Side-Channel Analysis on Blinded Regular Scalar Multiplications - - PowerPoint PPT Presentation

Thales Communications & Security

Side-Channel Analysis on Blinded Regular Scalar Multiplications

Benoit Feix Mylène Roussellet Alexandre Venelli

2 / 2 /

Référence / date

Target of our paper

• Elliptic Curve Cryptosystems (ECC) implemented on

embedded devices by industrials

• Use of international standards like NIST FIPS186-2 or SEC2
• We are looking for their resistance against non-profiled

side-channel attacks

• The attacker has no access to an open device
• Template attacks → talk « Online Template Attacks »
• More restrictive from an adversary point of view, hence

generally more difficult to mount on protected devices

• We propose an new attack path on a industrially

standard implementation of scalar multiplication algorithm resistant against previously known non- profiled attacks

Thales Communications & Security

3 / 3 /

Référence / date

Target of our paper

• Example of targeted implementation :
• Elliptic curve NIST P-192
• SSCA-resistance
• Double-and-add-always
• DSCA-resistance
• Input point blinding : randomized projective coordinates
• Exponent blinding : add a random multiple of the curve's order
• 𝑹 = 𝒆 𝑸

Thales Communications & Security

4 / 4 /

Référence / date

Agenda

1.

Background: side-channel attacks, ECC

2.

Attack strategy

1.

Weakness of the scalar blinding

2.

Attack with known input

3.

Attack on a fully protected algorithm

3.

Experimental results

4.

Countermeasures

5.

Conclusion

Thales Communications & Security

5 / 5 /

Référence / date

Different flavors of side-channel attacks

• Non-profiled side-channel analysis categories :
• Vertical correlation attacks
• The original CPA from Brier et al. CHES 2004
• Horizontal correlation attacks
• Attack against exponentiation with known inputs from Clavier et al. ICS 2010
• Vertical collision-correlation attacks
• Attack against simple first-order masked AES from Clavier et al. CHES 2011
• Attack against multiply-always exponentiation with blinded inputs from

Witteman CT-RSA 2011

• Horizontal collision-correlation attacks
• The classical Big-Mac attack from Walter CHES 2001
• Attack against atomic implementations of ECC from Bauer et al. 2013
• Attack against blinded exponentiations from Clavier et al. INDOCRYPT 2012

Thales Communications & Security

6 / 6 /

Référence / date

Side-channel resistant scalar multiplication

• SSCA resistance :
• Regular algorithms
• Montgomery ladder, double-and-add-always, Joye's double-add, co-Z

algorithms

• Unified addition formulas
• Same formula used for both point addition and point doubling
• Inefficient on standardized curves, only relevant for particular curve families :

Edwards, Huff, …

• Atomicity
• The point addition and point doubling are computed using the same sequence
• f finite field operations, hence using dummy operations

Thales Communications & Security

7 / 7 /

Référence / date

Side-channel resistant scalar multiplication

• DSCA resistance
• Scalar blinding
• 𝑒′ = 𝑒 + 𝑠. #𝐹
• Add a random multiple of the curve's order to the secret scalar
• Scalar splitting
• Several methods : additive, multiplicative, Euclidean
• The most efficient, the Euclidean, consists in 𝑒′ = 𝑒/𝑠 . 𝑠 + (𝑒 𝑛𝑝𝑒 𝑠)
• Randomized projective points
• An affine point 𝑄 = (𝑦, 𝑧) can be represented in Jacobian coordinates as

(𝜇2𝑦, 𝜇3𝑧, 𝜇) for any non-zero 𝜇

Thales Communications & Security

8 / 8 /

Référence / date

Side-channel resistant scalar multiplication

• Double-and-add-always

Thales Communications & Security

• Randomized projective points
• Scalar blinding

9 / 9 /

Référence / date

Agenda

1.

Background: side-channel attacks, ECC

2.

Attack strategy

1.

Weakness of the scalar blinding

2.

Attack with known input

3.

Attack on a fully protected algorithm

3.

Experimental results

4.

Countermeasures

5.

Conclusion

Thales Communications & Security

10 / 10 /

Référence / date

Attack strategy

Attack in 3 steps

1.

Exploit weakness in the scalar blinding CM



Vertical attack  Middle part of the scalar

2.

Recover the random used for the blinding



Horizontal attack  MS part of the scalar

3.

Find the remaining bits



Vertical attack  LS part of the scalar

Thales Communications & Security

11 / 11 /

Référence / date

Weakness in blinded scalars

• A possible weakness in the scalar blinding technique

has been noted by Joye, Ciet since CHES 2003

𝑒′ = 𝑒 + 𝑠. #𝐹

Thales Communications & Security

• Example taken from Marc Joye’s slides on ECC in the

presence of faults

• The same weakness has also been noted by Smart,

Oswald, Page in IET Information Security 2008

12 / 12 /

Référence / date

Weakness in blinded scalars

• Both remark that the middle part of 𝑒′ is correlated to

the most significant part of 𝑒

• However no key recovery attack path was found.

Concerns were raised about the use of scalar blinding

• We provide a full key recovery attack exploiting this

weakness and we show the limits of this CM

Thales Communications & Security

13 / 13 /

Référence / date

Classification of sparse order groups

• Hasse’s theorem:
• 𝒐 = #𝑭(𝑮𝒒) then

𝒒 − 𝟐 𝟑 ≤ 𝒐 ≤ 𝒒 + 𝟐 𝟑

• 𝒐 is close to the value of 𝒒
• NIST FIPS186-2
• Curves defined over the primes: 𝑞192, 𝑞224, 𝑞256, 𝑞384, 𝑞521
• Hence their orders are also sparse
• 3 categories of curves
• Type-1: the order has a large pattern of ones,
• Type-2: the order has a large pattern of zeros,
• Type-3: the order has a combination of large patterns of both
• nes and zeros

Thales Communications & Security

14 / 14 /

Référence / date

Classification of sparse order groups

• Notation: 1 𝑏,𝑐  a pattern of 1 bits from the bit position

𝑏 to 𝑐. Respectively for 0 𝑏,𝑐

• Types of 𝑙-bit curve orders 𝑜:
• Type-1: 𝒐 = 𝟐 𝒍−𝟐,𝒃 + 𝒚 with 𝒍 − 𝟐 > 𝒃 and 𝟏 ≤ 𝒚 < 𝟑𝒃
• Type-2: 𝒐 = 𝟑𝒍−𝟐 + 𝟏 𝒍−𝟑,𝒃 + 𝒚 with 𝒍 − 𝟑 > 𝒃 and 𝟏 ≤ 𝒚 < 𝟑𝒃
• Type-3: 𝒐 = 𝟐 𝒍−𝟐,𝒃 + 𝟏 𝒃−𝟐,𝒄 + 𝟐 𝒄−𝟐,𝒅 + 𝒚 with 𝒍 − 𝟐 > 𝒃 > 𝒄 >

𝒅 and 𝟏 ≤ 𝒚 < 𝟑𝒅

• Examples with standard curves:
• Type-1: 𝒐 = 𝟐 𝟐𝟘𝟐,𝟘𝟕 + 𝒚 (NIST P-192)
• Type-2: 𝒐 = 𝟑𝟑𝟑𝟔 + 𝟏 𝟑𝟑𝟓,𝟐𝟐𝟓 + 𝒚 (SECP224k1)
• Type-3: 𝒐 = 𝟐 𝟑𝟔𝟔,𝟑𝟑𝟓 + 𝟏 𝟑𝟑𝟒,𝟐𝟘𝟑 + 𝟐 𝟐𝟘𝟐,𝟐𝟑𝟗 + 𝒚 (NIST P-256)

Thales Communications & Security

15 / 15 /

Référence / date

Random multiple of the order

• 𝑠 ∈ [1,2𝑛 − 1] an 𝑛-bit random used for the scalar blinding
• Representations of 𝑠. 𝑜 :
• Type-1: 𝒔. 𝒐 =

𝒔𝟐. 𝟑𝒍 + 𝟐 𝒍−𝟐,𝒃+𝒏 + 𝒚

• Type-2: 𝒔. 𝒐 = 𝒔. 𝟑𝒍 + 𝟏 𝒍−𝟐,𝒃+𝒏 + 𝒚
• Type-3: 𝒔. 𝒐 =

𝒔𝟐. 𝟑𝒍 + 𝟐 𝒍−𝟐,𝒃+𝒏 + 𝒔𝟏. 𝟑𝒃+𝒏 + 𝟏 𝒃−𝟐+𝒏,𝒄+𝒏 + 𝒔𝟐. 𝟑𝒄+𝒏 + 𝟐 𝒄−𝟐+𝒏,𝒅+𝒏 + 𝒚

• The patterns of zeros and ones are reduced by 𝑛 bits
• The values

𝑠

1 and

𝑠

0 are directly related to 𝑠 and 𝑛

• See paper for details

Thales Communications & Security

16 / 16 /

Référence / date

Adding the scalar to the random mask

• Representations of 𝑒′ with the 3 types :
• Type-1: 𝐞′ = (

𝒔𝟐 + 𝟐). 𝟑𝒍 + 𝒆 𝒍−𝟐,𝒃+𝒏 + 𝒚

• Type-2: 𝐞′ = 𝒔. 𝟑𝒍 + 𝒆 𝒍−𝟐,𝒃+𝒏 + 𝒚
• Type-3: 𝐞′ = (

𝒔𝟐 + 𝟐). 𝟑𝒍 + 𝒆 𝒍−𝟐,𝒃+𝒏 + 𝒔𝟏. 𝟑𝒃+𝒏 + 𝒆 𝒃−𝟐+𝒏,𝒄+𝒏 + ( 𝒔𝟐 + 𝟐). 𝟑𝒄+𝒏 + 𝒆 𝒄−𝟐+𝒏,𝒅+𝒏 + 𝒚

• We clearly distinguish the non-masked part of 𝑒′

Thales Communications & Security

Non-masked

17 / 17 /

Référence / date

Agenda

1.

Background: side-channel attacks, ECC

2.

Attack strategy

1.

Weakness of the scalar blinding

2.

Attack with known input

3.

Attack on a fully protected algorithm

3.

Experimental results

4.

Countermeasures

5.

Conclusion

Thales Communications & Security

18 / 18 /

Référence / date

Attack on a blinded scalar multiplication with known input

• First, simpler scenario, the input point is known, i.e. not

masked

• Notations: {𝐷 1 , … , 𝐷 𝑂 } be 𝑂 side-channel traces

corresponding to the computations 𝑒′ 𝑗 𝑄(𝑗) where 𝑒′(𝑗) = 𝑒 + 𝑠(𝑗). 𝑜

• We consider random factors 𝑠(𝑗) ∈ [1,2𝑛−1]

Thales Communications & Security

19 / 19 /

Référence / date

Attack step 1

• Goal: find the non-masked part of 𝑒′
• Let 𝜀 be the bit-length of this non-masked part noted

𝑒 = 𝑒 𝑏,𝑐 with 𝜀 = (𝑏 − 𝑐)

• Most significant part of 𝑒′ unknown
•  Vertical collision-correlation

Thales Communications & Security

𝒔𝟐 + 𝟐 𝒆 𝒆 + 𝒔. 𝒐

𝑙 + 𝑛 𝑙 𝑏 + 𝑛

𝒆′

Type-1

20 / 20 /

Référence / date

Attack step 1

• Collision in the double-and-add-always
• If 𝑒𝑘 = 0
• 𝑺𝟏 ← 𝟑 𝑺𝟏
• 𝑺𝟐 ← 𝑺𝟏 + 𝑸
• 𝑺𝟏 ← 𝟑 𝑺𝟏
• No collision if 𝑒𝑘 = 1

Thales Communications & Security

(𝒌 + 𝟐) turn

Notation: 𝐽𝑜 𝐹𝐷𝐵𝐸𝐸 𝑘 = 𝐽𝑜(𝐹𝐷𝐸𝐶𝑀(𝑘 + 1))

𝒌 turn collision

21 / 21 /

Référence / date

Attack step 1

• To find

𝑒𝑘 , 0 < 𝑘 < 𝜀 :

• Let 𝑢0 be the time sample of the side-channel trace that

corresponds to 𝐽𝑜(𝐹𝐷𝐵𝐸𝐸 𝑘 )

• Construct 𝚰𝟏 = 𝐃 𝐣 𝐮𝟏

𝟐≤𝐣≤𝑶

• Let 𝒖𝟐 be the time sample of 𝐽𝑜(𝐹𝐷𝐸𝐶𝑀 𝑘 + 1 )
• Construct 𝚰𝟐 = 𝐃 𝐣 𝐮𝟐

𝟐≤𝐣≤𝑶

• Perform a collision-correlation 𝝇(𝚰𝟏, 𝚰𝟐)
• The correlation will be maximal when

𝑒𝑘 = 0

• For Type-3 curves, repeat the attack on all non-masked

parts of 𝑒′

Thales Communications & Security

22 / 22 /

Référence / date

Attack step 2

• Goal: retrieve the random masks 𝑠(𝑗)
• The random values need to be retrieved from each

traces 𝐷(𝑗), 1 ≤ 𝑗 ≤ 𝑂

• The random is present in the most significant part of

the blinded scalars

• As the input point is known
•  Horizontal correlation attack

Thales Communications & Security

𝒔𝟐 + 𝟐 𝒆 𝒆 + 𝒔. 𝒐

𝑙 + 𝑛 𝑙 𝑏 + 𝑛

𝒆′

Type-1 known

23 / 23 /

Référence / date

Attack step 2

• To retrieve 𝑠(𝑗) :
• Try all 𝒏-bit values of 𝑠(𝑗)
• A guess on 𝑠(𝑗) directly gives a guess on the most significant part of 𝑒′(𝑗)
• Let

𝒔 be the guess on 𝑠(𝑗). It gives a sequence of elliptic curve

• perations that should appear at the start of 𝑫(𝒋). Since 𝑸(𝒋) is

known, the attacker can compute the sequence and obtain 𝜽 = 𝟑(𝒏 + 𝜺) intermediate points

• Choose a leakage function 𝑴 (e.g. Hamming weight) and compute

some predicted values derived from the 𝜽 points 𝑼𝒌, 𝟐 ≤ 𝒌 ≤ 𝜽

• Construct 𝚰𝟐 = 𝐦𝐤 𝟐≤𝐤≤𝜽 with 𝒎𝒌 = 𝑴(𝑼𝒌)
• Construct 𝚰𝟏 = 𝐩𝐤 𝟐≤𝐤𝜽 with 𝒑𝒌 the identified points of interest

related to 𝑼𝒌 on the trace 𝑫(𝒋)

• Compute the correlation 𝝇(𝚰𝟏, 𝚰𝟐)
• If

𝑠 is correct, maximal correlation

Thales Communications & Security

24 / 24 /

Référence / date

Attack step 3

• Goal: recover the least significant part of 𝑒
• We already know
• The most significant bits of 𝑒 (Step 1)
• The random values 𝑠(𝑗), 𝟐 ≤ 𝒋 ≤ 𝑶 (Step 2)
• By guessing 𝑥 unknown bits of 𝑒, we can compute

guessed blinded scalars 𝑒′(𝑗)

• As we know the input point
•  Vertical correlation attack

Thales Communications & Security

𝒔𝟐 + 𝟐 𝒆 𝒆 + 𝒔. 𝒐

𝑙 + 𝑛 𝑙 𝑏 + 𝑛

𝒆′

Type-1 known

25 / 25 /

Référence / date

Attack step 3

• To find 𝑥 unknown bits of 𝑒 :
• Guess 𝒙 bits and compute the guessed blinded scalars

𝑒′(𝑗), 1 ≤ 𝑗 ≤ 𝑂

• Choose a leakage function 𝑴
• For the 𝒋-th trace, compute predicted values 𝒎𝒌

(𝒋) = 𝑴(𝑼𝒌 𝒋 ) from

the 𝜽 = 𝟑𝒙 intermediate points 𝑼𝒌

(𝒋)

• Construct 𝚰𝟐 = 𝒎𝒌

𝒋 𝒋,𝒌 with 𝟐 ≤ 𝒋 ≤ 𝑶 and 𝟐 ≤ 𝒌 ≤ 𝜽

• Construct 𝚰𝟏 = 𝐩𝐤

𝐣 𝐣,𝐤 where 𝐩𝐤 𝐣 is the time sample

corresponding to the processing of 𝑼𝒌

(𝒋)

• Compute the correlation 𝝇(𝚰𝟏, 𝚰𝟐)
• Maximal correlation when the 𝑥 guessed bits are correct

Thales Communications & Security

26 / 26 /

Référence / date

Agenda

1.

Background: side-channel attacks, ECC

2.

Attack strategy

1.

Weakness of the scalar blinding

2.

Attack with known input

3.

Attack on a fully protected algorithm

3.

Experimental results

4.

Countermeasures

5.

Conclusion

Thales Communications & Security

27 / 27 /

Référence / date

Attack on a protected scalar multiplication

• On most state-of-the-art industrial implementations:
• SPA-resistant algorithm
• DSCA protections on the scalar and the input point
• We apply the same attack strategy in the case where

the input is unknown, i.e. masked

Thales Communications & Security

28 / 28 /

Référence / date

Attack step 1

• Step 1: Vertical collision-correlation
• Input point not needed
• Same attack in the unknown input point case

Thales Communications & Security

𝒔𝟐 + 𝟐 𝒆 𝒆 + 𝒔. 𝒐

𝑙 + 𝑛 𝑙 𝑏 + 𝑛

𝒆′

Type-1

29 / 29 /

Référence / date

Attack step 2

• Step 2: Horizontal correlation not possible anymore
•  Horizontal collision-correlation

Thales Communications & Security

𝒔𝟐 + 𝟐 𝒆 𝒆 + 𝒔. 𝒐

𝑙 + 𝑛 𝑙 𝑏 + 𝑛

𝒆′

Type-1 known

30 / 30 /

Référence / date

Attack step 2

• Collision in the double-and-add-always

Thales Communications & Security

• If 𝑒𝑘 = 1
• 𝑺𝟏 ← 𝟑 𝑺𝟏
• 𝑺𝟏 ← 𝑺𝟏 + 𝑸
• 𝑺𝟏 ← 𝟑 𝑺𝟏

(𝒌 + 𝟐) turn 𝒌 turn collision

• If 𝑒𝑘 = 0
• 𝑺𝟏 ← 𝟑 𝑺𝟏
• 𝑺𝟐 ← 𝑺𝟏 + 𝑸
• 𝑺𝟏 ← 𝟑 𝑺𝟏

(𝒌 + 𝟐) turn 𝒌 turn collision

31 / 31 /

Référence / date

Attack step 2

• To retrieve 𝑠(𝑗) :
• Try all possible 𝒏-bit values of 𝑠(𝑗)
• Guessed random

𝒔  sequence of (𝒏 + 𝜺) guessed EC operations

• Construct 𝚰𝟏 = 𝑫 𝒋

𝒖𝟏

𝒀 𝒌

, 𝑫 𝒋 𝒖𝟏

𝒁 𝒌

, 𝑫 𝒋 𝒖𝟏

𝒂 𝒌 𝟐≤𝒌≤(𝒏+𝜺) where

𝒖𝟏

𝒀 𝒌 =

𝑷𝒗𝒖𝒀 𝑭𝑫𝑩𝑬𝑬 𝒌 if 𝒆𝒌

′ = 𝟐

𝑱𝒐𝒀 𝑭𝑫𝑩𝑬𝑬 𝒌 if 𝒆𝒌

′ = 𝟏

• Construct 𝚰𝟐 = 𝑫 𝒋

𝒖𝟐

𝒀 𝒌

, 𝑫 𝒋 𝒖𝟐

𝒁 𝒌

, 𝑫 𝒋 𝒖𝟐

𝒂 𝒌 𝟐≤𝒌≤(𝒏+𝜺) where

𝒖𝟐

𝒀 𝒌 = 𝑱𝒐𝒀(𝑭𝑫𝑬𝑪𝑴 𝒌 + 𝟐 )

• Compute the correlation 𝝇 𝚰𝟏, 𝚰𝟐
• Correctly guessed

𝑠 gives the maximal correlation

Thales Communications & Security

32 / 32 /

Référence / date

Attack step 3

• Step 3: Vertical correlation not possible anymore
•  Vertical collision-correlation

Thales Communications & Security

𝒔𝟐 + 𝟐 𝒆 𝒆 + 𝒔. 𝒐

𝑙 + 𝑛 𝑙 𝑏 + 𝑛

𝒆′

Type-1 known

33 / 33 /

Référence / date

Attack step 3

• To find 𝑥 unknown bits of 𝑒 :
• Guess 𝒙 bits and compute the guessed blinded scalars

𝑒′(𝑗), 1 ≤ 𝑗 ≤ 𝑂

• Construct collision vectors 𝚰𝟏 and 𝚰𝟐 similarly to the previous

attack step. Consider that 𝒗 ≤ 𝜺 bits of 𝒆 are already known, the vectors size is then 𝒏 + 𝒗 + 𝒙 𝑶

• Compute the correlation 𝝇 𝚰𝟏, 𝚰𝟐
• Maximal correlation for the correctly guessed 𝑥 bits

Thales Communications & Security

34 / 34 /

Référence / date

Agenda

1.

Background: side-channel attacks, ECC

2.

Attack strategy

1.

Weakness of the scalar blinding

2.

Attack with known input

3.

Attack on a fully protected algorithm

3.

Experimental results

4.

Countermeasures

5.

Conclusion

Thales Communications & Security

35 / 35 /

Référence / date

Experimentations

• Simulated power traces considering the following

implementation

• NIST P-192
• Double-and-add-always
• Jacobian projective coordinates with formulas add-2007-bl and dbl-

2007-bl from

• Bernstein, D.J., Lange, T.: Explicit-formulas database.

http://hyperelliptic.org/EFD/g1p/auto-shortw.html

• Random sizes of 8-bit and 16-bit to obtain reasonable

computational times and to repeat our simulations for consistency

• We consider the Hamming weight of 32-bit words as leakage

model

• Gaussian noise with standard deviation 𝜏 is added
• The Pearson coefficient is used

Thales Communications & Security

36 / 36 /

Référence / date

Simulated attack results on known input points

• Step 1: Vertical collision-correlation
• Tested using sets of 500 and 1000 traces

Thales Communications & Security

500 traces 1000 traces

37 / 37 /

Référence / date

Simulated attack results on known input points

• Step 2: Horizontal correlation
• Only need one trace
• Success rate depends on 𝑛 and 𝜏
• Larger random gives better results but larger computational

time

• Step 3: Vertical correlation
• Tested using sets of 500 and 1000 traces

Thales Communications & Security

38 / 38 /

Référence / date

Simulated attack results on known input points

• Summary

Thales Communications & Security

39 / 39 /

Référence / date

Simulated attack results on unknown input points

• Step 1: Vertical collision-correlation
• Same as in the previous scenario
• Step 2: Horizontal collision-correlation
• Success rate drops quicker than other attacks due to the limited

number of time samples

• Contrary to vertical attacks, this number is fixed regardless of

the noise level

• Step 3: Vertical collision-correlation
• Very efficient even for high 𝝉

Thales Communications & Security

40 / 40 /

Référence / date

Simulated attack results on known input points

• Summary

Thales Communications & Security

• Unknown input point
• Full scalar recovery for noise levels up to 𝝉 ≈ 𝟔
• Known input point
• Full scalar recovery for noise levels up to 𝝉 ≈ 𝟐𝟏

41 / 41 /

Référence / date

Agenda

1.

Background: side-channel attacks, ECC

2.

Attack strategy

1.

Weakness of the scalar blinding

2.

Attack with known input

3.

Attack on a fully protected algorithm

3.

Experimental results

4.

Countermeasures

5.

Conclusion

Thales Communications & Security

42 / 42 /

Référence / date

Countermeasures

• Scalar splitting
• Euclidean splitting is the best choice
• Often disregarded by developers as it is less efficient than

scalar blinding with small random sizes

• Scalar blinding with larger random
• The choice for the size 𝒏 of the random depends on
• The largest pattern size amongst all curves’ order implemented
• The maximal brute force capability of the attacker
• Depending on this new value for 𝒏, the overhead needs to be

compared to the overhead of the Euclidean splitting (1.5)

• Atomic algorithm and unified formulas
• Most state-of-the-art implementations have been attacked by

Bauer et al. SAC 2013

Thales Communications & Security

43 / 43 /

Référence / date

Applicability to other regular algorithms

• Our attack paths also apply to
• Montgomery ladder
• Joye’s double-add
• Only modification is on the choice of the collision

variables that differs for each algorithm

• Does not work on the right-to-left binary algorithm lastly

improved in

• Joye, M., Karroumi, M.: Memory-efficient fault countermeasures
• Smart Card Research and Advanced Applications, 2011
• Details in the extended version of the paper
• ePrint 2014/191

Thales Communications & Security

44 / 44 /

Référence / date

Agenda

1.

Background: side-channel attacks, ECC

2.

Attack strategy

1.

Weakness of the scalar blinding

2.

Attack with known input

3.

Attack on a fully protected algorithm

3.

Experimental results

4.

Countermeasures

5.

Conclusion

Thales Communications & Security

45 / 45 /

Référence / date

Conclusion

• We exploited a weakness in the scalar blinding to

mount a full key-recovery attack on state-of-the-art protected scalar multiplications

• Our attack paths have good success rates even for high

noise levels

• Known input:

up to 𝝉 ≈ 𝟐𝟏

• Unknown input: up to 𝝉 ≈ 𝟔
• Safe solution:
• Any regular algorithm
• Any input point randomization CM
• Use Euclidean splitting as scalar randomization CM

Thales Communications & Security

46 / 46 /

Référence / date

Thanks for your attention

Thales Communications & Security