horizontal collision correlation attack on elliptic curves
play

Horizontal Collision Correlation Attack on Elliptic Curves A. Bauer - PowerPoint PPT Presentation

Horizontal Collision Correlation Attack on Elliptic Curves A. Bauer E. Jaulmes E. Prouff J. Wild Talk by J.-R. Reinhard ANSSI (French Network and Information Security Agency) Selected Areas in Cryptography 2013 Burnaby, Canada August 16,


  1. Horizontal Collision Correlation Attack on Elliptic Curves A. Bauer E. Jaulmes E. Prouff J. Wild Talk by J.-R. Reinhard ANSSI (French Network and Information Security Agency) Selected Areas in Cryptography 2013 Burnaby, Canada – August 16, 2013 Bauer et al. | ANSSI | SAC 2013 1 / 20

  2. | Introduction Elliptic Curve Cryptography Introduced by Koblitz and Miller in mid 80s Use the group of F p -rational points of an Elliptic Curve to build cryptosystems Security based on the hardness of DL in this group Many advantages DL believed to be more difficult on E ( F p ) than on ( F ∗ p , × ) Thus, smaller parameter sizes can be chosen Faster computations, more compact implementations Use of ECC (mainly ECDSA, ECDH) is spreading Introduction in SSL/TLS, openssl, https://www.google.com Smart cards, E-passport, ... Bauer et al. | ANSSI | SAC 2013 2 / 20

  3. | Introduction Side Channel Attacks Introduced by Kocher et al. in mid 90s Cryptographic computations are performed stepwise by processors Sequence of performed operations and/or intermediate values may leak partially through observable physical side channels Power consumption Electromagnetic emanation Simple SC Analysis Sensitive targeted operations need to be observed only for fixed inputs e.g., SPA Advanced SC Analysis Sensitive targeted operations need to be observed for several different inputs A statistical post-processing is applied to aggregate observations relative to a same secret data (e.g., key bit) e.g., CPA Bauer et al. | ANSSI | SAC 2013 3 / 20

  4. | Introduction Variations on Advanced SCA Vertical vs Horizontal Attacks [CFGRV10] Differ by the origin of aggregated observations: Vertical: N executions Horizontal: N sub-parts of a single execution . . . Correlation [BCO04] vs Collision Attacks [SWP03] Differ by what the statistical post-processing correlates: Observations and hypotheses Several observations stemming from a model Bauer et al. | ANSSI | SAC 2013 4 / 20

  5. | Introduction ECC Implementation Point Representation P ∼ a triplet of F p values: ( X : Y : Z ) e.g., Projective coordinates Point addition and doubling formulas express coordinates of P + Q , 2 P explicitely from the coordinates of P and Q Computations scalar multiplication: Q = sP ↔ sequence of elliptic curve operations ( E -operations) each of these E -operations: ↔ sequence of field operations ( F p -operations) each of these F p -operations: ↔ sequence of word multi-precision operations ( W -operations), manageable by the processor Bauer et al. | ANSSI | SAC 2013 5 / 20

  6. | Introduction ECC Implementation: Logical Layers scalar multiplication: . E 2 · E + E 2 · E 2 · E + E 2 · E + E 2 · E 2 · E 2 · E + E 2 · E + E 2 · E + E ... EC layer ... · F p + F p · F p · F p ... ... + F p + F p · F p + F p ... · F p ... Field layer + F p ... · W + W · W + W · W ... + W ... · W + W · W + W · W ... + W ... Word layer ... ... ...Physical layer Bauer et al. | ANSSI | SAC 2013 6 / 20

  7. | Introduction ECC & SCA Specificities of EC regarding SCA Usually, s is ephemeral: ECDH, ECDSA For each s , only one trace is available The sequence of operations in the EC layer is correlated to s SCA Protection Use regular algorithms: the sequence of operation types is independent of s Double & Add always, unified formulas: regular EC layer Atomicity: regular Field layer Correlation to s is moved to operations I/O routing Bauer et al. | ANSSI | SAC 2013 7 / 20

  8. | Introduction ECC & SCA Specificities of EC regarding SCA Double & Add: SPA Usually, s is ephemeral: ECDH, ECDSA 1: π ← 0 For each s , only one trace is available 2: for i := 0 to ⌈ log 2 ( q ) ⌉ − 1 do The sequence of operations in the EC layer is correlated to s π ← 2 · π 3: if s i = 1 then 4: SCA Protection π ← π + P 5: end if Use regular algorithms: the sequence of operation types is 6: independent of s 7: end for Double & Add always, unified formulas: regular EC layer 2 · E + E 2 · E 2 · E + E 2 · E + E 2 · E 2 · E 2 · E + E 2 · E + E 2 · E + E ... Atomicity: regular Field layer Correlation to s is moved to operations I/O routing 1 0 1 1 0 0 1 1 1 Bauer et al. | ANSSI | SAC 2013 7 / 20

  9. | Introduction ECC & SCA Specificities of EC regarding SCA Usually, s is ephemeral: ECDH, ECDSA For each s , only one trace is available The sequence of operations in the EC layer is correlated to s SCA Protection Use regular algorithms: the sequence of operation types is independent of s Double & Add always, unified formulas: regular EC layer Atomicity: regular Field layer Correlation to s is moved to operations I/O routing Bauer et al. | ANSSI | SAC 2013 7 / 20

  10. | Introduction ECC & SCA Specificities of EC regarding SCA Double & Add Always Usually, s is ephemeral: ECDH, ECDSA 1: π ← 0 For each s , only one trace is available 2: for i := 0 to ⌈ log 2 ( q ) ⌉ − 1 do The sequence of operations in the EC layer is correlated to s π 0 ← 2 · π 3: π 1 ← π 0 + P 4: SCA Protection π ← π s i 5: Use regular algorithms: the sequence of operation types is 6: end for independent of s 2 · E Double & Add always, unified formulas: regular EC layer + E 2 · E + E 2 · E + E 2 · E + E 2 · E ... Atomicity: regular Field layer Correlation to s is moved to operations I/O routing 1 0 1 1 Bauer et al. | ANSSI | SAC 2013 7 / 20

  11. | Introduction ECC & SCA Specificities of EC regarding SCA Usually, s is ephemeral: ECDH, ECDSA Unified Formulas For each s , only one trace is available The sequence of operations in the EC layer is correlated to s Basic double & add algorithm, but using the same operator for both + E and 2 · E SCA Protection P P P Use regular algorithms: the sequence of operation types is + E + E + E + E + E + E + E + E + E ... independent of s Double & Add always, unified formulas: regular EC layer 1 0 1 1 0 Atomicity: regular Field layer Correlation to s is moved to operations I/O routing Bauer et al. | ANSSI | SAC 2013 7 / 20

  12. | Introduction ECC & SCA Specificities of EC regarding SCA Usually, s is ephemeral: ECDH, ECDSA For each s , only one trace is available The sequence of operations in the EC layer is correlated to s SCA Protection Use regular algorithms: the sequence of operation types is independent of s Double & Add always, unified formulas: regular EC layer Atomicity: regular Field layer Correlation to s is moved to operations I/O routing Bauer et al. | ANSSI | SAC 2013 7 / 20

  13. | Introduction Contribution Establish a shared factor distinguisher by analyzing the word layer Use this distinguisher to build secret scalar recovery attacks Explore the wide applicability of these Horizontal Collision Correlation attacks Core Ideas Field multiplications are not atomic but built on word multiplications By combining information leaked by word multiplications corresponding to two field multiplications, one can identify factor reuse Identifying factor reuse enables to distinguish point addition from point doubling in classical regular algorithms, even in presence of classical blindings, using a single trace Bauer et al. | ANSSI | SAC 2013 8 / 20

  14. | Shared Factor Distinguisher Multiplication over F p : Implementation and Modeling Implementation Each element X ∈ F p is represented by an array of t words, X [ i ] ∈ W · F p interleaves word additions, multiplications and reductions X · F p Y involves computations of N word multiplications x · W y Multiplication example LIM: X [ i ] · W Y [ j ] , N = t 2 Modeling Heuristically: words x are independent and follow U ( W ) Distribution of word multiplication results can be deduced Per field multiplication, we get N noisy samples of a random variable following this distribution Bauer et al. | ANSSI | SAC 2013 9 / 20

  15. | Shared Factor Distinguisher Shared Factor Bias Let us consider jointly two F p multiplications ( X . Z , Y . W ) X · Z Y · W ... ... · W + W · W + W · W + W · W + W · W + W · W + W , , , ... · W · W · W · W · W · W No Factor Repetition Z = W No correlation between the Correlation due to the reuse of word multiplication results Z ( Collision ) N word multiplication pairs available ( Horizontal ) Bauer et al. | ANSSI | SAC 2013 10 / 20

  16. | Shared Factor Distinguisher A Distinguisher Algorithm � � � � l X · Z l Y · W 1: Get observations , of the word multiplications i i ρ ( l X · Z , l Y · W ) 2: Compute the Pearson coefficient ρ = ˆ 3: if ρ > ρ limit then return "shared factor" 4: else return "no shared factor" Simulation LIM multiplication (optimized distinguisher) , B ∼ N ( 0 , σ 2 ) Leakage model: l U · V = HW ( U [ i ] · V [ j ]) + B U · V i , j i , j Correlation as a function of SNR (8-bit proc., 384-bit curves) Correlation as a function of SNR (32-bit proc., 384-bit curves) Bauer et al. | ANSSI | SAC 2013 11 / 20

Recommend


More recommend