Skip to main content
SpringerLink
Log in

An Updated Survey on Secure ECC Implementations: Attacks, Countermeasures and Cost

  • Chapter
Cryptography and Security: From Theory to Applications

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 6805))

Abstract

Unprotected implementations of cryptographic primitives are vulnerable to physical attacks. While the adversary only needs to succeed in one out of many attack methods, the designers have to consider all the known attacks, whenever applicable to their system, simultaneously. Thus, keeping an organized, complete and up-to-date table of physical attacks and countermeasures is of paramount importance to system designers. This paper summarises known physical attacks and countermeasures on Elliptic Curve Cryptosystems. For implementers of elliptic curve cryptography, this paper can be used as a road map for countermeasure selection in the early design stages.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Akishita, T., Takagi, T.: Zero-Value Point Attacks Elliptic Curve Cryptosystem. In: Boyd, C., Mao, W. (eds.) ISC 2003. LNCS, vol. 2851, pp. 218–233. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  2. Avanzi, R.: Side Channel Attacks on Implementations of Curve-Based Cryptographic Primitives. Cryptology ePrint Archive, Report 2005 /017, http://eprint.iacr.org/

  3. Avanzi, R.M., Cohen, H., Doche, C., Frey, G., Lange, T., Nguyen, K., Vercauteren, F.: Handbook of Elliptic and Hyperelliptic Curve Cryptography. CRC Press, Boca Raton (2005)

    Google Scholar 

  4. Baek, Y.-J., Vasyltsov, I.: How to Prevent DPA and Fault Attack in a Unified Way for ECC Scalar Multiplication – Ring Extension Method. In: Dawson, E., Wong, D.S. (eds.) ISPEC 2007. LNCS, vol. 4464, pp. 225–237. Springer, Heidelberg (2007)

    Chapter  Google Scholar 

  5. Biehl, I., Meyer, B., Müller, V.: Differential Fault Attacks on Elliptic Curve Cryptosystems. In: Bellare, M. (ed.) CRYPTO 2000. LNCS, vol. 1880, pp. 131–146. Springer, Heidelberg (2000)

    Chapter  Google Scholar 

  6. Blake, I., Seroussi, G., Smart, N., Cassels, J.W.S.: Advances in Elliptic Curve Cryptography. London Mathematical Society Lecture Note Series. Cambridge University Press, New York (2005)

    Book  MATH  Google Scholar 

  7. Blömer, J., Otto, M., Seifert, J.-P.: Sign Change Fault Attacks on Elliptic Curve Cryptosystems. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.-P. (eds.) FDTC 2006. LNCS, vol. 4236, pp. 36–52. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  8. Brier, E., Joye, M.: Weierstraß Elliptic Curves and Side-Channel Attacks. In: Naccache, D., Paillier, P. (eds.) PKC 2002. LNCS, vol. 2274, pp. 335–345. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  9. Chari, S., Rao, J.R., Rohatgi, P.: Template attacks. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 13–28. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  10. Chevallier-Mames, B., Ciet, M., Joye, M.: Low-Cost Solutions for Preventing Simple Side-Channel Analysis: Side-Channel Atomicity. IEEE Trans. Computers 53(6), 760–768 (2004)

    Article  Google Scholar 

  11. Ciet, M., Joye, M.: (Virtually) Free Randomization Techniques for Elliptic Curve Cryptography. In: Qing, S., Gollmann, D., Zhou, J. (eds.) ICICS 2003. LNCS, vol. 2836, pp. 348–359. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  12. Ciet, M., Joye, M.: Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults. Des. Codes Cryptography 36(1), 33–43 (2005)

    Article  MathSciNet  MATH  Google Scholar 

  13. Clavier, C., Feix, B., Gagnerot, G., Roussellet, M., Verneuil, V.: Horizontal Correlation Analysis on Exponentiation. In: Soriano, M., Qing, S., López, J. (eds.) ICICS 2010. LNCS, vol. 6476, pp. 46–61. Springer, Heidelberg (2010)

    Chapter  Google Scholar 

  14. Coron, J.: Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 292–302. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  15. Dominguez-Oviedo, A.: On Fault-based Attacks and Countermeasures for Elliptic Curve Cryptosystems. PhD thesis, University of Waterloo, Canada (2008)

    Google Scholar 

  16. Fan, J., Guo, X., De Mulder, E., Schaumont, P., Preneel, B., Verbauwhede, I.: State-of-the-art of Secure ECC Implementations: A Survey on Known Side-channel Attacks and Countermeasures. In: HOST, pp. 76–87. IEEE Computer Society, Los Alamitos (2010)

    Google Scholar 

  17. Fouque, P., Lercier, R., Réal, D., Valette, F.: Fault Attack on Elliptic Curve Montgomery Ladder Implementation. In: Fifth International Workshop on Fault Diagnosis and Tolerance in Cryptography - FDTC, pp. 92–98 (2008)

    Google Scholar 

  18. Fouque, P., Réal, D., Valette, F., Drissi, M.: The Carry Leakage on the Randomized Exponent Countermeasure. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 198–213. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  19. Fouque, P.-A., Valette, F.: The Doubling Attack – Why Upwards Is Better than Downwards. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 269–280. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  20. Giraud, C.: An RSA Implementation Resistant to Fault Attacks and to Simple Power Analysis. IEEE Trans. Computers 55(9), 1116–1120 (2006)

    Article  Google Scholar 

  21. Goubin, L.: A Refined Power-Analysis Attack on Elliptic Curve Cryptosystems. In: Desmedt, Y.G. (ed.) PKC 2003. LNCS, vol. 2567, pp. 199–210. Springer, Heidelberg (2002)

    Chapter  Google Scholar 

  22. Ha, J., Park, J., Moon, S., Yen, S.: Provably Secure Countermeasure Resistant to Several Types of Power Attack for ECC. In: Kim, S., Yung, M., Lee, H.-W. (eds.) WISA 2007. LNCS, vol. 4867, pp. 333–344. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  23. Herbst, C., Medwed, M.: Using Templates to Attack Masked Montgomery Ladder Implementations of Modular Exponentiation. In: Chung, K.-I., Sohn, K., Yung, M. (eds.) WISA 2008. LNCS, vol. 5379, pp. 1–13. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  24. Homma, N., Miyamoto, A., Aoki, T., Satoh, A., Shamir, A.: Collision-based power analysis of modular exponentiation using chosen-message pairs. In: Oswald, E., Rohatgi, P. (eds.) CHES 2008. LNCS, vol. 5154, pp. 15–29. Springer, Heidelberg (2008)

    Chapter  Google Scholar 

  25. Itoh, K., Izu, T., Takenaka, M.: Address-Bit Differential Power Analysis of Cryptographic Schemes OK-ECDH and OK-ECDSA. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 129–143. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  26. Itoh, K., Izu, T., Takenaka, M.: A Practical Countermeasure against Address-Bit Differential Power Analysis. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 382–396. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  27. Izumi, M., Ikegami, J., Sakiyama, K., Ohta, K.: Improved countermeasure against Address-bit DPA for ECC scalar multiplication. In: DATE, pp. 981–984. IEEE, Los Alamitos (2010)

    Google Scholar 

  28. Joye, M.: On the security of a unified countermeasure. In: FDTC 2008: Proceedings of the 5th Workshop on Fault Diagnosis and Tolerance in Cryptography, pp. 87–91. IEEE Computer Society, Los Alamitos (2008)

    Chapter  Google Scholar 

  29. Joye, M., Tymen, C.: Protections against Differential Analysis for Elliptic Curve Cryptography. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 377–390. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  30. Joye, M., Yen, S.-M.: The Montgomery Powering Ladder. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES 2002. LNCS, vol. 2523, pp. 291–302. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  31. Karlof, C., Wagner, D.: Hidden Markov Model Cryptanalysis. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 17–34. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  32. Koblitz, N.: Elliptic Curve Cryptosystem. Math. Comp. 48, 203–209 (1987)

    Article  MathSciNet  MATH  Google Scholar 

  33. Kocher, P.C., Jaffe, J., Jun, B.: Differential Power Analysis. In: Wiener, M. (ed.) CRYPTO 1999. LNCS, vol. 1666, pp. 388–397. Springer, Heidelberg (1999)

    Google Scholar 

  34. Kömmerling, O., Kuhn, M.G.: Design principles for tamper-resistant smartcard processors. In: USENIX Workshop on Smartcard Technology – SmartCard 1999, pp. 9–20 (1999)

    Google Scholar 

  35. Mangard, S., Oswald, E., Popp, T.: Power analysis Attacks: Revealing the Secrets of Smart Cards. Springer, Heidelberg (2007)

    MATH  Google Scholar 

  36. May, D., Muller, H.L., Smart, N.P.: Random Register Renaming to Foil DPA. In: Koç, Ç.K., Naccache, D., Paar, C. (eds.) CHES 2001. LNCS, vol. 2162, pp. 28–38. Springer, Heidelberg (2001)

    Chapter  Google Scholar 

  37. Medwed, M., Oswald, E.: Template Attacks on ECDSA. In: Chung, K.-I., Sohn, K., Yung, M. (eds.) WISA 2008. LNCS, vol. 5379, pp. 14–27. Springer, Heidelberg (2009)

    Chapter  Google Scholar 

  38. Messerges, T.S., Dabbish, E.A., Sloan, R.H.: Power analysis attacks of modular exponentiation in smartcards. In: Koç, Ç.K., Paar, C. (eds.) CHES 1999. LNCS, vol. 1717, pp. 144–157. Springer, Heidelberg (1999)

    Chapter  Google Scholar 

  39. Miller, V.S.: Use of Elliptic Curves in Cryptography. In: Williams, H.C. (ed.) CRYPTO 1985. LNCS, vol. 218, pp. 417–426. Springer, Heidelberg (1986)

    Google Scholar 

  40. Montgomery, P.L.: Speeding the Pollard and elliptic curve methods of factorization. Mathematics of Computation 48(177), 243–264 (1987)

    Article  MathSciNet  MATH  Google Scholar 

  41. De Mulder, E., Örs, S., Preneel, B., Verbauwhede, I.: Differential power and electromagnetic attacks on a FPGA implementation of elliptic curve cryptosystems. Computers & Electrical Engineering 33(5-6), 367–382 (2007)

    Article  MATH  Google Scholar 

  42. Muller, F., Valette, F.: High-Order Attacks Against the Exponent Splitting Protection. In: Yung, M., Dodis, Y., Kiayias, A., Malkin, T. (eds.) PKC 2006. LNCS, vol. 3958, pp. 315–329. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  43. Nguyen, P.Q., Shparlinski, I.: The insecurity of the elliptic curve digital signature algorithm with partially known nonces. Des. Codes Cryptography 30(2), 201–217 (2003)

    Article  MathSciNet  MATH  Google Scholar 

  44. Okeya, K., Sakurai, K.: Power Analysis Breaks Elliptic Curve Cryptosystems even Secure against the Timing Attack. In: Roy, B., Okamoto, E. (eds.) INDOCRYPT 2000. LNCS, vol. 1977, pp. 178–190. Springer, Heidelberg (2000)

    Google Scholar 

  45. Smart, N.P.: An Analysis of Goubin’s Refined Power Analysis Attack. In: Walter, C.D., Koç, Ç.K., Paar, C. (eds.) CHES 2003. LNCS, vol. 2779, pp. 281–290. Springer, Heidelberg (2003)

    Chapter  Google Scholar 

  46. Stebila, D., Thériault, N.: Unified Point Addition Formulæ and Side-Channel Attacks. In: Goubin, L., Matsui, M. (eds.) CHES 2006. LNCS, vol. 4249, pp. 354–368. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

  47. Vanstone, S.: Responses to NIST’s proposal. Communications of the ACM 35, 50–52 (1992)

    Article  Google Scholar 

  48. Walter, C.D.: Simple Power Analysis of Unified Code for ECC Double and Add. In: Joye, M., Quisquater, J.-J. (eds.) CHES 2004. LNCS, vol. 3156, pp. 191–204. Springer, Heidelberg (2004)

    Chapter  Google Scholar 

  49. Yen, S.M., Joye, M.: Checking Before Output Not Be Enough Against Fault-Based Cryptanalysis. IEEE Trans. Computers 49(9), 967–970 (2000)

    Article  Google Scholar 

  50. Yen, S.-M., Ko, L.-C., Moon, S.-J., Ha, J.C.: Relative Doubling Attack Against Montgomery Ladder. In: Won, D.H., Kim, S. (eds.) ICISC 2005. LNCS, vol. 3935, pp. 117–128. Springer, Heidelberg (2006)

    Chapter  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. ESAT/SCD-COSIC and IBBT, Katholieke Universiteit Leuven, Kasteelpark Arenberg 10, B-3001, Leuven-Heverlee, Belgium

    Junfeng Fan & Ingrid Verbauwhede

Authors
  1. Junfeng Fan
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ingrid Verbauwhede
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Département d’informatique, École normale supérieure, 45 Rue d’Ulm, 75231, Paris Cedex 05, France

    David Naccache

Rights and permissions

Reprints and permissions

Copyright information

© 2012 Springer-Verlag Berlin Heidelberg

About this chapter

Cite this chapter

Fan, J., Verbauwhede, I. (2012). An Updated Survey on Secure ECC Implementations: Attacks, Countermeasures and Cost. In: Naccache, D. (eds) Cryptography and Security: From Theory to Applications. Lecture Notes in Computer Science, vol 6805. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-28368-0_18

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-28368-0_18

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-28367-3

  • Online ISBN: 978-3-642-28368-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation