An efficient DPA countermeasure with randomized montgomery operations for DF-ECC processor

Nowadays, differential power-analysis (DPA) attacks are a serious threat for cryptographic systems due to the inherent existence of data-dependent power consumption. Hiding power consumption of encryption circuit or applying key-blinded techniques can increase the security against DPA attacks, but they result in a large overhead for hardware cost, execution time, and energy dissipation. In this brief, a new DPA countermeasure performing all field operations in a randomized Montgomery domain is proposed to eliminate the correlation between target and reference power traces. After implemented in 90-nm CMOS process, our protected 521-bit dual-field elliptic curve (EC) cryptographic processor can perform one EC scalar multiplication in 8.08 ms over GF(p521) and 4.65 ms over GF(2 ⁴⁰⁹), respectively, with 4.3% area and 5.2% power overhead. Experiments from a field-programmable gate array evaluation board demonstrate that the private key of unprotected device will be revealed within 10 ³ power traces, whereas the same attacks on our proposal cannot successfully extract the key value even after 10 ⁶ measurements.