Mikrocertifikat.cz

ENPřihlásit se Přihlásit se (EduID)

Repozitar.cz

SoK: SCA-secure ECC in software – mission impossible?

Přehled o publikaci

D 2023

SoK: SCA-secure ECC in software – mission impossible?

BATINA, Lejla; Lukasz Michal CHMIELEWSKI; Björn HAASE; Niels SAMWEL; Peter SCHWABE et al.

Základní údaje

Originální název

SoK: SCA-secure ECC in software – mission impossible?

Autoři

BATINA, Lejla; Lukasz Michal CHMIELEWSKI; Björn HAASE; Niels SAMWEL a Peter SCHWABE

Vydání

Germany, IACR Transactions on Cryptographic Hardware and Embedded Systems, Volume 2023, Issue 1, od s. 557-589, 33 s. 2023

Nakladatel

Ruhr-University of Bochum

Další údaje

Jazyk

angličtina

Typ výsledku

Stať ve sborníku

Stát vydavatele

Německo

Utajení

není předmětem státního či obchodního tajemství

Forma vydání

elektronická verze "online"

Označené pro přenos do RIV

Ne

Organizace

Fakulta informatiky – Masarykova univerzita – Repozitář

ISSN

DOI

https://doi.org/10.46586/tches.v2023.i1.557-589

EID Scopus

2-s2.0-85142877654

Klíčová slova anglicky

Elliptic Curve Cryptography; Side-Channel Analysis; Fault Injection

Změněno: 16. 5. 2024 04:14, RNDr. Daniel Jakubík

Anotace

V originále

This paper describes an ECC implementation computing the X25519 keyexchange protocol on the Arm Cortex-M4 microcontroller. For providing protections against various side-channel and fault attacks we first review known attacks and countermeasures, then we provide software implementations that come with extensive mitigations, and finally we present a preliminary side-channel evaluation. To our best knowledge, this is the first public software claiming affordable protection against multiple classes of attacks that are motivated by distinct real-world application scenarios. We distinguish between X25519 with ephemeral keys and X25519 with static keys and show that the overhead to our baseline unprotected implementation is about 37% and 243%, respectively. While this might seem to be a high price to pay for security, we also show that even our (most protected) static implementation is at least as efficient as widely-deployed ECC cryptographic libraries, which offer much less protection.

Přiložené soubory

https://is.muni.cz/publication/2315177/TCHES2023_1_18.pdf Verze souboru

Verze souboru

Citovat

ČSN ISO 690
BibTeX
LaTeX
RIS

BATINA, Lejla; Lukasz Michal CHMIELEWSKI; Björn HAASE; Niels SAMWEL a Peter SCHWABE. SoK: SCA-secure ECC in software – mission impossible?. Online. In L. BATINA, B. HAASE,, EH a MPI N. SAMWEL, P. SCHWABE. IACR Transactions on Cryptographic Hardware and Embedded Systems, Volume 2023, Issue 1. Germany: Ruhr-University of Bochum, 2023, s. 557-589. ISSN 2569-2925. Dostupné z: https://doi.org/10.46586/tches.v2023.i1.557-589.

@inproceedings{57587,
   author = {Batina, Lejla and Chmielewski, Lukasz Michal and Haase, Björn and Samwel, Niels and Schwabe, Peter},
   address = {Germany},
   article_number = {1},
   booktitle = {IACR Transactions on Cryptographic Hardware and Embedded Systems, Volume 2023, Issue 1},
   doi = {https://doi.org/10.46586/tches.v2023.i1.557-589},
   keywords = {Elliptic Curve Cryptography; Side-Channel Analysis; Fault Injection},
   howpublished = {elektronická verze "online"},
   language = {eng},
   location = {Germany},
   pages = {557-589},
   publisher = {Ruhr-University of Bochum},
   title = {SoK: SCA-secure ECC in software – mission impossible?},
   volume = {2023},
   year = {2023}
}

TY  - CONF
ID  - 57587
AU  - Batina, Lejla - Chmielewski, Lukasz Michal - Haase, Björn - Samwel, Niels - Schwabe, Peter
PY  - 2023
TI  - SoK: SCA-secure ECC in software – mission impossible?
VL  - 2023
IS  - 1
SP  - 557–589
EP  - 557–589
PB  - Ruhr-University of Bochum
CY  - Germany
KW  - Elliptic Curve Cryptography
KW  - Side-Channel Analysis
KW  - Fault Injection
N2  - This paper describes an ECC implementation computing the X25519 keyexchange protocol on the Arm Cortex-M4 microcontroller. For providing protections against various side-channel and fault attacks we first review known attacks and countermeasures, then we provide software implementations that come with extensive mitigations, and finally we present a preliminary side-channel evaluation. To our best knowledge, this is the first public software claiming affordable protection against multiple classes of attacks that are motivated by distinct real-world application scenarios. We distinguish between X25519 with ephemeral keys and X25519 with static keys and show that the overhead to our baseline unprotected implementation is about 37% and 243%, respectively. While this might seem to be a high price to pay for security, we also show that even our (most protected) static implementation is at least as efficient as widely-deployed ECC cryptographic libraries, which offer much less protection.
ER  -

BATINA, Lejla; Lukasz Michal CHMIELEWSKI; Björn HAASE; Niels SAMWEL a Peter SCHWABE. SoK: SCA-secure ECC in software – mission impossible?. Online. In L. BATINA, B. HAASE,, EH a MPI N. SAMWEL, P. SCHWABE. \textit{IACR Transactions on Cryptographic Hardware and Embedded Systems, Volume 2023, Issue 1}. Germany: Ruhr-University of Bochum, 2023, s.~557-589. ISSN~2569-2925. Dostupné z: https://doi.org/10.46586/tches.v2023.i1.557-589.