Publication details

SoK: SCA-secure ECC in software – mission impossible?

Authors

BATINA Lejla L. BATINA, B. HAASE, Radboud University & EH CHMIELEWSKI Lukasz Michal N. SAMWEL, P. SCHWABE Radboud University & MPI HAASE Björn SAMWEL Niels SCHWABE Peter

Year of publication 2023
Type Article in Proceedings
Conference IACR Transactions on Cryptographic Hardware and Embedded Systems, Volume 2023, Issue 1
MU Faculty or unit

Faculty of Informatics

Citation
Doi http://dx.doi.org/10.46586/tches.v2023.i1.557-589
Keywords Elliptic Curve Cryptography; Side-Channel Analysis; Fault Injection
Attached files
Description This paper describes an ECC implementation computing the X25519 keyexchange protocol on the Arm Cortex-M4 microcontroller. For providing protections against various side-channel and fault attacks we first review known attacks and countermeasures, then we provide software implementations that come with extensive mitigations, and finally we present a preliminary side-channel evaluation. To our best knowledge, this is the first public software claiming affordable protection against multiple classes of attacks that are motivated by distinct real-world application scenarios. We distinguish between X25519 with ephemeral keys and X25519 with static keys and show that the overhead to our baseline unprotected implementation is about 37% and 243%, respectively. While this might seem to be a high price to pay for security, we also show that even our (most protected) static implementation is at least as efficient as widely-deployed ECC cryptographic libraries, which offer much less protection.

You are running an old browser version. We recommend updating your browser to its latest version.

More info