Secure Binary Field Multiplication

Seo, Hwajeong; Chen, Chien-Ning; Liu, Zhe; Nogami, Yasuyuki; Park, Tae Hwan; Choi, Jongseok; Kim, Howon

doi:10.1007/978-3-319-31875-2_14

Cited by 2 publications

(4 citation statements)

References 14 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Therefore, on 8-bit AVR, the major goal of existing researches on binary field multiplication methods is minimizing redundant memory accesses by optimizing the use of the available registers. [9] Enhanced Karatsuba Block-Comb ECC GF(2 233 ) 6896 none Ziu et al [11,15] Masked Block-Comb GCM GF(2 128 ) 14,445 TA Seo et al [10] Block-Comb with Dummy XOR and ILA GCM GF(2 128 ) 5675 SPA, TA…”

Section: Multiplication Methods Over Gf(2 M ) On 8-bit Avr Mcusmentioning

confidence: 99%

“…However, they are vulnerable to side channel attacks, which uses information about the memory address [11,12,19] owing to the large number of resulted memory accesses. In [11,15], Liu et al successfully analyzed the wLtR Comb multiplication technique with a sort of horizontal correlation analysis [12]. Namely, they could get the indices used for accessing LUT by using the correlation between power consumption traces from building up the Lookup table and referencing the LUT element during the process of a multiplication.…”

Section: Look-up Table-based Methodsmentioning

confidence: 99%

“…Since Block-Comb multiplication methods do not utilize any Lookup Table, they have resistance against a sort of horizontal correlation analysis [11,15], which was used for analyzing LUT-based methods. However, they are vulnerable to TA and SPA because they contain a conditional branch.…”

Section: Secure Block-comb Multiplication Methodsmentioning

confidence: 99%

“…In 2018, Liu et al [11,15] presented a masked version of the Block-Comb (MBC) technique for secure GCM implementation on 8-bit AVR MCUs. Algorithm A1 is the masked Block-Comb method and it basically operates on 32-bit wise (Algorithm 1).…”

Section: Secure Block-comb Multiplication Methodsmentioning

confidence: 99%

See 3 more Smart Citations

Highly Efficient SCA-Resistant Binary Field Multiplication on 8-Bit AVR Microcontrollers

Seo

Kwon

2020

Applied Sciences

View full text Add to dashboard Cite

Binary field ( B F ) multiplication is a basic and important operation for widely used crypto algorithms such as the GHASH function of GCM (Galois/Counter Mode) mode and NIST-compliant binary Elliptic Curve Cryptosystems (ECCs). Recently, Seo et al. proposed a novel SCA-resistant binary field multiplication method in the context of GHASH optimization in AES GCM mode on 8-bit AVR microcontrollers (MCUs). They proposed a concept of Dummy XOR operation with a kind of garbage registers and a concept of instruction level atomicity ( I L A ) for resistance against Timing Analysis (TA) and Simple Power Analysis (SPA) and used a Karatsuba Block-Comb multiplication approach for efficiency. Even though their method achieved a large performance improvement compared with previous works, it still has room for improvement on the 8-bit AVR platform. In this paper, we propose a more improved binary field multiplication method on 8-bit AVR MCUs. Our method basically adopts a Dummy XOR technique using a set of garbage registers for TA and SPA security; however, we save the number of used garbage registers from eight to one by using the fact that the number of used garbage registers does not affect TA and SPA security. In addition, we apply a multiplier encoding approach so as to decrease the number of required registers when accessing the multiplier, which enables the use of extended block size in the Karatsuba Block-Comb multiplication technique. Actually, the proposed technique extends the block size from four to eight and the proposed binary field multiplication method can compute a 128-bit B F multiplication with only 3816 clock cycles ( c c ) (resp. 3490 c c ) with (resp. without) the multiplier encoding process, which is almost a 32.8% (resp. 38.5%) improvement compared with 5675 c c of the best previous work. We apply the proposed technique to the GHASH function of the GCM mode with several additional optimization techniques. The proposed GHASH implementation provides improved performance by over 42% compared with the previous best result. The concept of the proposed B F method can be extended to other MCUs, including 16-bit MSP430 MCUs and 32-bit ARM MCUs.

show abstract