Advertisement

Journal of Hardware and Systems Security

, Volume 2, Issue 4, pp 297–313 | Cite as

Exploring RFC 7748 for Hardware Implementation: Curve25519 and Curve448 with Side-Channel Protection

  • Pascal SasdrichEmail author
  • Tim Güneysu
Article
  • 139 Downloads

Abstract

Recent revelations on manipulations and back-doors in modern ECC have initiated the revision of existing schemes and led to the selection of two new solutions for next-generation TLS proposed in RFC 7748: Curve25519 and Curve448. Unfortunately, both curves were designed and optimized primarily for software implementations; their implementation in hardware and physical protection against SCA has been neglected during the design phase. In this work, we demonstrate that both curves can indeed be efficiently and securely mapped to hardware structures of modern FPGAs while including advanced protection mechanisms against physical attacks and still providing high performance and throughput. In particular, our Curve25519 architecture provides more than 1 700 point multiplications per second, using only 1 006 logic slices (LSs) and 20 digital signal processors (DSPs) of a mid-range Xilinx XC7Z020 FPGA. Furthermore, our Curve448 architecture still achieves more than 600 operations per second at a significantly higher security level of 224 bits, using not more than 1 985 LSs and 33 DSPs on the same device. In addition, we performed a practical, test-based leakage assessment for both architectures. More precisely, we investigated the detection of scalar- and base-point-dependable leakage individually while our designs were incorporated scalar blinding and point randomization countermeasures. Eventually, our findings prove with high confidence, that we cannot detect any scalar- and base-point-dependable leakage even after evaluating 1 000 000 power measurements.

Keywords

ECC RFC7748 TLS Curve25519 Curve448 SCA FPGA 

References

  1. 1.
    Agrawal D, Archambeault B, Rao JR, Rohatgi P (2002) The EM side-channel(s). In: 4th International workshop on cryptographic hardware and embedded systems - CHES 2002. Redwood Shores, CA, USA, Revised Papers, pp 29–45Google Scholar
  2. 2.
    Alrimeih H, Rakhmatov DN (2014) Fast and flexible hardware support for ECC over multiple standard prime fields. IEEE Trans VLSI Syst 22(12):2661–2674CrossRefGoogle Scholar
  3. 3.
    Bernstein DJ (2006) Curve25519: new Diffie-Hellman speed records. In: 9th International Conference on theory and practice of public-key cryptography on public key cryptography - PKC 2006. New York, NY, USA, April 24-26, 2006, proceedings, volume 3958 of lecture notes in computer science. Springer, pp 207–228Google Scholar
  4. 4.
    Coron J-S (1999) Resistance against differential power analysis for elliptic curve cryptosystems. In: 1st International workshop on cryptographic hardware and embedded systems - CHES 1999. Worcester, MA, USA, August 12-13, 1999, proceedings, volume 1717 of lecture notes in computer science. Springer, pp 292–302Google Scholar
  5. 5.
    de Dormale GM, Quisquater J-J (2007) High-speed hardware implementations of elliptic curve cryptography: a survey. Journal of Systems ArchitectureGoogle Scholar
  6. 6.
    Dugardin M, Papachristodoulou L, Najm Z, Batina L, Danger J-L, Guilley S (2016) Dismantling real-world ECC with horizontal and vertical template attacks. In: Constructive side-channel analysis and secure design - 7th international workshop, COSADE 2016, Graz, Austria, April 14-15, 2016, revised selected papers, volume 9689 of lecture notes in computer science. Springer, pp 88–108Google Scholar
  7. 7.
    Fan J, Xu G, De Mulder E, Schaumont P, Preneel B, Verbauwhede I (2010) State-of-the-art of secure ECC implementations: a survey on known side-channel attacks and countermeasures. In: IEEE International symposium on hardware oriented security and trust - HOST 2010, Anaheim Convention Center, CA, USA, June 13-14, 2010, proceedings. IEEE Computer Society, pp 76–87Google Scholar
  8. 8.
    Fan J, Verbauwhede I (2012) An updated survey on secure ECC implementations attacks, countermeasures and cost. In: Cryptography and security: from theory to applications - essays dedicated to Jean-Jacques Quisquater on the occasion of his 65th birthday, volume 6805 of lecture notes in computer science. Springer, pp 265–282Google Scholar
  9. 9.
    Güneysu T, Paar C (2008) Ultra high performance ECC over NIST primes on commercial FPGAs. In: 10th International workshop on cryptographic hardware and embedded systems - CHES 2008. Washington, D.C., USA, August 10-13, 2008, proceedings, volume 5154 of lecture notes in computer science. Springer, pp 62–78Google Scholar
  10. 10.
    Hamburg M (2015) Ed448-Goldilocks, a new elliptic curve. IACR Cryptology ePrint Archive, 2015:625. http://eprint.iacr.org/2015/625
  11. 11.
    Jȧrvinen K, Miele A, Azarderakhsh R, Patrick L (2016) Four\(\mathbb {Q}\) on FPGA: new hardware speed records for elliptic curve cryptography over large prime characteristic fields. In: 18th International conference on cryptographic hardware and embedded systems - CHES 2016. Santa Barbara, CA, USA, August 17-19, 2016, proceedings, volume 9813 of lecture notes in computer science. Springer, pp 517–537Google Scholar
  12. 12.
    Kocher PC (1996) Timing attacks on implementations of Diffie-Hellman, RSA, DSS, and other systems. In: 16th Annual international cryptology conference on advances in cryptology - CRYPTO ’96. Santa Barbara, California, USA, proceedings, pp 104–113Google Scholar
  13. 13.
    Kocher PC, Jaffe J, Jun B (1999) Differential power analysis. In: 19th Annual international cryptology conference on advances in cryptology - CRYPTO ’99. Santa Barbara, California, USA, Proceedings, pp 388–397Google Scholar
  14. 14.
    UEC Satoh Lab. Side-channel attack user reference architecture. http://satoh.cs.uec.ac.jp/SAKURA/index.html
  15. 15.
    Montgomery PL (1987) Speeding the Pollard and elliptic curve methods of factorization. Math Comput 48 (177):243–264MathSciNetCrossRefGoogle Scholar
  16. 16.
    De Mulder Elke, Ȯrs SB, Preneel B, Verbauwhede I (2007) Differential power and electromagnetic attacks on a FPGA implementation of elliptic curve cryptosystems. Comput Electric Eng 33(5–6):367–382CrossRefGoogle Scholar
  17. 17.
    Orlando G, Paar C (2001) A scalable GF(p) elliptic curve processor architecture for programmable hardware. In: 3rd International workshop on cryptographic hardware and embedded systems - CHES 2001. Paris, France, May 14-16, 2001, Proceedings, volume 2162 of lecture notes in computer science. Springer, pp 348–363Google Scholar
  18. 18.
    Örs SB, Batina L, Preneel B, Vandewalle J (2003) Hardware implementation of an elliptic curve processor over GF(p). In: 14th IEEE International conference on application-specific systems, architectures, and processors - ASAP 2003. The Hague, The Netherlands, June 24-26, 2003, Proceedings. IEEE Computer Society, pp 433–443Google Scholar
  19. 19.
    Poussier R, Zhou Y, Standaert F-X (2017) A systematic approach to the side-channel analysis of ECC implementations with worst-case horizontal attacks. In: 19th International conference on cryptographic hardware and embedded systems - CHES 2017. Taipei, Taiwan, September 25-28, 2017, Proceedings, volume 10529 of lecture notes in computer science. Springer, pp 534–554Google Scholar
  20. 20.
    Roy DB, Mukhopadhyay D, Izumi M, Takahashi J (2014) Tile before multiplication: an efficient strategy to optimize DSP multiplier for accelerating prime field ECC for NIST curves. In: The 51st Annual design automation conference 2014, DAC ’14. San Francisco, CA, USA, June 1-5, 2014, pp 177:1–177:6Google Scholar
  21. 21.
    Sakiyama K, Mentens N, Batina L, Preneel B, Verbauwhede I (2006) Reconfigurable modular arithmetic logic unit for high-performance public-key cryptosystems. In: 2nd International Symposium on reconfigurable computing: architectures, tools and applications - ARC 2006. Delft, The Netherlands, March 1-3, 2006, proceedings, volume 3985 of lecture notes in computer science. Springer, pp 347–357Google Scholar
  22. 22.
    Sasdrich P, Güneysu T (2014) Efficient elliptic-curve cryptography using Curve25519 on reconfigurable devices. In: 10th International Symposium on reconfigurable computing: architectures, tools and applications - ARC 2014. Vilamoura, Portugal, April 14-16, 2014, proceedings, volume 8405 of lecture notes in computer science. Springer, pp 25–36Google Scholar
  23. 23.
    Sasdrich P, Güneysu T (2015) Implementing Curve25519 for side-channel-protected elliptic curve cryptography. ACM Trans Reconfig Technol Syst - TRETS 9(1):3Google Scholar
  24. 24.
    Sasdrich P, Güneysu T (2017) Cryptography for next generation TLS - implementing the RFC 7748 elliptic Curve448 cryptosystem in hardware. In: Proceedings of the 54th design automation conference - DAC 2017. Austin, TX, USA, June 18-22, 2017. ACM, pp 1–6Google Scholar
  25. 25.
    Schindler W, Wiemers A (2015) Efficient side-channel attacks on scalar blinding on elliptic curves with special structure. In: NIST Workshop on ECC standardsGoogle Scholar
  26. 26.
    Tunstall M, Goodwill G (2016) Applying TVLA to public key cryptographic algorithms. IACR Cryptology ePrint Archive, 2016:513. http://eprint.iacr.org/2016/513

Copyright information

© Springer Nature Switzerland AG 2018

Authors and Affiliations

  1. 1.Horst Görtz Institute for IT-SecurityRuhr-Universität BochumBochumGermany

Personalised recommendations