2012
DOI: 10.1007/978-3-642-33027-8_32
|View full text |Cite
|
Sign up to set email alerts
|

An Efficient Countermeasure against Correlation Power-Analysis Attacks with Randomized Montgomery Operations for DF-ECC Processor

Abstract: Abstract. Correlation power-analysis (CPA) attacks are a serious threat for cryptographic device because the key can be disclosed from data-dependent power consumption. Hiding power consumption of encryption circuit can increase the security against CPA attacks, but it results in a large overhead for cost, speed, and energy dissipation. Masking processed data such as randomized scalar or primary base point on elliptic curve is another approach to prevent CPA attacks. However, these methods requiring pre-comput… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
18
0

Year Published

2013
2013
2022
2022

Publication Types

Select...
4
2
1

Relationship

0
7

Authors

Journals

citations
Cited by 10 publications
(18 citation statements)
references
References 22 publications
0
18
0
Order By: Relevance
“…Many implementations of ECC processors choose the Montgomery ladder algorithm to compute the scalar multiplication because it is safe against SPA and timing analysis attacks [11] [12]. On the other hand, DPA attacks [5] succeed against this algorithm.…”
Section: Discussionmentioning
confidence: 96%
See 1 more Smart Citation
“…Many implementations of ECC processors choose the Montgomery ladder algorithm to compute the scalar multiplication because it is safe against SPA and timing analysis attacks [11] [12]. On the other hand, DPA attacks [5] succeed against this algorithm.…”
Section: Discussionmentioning
confidence: 96%
“…On the other hand, DPA attacks [5] succeed against this algorithm. The DPA attacks can be made more difficult by field operations with random computation to obtain representations of the points in a random Montgomery domain [12]. Our countermeasure is at the algorithm level and can be mixed with random representations of points.…”
Section: Discussionmentioning
confidence: 99%
“…For multibits fault, the only difference Usually, attackers can reveal the 256-bit by enabling the device to execute twice and comparing the two different results by our fault attack. [25][26][27]; they are as follows.…”
Section: Fault Attack and Countermeasures On Sm9mentioning
confidence: 99%
“…Our work. In this paper, we show that the countermeasure proposed in [26] is flawed and can be efficiently broken by first-order CPA, even in presence of a large amount of noise in the measurements. After a presentation of the techniques proposed by Lee et al in Sect.…”
Section: Introductionmentioning
confidence: 96%
“…In practice, masking is always applied (possibly combined with hiding) since it provides strong security guaranty. Recently, Lee et al [26] proposed a new efficient countermeasure to overcome first-order CPA 2 attacks. It assumes that the field operations are performed in the Montgomery domain [30] and consists in randomizing the Montgomery representation of the internal results (thus defining a so-called Randomized Montgomery Domain).…”
Section: Introductionmentioning
confidence: 99%