐺𝑥 𝑙 Compute and store all 𝑄

𝑗 = 𝑗𝑄 ∀𝑗 𝑝𝑒𝑒 𝑏𝑜𝑒 𝑗 < 2𝑥−1

𝑅 ← ∞ For i from l-1 downto 0 do : 𝑅 ← 2𝑅 if 𝑙𝑗 ≠ 0 then if 𝑙𝑗 > 0 then 𝑅 ← 𝑅 + 𝑄𝑙𝑗 else 𝑅 ← 𝑅 − 𝑄−𝑙𝑗

SLIDE 22

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Window NAF method for point multiplication algorithm:

Side Channel Attacks

Input: k positive integer, w, 𝑄 ∈ 𝐹 F𝑟 Output: 𝑙𝑄 Calculate 𝑂𝐵𝐺𝑥 𝑙 Compute and store all 𝑄

𝑗 = 𝑗𝑄 ∀𝑗 𝑝𝑒𝑒 𝑏𝑜𝑒 𝑗 < 2𝑥−1

𝑅 ← ∞ For i from l-1 downto 0 do : 𝑅 ← 2𝑅 if 𝑙𝑗 ≠ 0 then if 𝑙𝑗 > 0 then 𝑅 ← 𝑅 + 𝑄𝑙𝑗 else 𝑅 ← 𝑅 − 𝑄−𝑙𝑗

Faster computation of kP.
Is it safe against SPA?

SLIDE 23

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Cryptographic device STM32L053R8 Nucleo [3]
Make the led twinkle.

SLIDE 24

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Measurement Setup: Digital Sampling Oscilloscope. [2]
Records the power consumption.
3 characteristics :
Input Bandwidth: difference between the highest and the lowest frequency component.

1GHz

Sampling rate: Number of points recorded per second.
Resolution: conversion between time-discrete signal into time and value-discrete. 8bits

means each value is mapped to one of 256 possible value.

Side Channel Attacks

SLIDE 25

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Application

𝜈𝑂𝑏𝐷𝑚 is an ongoing library made for ECC.
The core coded by P. Schwabe & M. Hutter.
The standalone Curve25519 implementation for ARM Cortex-M0 coded by B.

Haase & A. H. Sánchez.

Few problems at compilation that were surpassed.

SLIDE 26

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Width-w NAF coded for keys of 255 bits and w between 2 and 8.
Basic operation used.
Some optimisation with the size of 𝑂𝐵𝐺

2 𝑙 .

Application

SLIDE 27

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

SLIDE 28

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Started coding window NAF method for point multiplication.
Noticed that Curve25519 coded in 𝜈𝑂𝑏𝐷𝑚 has no Y projective coordinate.
No subtraction because -(X,Y,Z)=(X,-Y,Z).
Curve25519 is a Montgomery curve. [4]
Curve25519 is defined over the quadratic extension of the prime field

F 2255−19

Application

𝑁

𝐵,𝐶: 𝐶𝑧2 = 𝑦3 + 𝐵𝑦2 + 𝑦 𝑥ℎ𝑓𝑠𝑓 𝐵, 𝐶 ∈ F𝑟 𝑏𝑜𝑒 𝐶 𝐵2 − 4 ≠ 0

𝐷𝑣𝑠𝑤𝑓25519: 𝑧2 = 𝑦3 + 486662𝑦2 + 𝑦

SLIDE 29

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Montgomery coordinates (X:Z).
Try coding the radix-8 algorithm.
Non-possibility because of the use of differential addition.
Differential addition 𝑄 + 𝑅 requires the presence of 𝑄, 𝑅 𝑏𝑜𝑒 𝑄 − 𝑅.
On a Montgomery curve:
𝑦𝑄+𝑅𝑦 𝑄−𝑅

𝑦𝑄 − 𝑦𝑅

2 = 𝑦𝑄𝑦𝑅 − 1 𝑗𝑔 𝑄 ≠ 𝑅

4𝑦 2 𝑄𝑦𝑄 𝑦𝑄

2 + 𝐵𝑦𝑄 + 1 = 𝑦𝑄 2 − 1 2 𝑗𝑔 𝑄 = 𝑅

Application

SLIDE 30

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

How to use the differential addition?
Secure Montgomery ladder algorithm:

Application

Input : 𝑙 = 𝑙𝑚−1𝑙𝑚−2 … 𝑙0 𝑏𝑜𝑒 𝑙𝑚−1 = 1, 𝑄 ∈ 𝐹(F𝑞) Output: kP 𝑅 = 𝑅0, 𝑅1 ← 𝑄, 2 𝑄 For i from l-2 to 0 do If ki = 1 then Q ← (𝑅0+𝑅1, 2 𝑅1) else Q ← ( 2 𝑅0, 𝑅0+𝑅1) Return 𝑅0

SLIDE 31

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Combining algorithms : working idea but w-1 additional point storing and w-1

additional point addition in each loop.

Example: width-2 NAF & Montgomery ladder algorithm:

Application

Input : 𝑙 = 𝑙𝑚−1𝑙𝑚−2 … 𝑙0 𝑏𝑜𝑒 𝑙𝑚−1 = 1, 𝑄 ∈ 𝐹(F𝑞) Output: kP Compute 𝑂𝐵𝐺2 𝑙 𝑅 = 𝑅0, 𝑅1, 𝑅2 ← 𝑄, 2 𝑄, ∞ For i form length(𝑂𝐵𝐺2 𝑙 )-2 to 0 do If ki = 1 then Q ← (𝑅0+𝑅1, 2 𝑅1, 𝑅2 + 𝑅1) elsif ki = 0 then Q ← ( 2 𝑅0, 𝑅0+𝑅1, 𝑅2 + 𝑅0) else Q ← (𝑅0 + 𝑅2, 𝑅1+𝑅2, [2]𝑅2) Return 𝑅0

SLIDE 32

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

Thank you for your attentio ion

SLIDE 33

𝑧2 = 𝑦3 − 𝑦

𝑄 𝑆

References

[1] D. Hankerson, A. Menezes and S. Vanstone. Guide to Elliptic Curve Cryptography. Springer,

2004

[2] S. Mangard, E. Oswald and T. Popp. Power Analysis Attacks: Revealing the Secrets of

Smart Cards. Springer, 2007.

[3] STM32L053R8. URL: https://www.st.com/en/microcontrollers/stm32l053r8.html.
[4] C. Costello and B. Smith. Montgomery curves and their arithmetic: The case of large

characteristics fields. 2017. URL: https://arxiv.org/pdf/1703.01863.pdf.

[5] T. Chabrier. Arithmetic recodings for ECC cryptoprocessors with protection against side-

channel attacks. 2013. URL: https://www.theses.fr/174580924