Skip to main content
SpringerLink
Log in

Using modular extension to provably protect Edwards curves against fault attacks

  • Special Section on Proofs 2016
  • Published:
Journal of Cryptographic Engineering Aims and scope Submit manuscript

Abstract

Fault injection attacks are a real-world threat to cryptosystems, in particular, asymmetric cryptography. In this paper, we focus on countermeasures which guarantee the integrity of the computation result, hence covering most existing and future fault attacks. Namely, we study the modular extension protection scheme in previously existing and newly contributed variants of the countermeasure on elliptic curve scalar multiplication (ECSM) algorithms. We find that an existing countermeasure is incorrect and we propose new “test-free” variant of the modular extension scheme that fixes it. We then formally prove the correctness and security of modular extension: specifically, the fault non-detection probability is inversely proportional to the security parameter. Finally, we implement an ECSM protected with test-free modular extension during the elliptic curve operation to evaluate the efficient of this method on Edwards and twisted Edwards curves.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1

Similar content being viewed by others

Notes

  1. Note that this study does not take correlated faults into account.

  2. Similar idea can be found in [2, 14, 26]; we explicit it here for the article to be self-contained.

  3. Actually, there is in \(\lambda \) only one factor larger than p, of length \(\approx 900\) bits, hence of no practical use—it is indeed more efficient to perform the computation several times or to verify the signature.

References

  1. Aumüller, C., Bier, P., Fischer, W., Hofreiter, P., Seifert, J.-P.: Fault attacks on RSA with CRT: concrete results and practical countermeasures. In: Kaliski Jr., B.S., Koç, Ç.K., Paar, C. (eds.) CHES, Volume 2523 of Lecture Notes in Computer Science, pp. 260–275. Springer, Berlin (2002)

    Google Scholar 

  2. Baek, Y.-J., Vasyltsov, I.: How to prevent DPA and fault attack in a unified way for ECC scalar multiplication-ring extension method. In: Dawson, E., Wong, D.S. (eds.) Information Security Practice and Experience, Volume 4464 of Lecture Notes in Computer Science, pp. 225–237. Springer, Berlin (2007)

    Google Scholar 

  3. Barthe, G., Dupressoir, F., Fouque, P., Grégoire, B., Zapalowicz, J.: Synthesis of fault attacks on cryptographic implementations. In: Ahn, G., Yung, M., Li, N. (eds) Proceedings of the 2014 ACM SIGSAC Conference on Computer and Communications Security, Scottsdale, AZ, USA, November 3–7, 2014, pp. 1016–1027. ACM (2014)

  4. Battistello, A.: Constructive Side-Channel Analysis and Secure Design: 5th International Workshop, COSADE 2014, Paris, France, April 13–15, 2014. Revised selected papers, chapter common points on elliptic curves: the achilles’ heel of fault attack countermeasures, pp.69–81. Springer International Publishing, Cham (2014)

  5. Bernstein, D.J., Birkner, P., Joye, M., Lange, T., Peters, C.: Twisted edwards curves. In: Vaudenay, S. (ed), Progress in Cryptology - AFRICACRYPT 2008, First International Conference on Cryptology in Africa, Casablanca, Morocco, June 11–14, 2008. Proceedings, Volume 5023 of Lecture Notes in Computer Science, pp. 389–405. Springer(2008)

  6. Bernstein, D.J., Duif, N., Lange, T., Schwabe, P., Yang, B.: High-speed high-security signatures. J. Cryptogr. Eng. 2(2), 77–89 (2012)

    Article  MATH  Google Scholar 

  7. Bernstein, D.J., Lange, T.: Faster addition and doubling on elliptic curves. In: Kurosawa, K. (ed) Advances in Cryptology -ASIACRYPT2007, 13th International Conference on the Theory and Application of Cryptology and Information Security, Kuching, Malaysia, December 2–6, 2007. Proceedings, Volume 4833 of Lecture Notes in Computer Science, pp. 29–50. Springer (2007)

  8. Bernstein, D.J., Lange, T.: Explicit-Formulas Database, March (2015) http://hyperelliptic.org/EFD/

  9. Bernstein, D.J., Lange, T., Schwabe, P.: The security impact of a new cryptographic library. In: Hevia, A., Neven, G. (eds) Progress in Cryptology-LATINCRYPT 2012-2nd International Conference on Cryptology and Information Security in Latin America, Santiago, Chile, October 7–10, 2012. Proceedings, Volume 7533 of Lecture Notes in Computer Science, pp. 159–176. Springer (2012)

  10. Biehl, I., Meyer, B., Müller, V.: Differential fault attacks on elliptic curve cryptosystems. In: CRYPTO ’00: Proceedings of the 20th Annual International Cryptology Conference on Advances in Cryptology, pp. 131–146. Springer-Verlag, London, UK (2000)

  11. Blömer, J., Gomes Da Silva, R., Gunther, P., Krämer, J., Seifert, J.-P.: A practical second-order fault attack against a real-world pairing implementation. In: Fault Diagnosis and Tolerance in Cryptography (FDTC), 2014 Workshop on, pp. 123–136. Busan, Korea Sept (2014)

  12. Blömer, J., Günther, P., Liske, G.: Tampering attacks in pairing-based cryptography. In: Fault Diagnosis and Tolerance in Cryptography (FDTC), 2014 Workshop on, pp. 1–7. Busan, Korea Sept (2014)

  13. Blömer, J., Otto, M., Seifert, J.-P. : A new CRT-RSA algorithm secure against bellcore attacks. In: Jajodia, S., Atluri, V., Jaeger, T. (eds) ACM Conference on Computer and Communications Security, pp. 311–320. ACM (2003)

  14. Blömer, J., Otto, M., Seifert, J.-P.: Sign change fault attacks on elliptic curve cryptosystems. In: Breveglieri, L., Koren, I., Naccache, D., Seifert, J.-P. (eds.) Fault Diagnosis and Tolerance in Cryptography, Volume 4236 of Lecture Notes in Computer Science, vol. 4236, pp. 36–52. Springer, Berlin (2006)

    Google Scholar 

  15. Boneh, D., DeMillo, R.A., Lipton, R.J.: On the importance of checking cryptographic protocols for faults (extended abstract). In: Fumy, W. (ed) EUROCRYPT, Volume 1233 of Lecture Notes in Computer Science, pp. 37–51. Springer (1997)

  16. Boscher, A., Naciri, R., Prouff, E.: CRT RSA algorithm protected against fault attacks. In: Sauveron, D., Markantonakis, C., Bilas, A., Quisquater, J.-J. (eds.) WISTP, Volume 4462 of Lecture Notes in Computer Science, vol. 4462, pp. 229–243. Springer, Berlin (2007)

    Google Scholar 

  17. Ciet, M., Joye, M.: Practical fault countermeasures for chinese remaindering based RSA. In: Fault Diagnosis and Tolerance in Cryptography, pp. 124–131, Friday September 2nd. Edinburgh, Scotland (2005)

  18. Clavier, C.: Secret external encodings do not prevent transient fault analysis. In: CHES, Volume 4727 of Lecture Notes in Computer Science, pp.181–194. Springer, Vienna (2007)

  19. Dottax, E., Girau, C., Rivain, M., Sierra, Y.: On second-order fault analysis resistance for CRT-RSA implementations. In: Markowitch, O., Bilas, A., Hoepman, J.-H., Mitchell, C.J., Quisquater, J.-J. (eds.) WISTP, Volume 5746 of Lecture Notes in Computer Science, pp. 68–83. Springer, Berlin (2009)

    Google Scholar 

  20. Dugardin, M., Guilley, S., Moreau, M., Najm, Z., Rauzy, P.: Using modular extension to provably protect Edwards curves against fault attacks. Cryptology ePrint Archive, Report 2015/882. http://eprint.iacr.org/2015/882 (2015)

  21. Edwards, H.M.: A normal form for elliptic curves. Bull. Am. Math. Soc. 44, 393–422 (2007)

    Article  MathSciNet  MATH  Google Scholar 

  22. El Mrabet, N., Fournier, J.J., Goubin, L., Lashermes, R.: A survey of fault attacks in pairing based cryptography. Cryptogr. Commun. 7, 1–21 (2014)

    MathSciNet  MATH  Google Scholar 

  23. Giraud, C.: An RSA implementation resistant to fault attacks and to simple power analysis. IEEE Trans. Comput. 55(9), 1116–1120 (2006)

    Article  Google Scholar 

  24. Guillevic, A., Vergnaud, D.: Genus 2 hyperelliptic curve families with explicit jacobian order evaluation and pairing-friendly constructions. In: Abdalla, M., Lange, T. (eds.) Pairing-Based Cryptography—Pairing 2012, Volume 7708 of Lecture Notes in Computer Science, pp. 234–253. Springer, Berlin (2013)

    Google Scholar 

  25. Johnson, D., Menezes, A., Vanstone, S.: The elliptic curve digital signature algorithm (ECDSA). Int. J. Inf. Secur. 1(1), 36–63 (2001)

    Article  Google Scholar 

  26. Joye, M.: Fault-Resistant Calculations on Elliptic Curves, September 15. EP Patent App. EP20,100,155,001; http://www.google.com/patents/EP2228716A1?cl=en (2010)

  27. Joye, M., Paillier, P., Yen, S.-M.: Secure evaluation of modular functions. In: Hwang, R., Wu, C. (eds) International Workshop on Cryptology and Network Security, pp. 227–229, September 26–28 . http://joye.site88.net/papers/JPY01dfa.pdf, Taipei, Taiwan(2001)

  28. Joye, M., Tunstall, M. (eds.): Fault Analysis in Cryptography. Springer Information Security and Cryptography. ISBN 978-3-642-29655-0. doi:10.1007/978-3-642-29656-7 (2012)

  29. Karaklajic, D., Fan, J., Schmidt, J., Verbauwhede, I.: Low-cost fault detection method for ECC using Montgomery powering ladder. In: Design, Automation and Test in Europe, DATE 2011, Grenoble, France, March 14–18, 2011, pp. 1016–1021. IEEE (2011)

  30. Kim, S.-K., Kim, T.H., Han, D.-G., Hong, S.: An efficient CRT-RSA algorithm secure against power and fault attacks. J. Syst. Softw. 84, 1660–1669 (2011)

    Article  Google Scholar 

  31. Kocher, P.C., Jaffe, J., Jun, B.: Differential power analysis. In: Wiener, M.J. (ed.) CRYPTO, Volume 1666 of Lecture Notes in Computer Science, pp. 388–397. Springer, Berlin (1999)

    Google Scholar 

  32. Lashermes, R., Paindavoine, M., El Mrabet, N., Fournier, J.J., Goubin, L.: Practical validation of several fault attacks against the Miller algorithm. In: Fault Diagnosis and Tolerance in Cryptography (FDTC), 2014 Workshop on, pp. 115–122, Sept. Busan, Korea (2014)

  33. Le, D.-P., Rivain, M., Tan, C.H.: On double exponentiation for securing RSA against fault analysis. In: Benaloh, J. (ed.) CT-RSA, Volume 8366 of Lecture Notes in Computer Science, pp. 152–168. Springer, Berlin (2014)

    Google Scholar 

  34. Leont’ev, V.: Roots of random polynomials over a finite field. Math. Notes 80(1–2), 300–304 (2006)

    Article  MathSciNet  MATH  Google Scholar 

  35. Moody, D., Shumow, D.: Isogenies on Edwards and Huff curves. In: Computer Security Division. National Institute of Standards and Technology (NIST) (2011)

  36. Moro, N., Heydemann, K., Encrenaz, E., Robisson, B.: Formal verification of a software countermeasure against instruction skip attacks. J. Cryptogr. Eng. 4(3), 145–156 (2014)

    Article  Google Scholar 

  37. Naehrig, M., Niederhagen, R., Schwabe, P.: New software speed records for cryptographic pairings. In: Abdalla, M., Barreto, P.S. (eds) Progress in Cryptology—LATINCRYPT 2010, Volume 6212 of Lecture Notes in Computer Science, pp. 109–123. Springer, Berlin, updated version: http://cryptojedi.org/papers/#dclxvi(2010)

  38. Shamir, A.: Method and apparatus for protecting public key schemes from timing and fault attacks, November 1999. US Patent Number 5,991,415; also presented at the rump session of EUROCRYPT ’97 (May 11–15, Konstanz, Germany) (1997)

  39. University of Sydney. Magma computational algebra system. http://magma.maths.usyd.edu.au/magma/. Accessed 22 Aug 2014

  40. Vigilant, D.: RSA with CRT: a new cost-effective solution to Thwart fault attacks. In: Oswald, E., Rohatgi, P. (eds.) CHES, Volume 5154 of Lecture Notes in Computer Science, pp. 130–145. Springer, Berlin (2008)

    Google Scholar 

  41. Wagner, D.: Cryptanalysis of a provably secure CRT-RSA algorithm. In: Atluri, V., Pfitzmann, B., McDaniel, P.D. (eds) ACM Conference on Computer and Communications Security, pp. 92–97. ACM (2004)

Download references

Author information

Authors and Affiliations

  1. CESTI, Thales Communications and Security, 31000, Toulouse, France

    Margaux Dugardin

  2. LTCI, Télécom ParisTech, Université Paris-Saclay, 75013, Paris, France

    Margaux Dugardin & Sylvain Guilley

  3. Secure-IC SAS, 35510, Cesson-Sévigné, France

    Sylvain Guilley & Martin Moreau

  4. ST-Microelectronics, 13790, Rousset, France

    Zakaria Najm

  5. LIASD, Université Paris 8, Saint-Denis, France

    Pablo Rauzy

Authors
  1. Margaux Dugardin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sylvain Guilley
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Martin Moreau
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Zakaria Najm
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Pablo Rauzy
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Margaux Dugardin.

Rights and permissions

Reprints and permissions

About this article

Check for updates. Verify currency and authenticity via CrossMark

Cite this article

Dugardin, M., Guilley, S., Moreau, M. et al. Using modular extension to provably protect Edwards curves against fault attacks. J Cryptogr Eng 7, 321–330 (2017). https://doi.org/10.1007/s13389-017-0167-4

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s13389-017-0167-4

Keywords

Search

Navigation