High-Performance Noninvasive Side-Channel Attack Resistant ECC Coprocessor for GF(2m )

Elliptic curve cryptography (ECC) is one of the most popular public key cryptosystems in recent years due to its higher security strength and lower resource consumption. However, the noninvasive side-channel attacks (SCAs) have been proved to be a big threat to ECC systems in many previous researche...

Full description

Saved in:
Bibliographic Details
Published in:IEEE transactions on industrial electronics (1982) 2017-01, Vol.64 (1), p.727-738
Main Authors: Liao, Kai, Cui, Xiaoxin, Liao, Nan, Wang, Tian, Yu, Dunshan, Cui, Xiaole
Format: Article
Language:English
Subjects:
Algorithm design and analysis
Binary finite field arithmetic
Computer systems
Coprocessors
Cryptography
Data encryption
Dividing (mathematics)
Elliptic curve cryptography
elliptic curve cryptography (ECC)
Galois fields
hybrid operation sequence
Multiplication
Multiplication & division
noninvasive side-channel attack (SCA)
randomized Montgomery operation
Resists
Side-channel attacks
Statistical methods
Citations: Items that this one cites
Items that cite this one
Online Access:Get full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Elliptic curve cryptography (ECC) is one of the most popular public key cryptosystems in recent years due to its higher security strength and lower resource consumption. However, the noninvasive side-channel attacks (SCAs) have been proved to be a big threat to ECC systems in many previous researches. In this paper, we propose a low-area-time-product ECC coprocessor for GF(2 m ) with the ability to resist most of the existing noninvasive SCAs. The basic countermeasures are relied on the underlying finite field arithmetics in randomized Montgomery domain, which can blind the intermediate value in the iterations of scalar multiplication to prevent the adversaries from cracking the private key by statistical methods. Meanwhile, we optimize the modular division and modular multiplication algorithms to fix the operating time to resist some certain timing attacks, and the Montgomery Ladder algorithm makes the coprocessor immune against simple SCAs. To efficiently implement our coprocessor, we present a hybrid operation sequence which merely needs one multiplication module and one division module to complete the entire operations. The synthesis results indicate that our design is superior to other related works in area-time product (ATP) and the extra overhead paid for the countermeasures is less than 5%.
ISSN:0278-0046
1557-9948
DOI:10.1109/TIE.2016.2610402