An efficient DPA countermeasure with randomized montgomery operations for DF-ECC processor

Jen Wei Lee; Ju Hung Hsiao; Hsie-Chia Chang; Chen-Yi Lee

doi:10.1109/TCSII.2012.2190857

An efficient DPA countermeasure with randomized montgomery operations for DF-ECC processor

Jen Wei Lee^*, Ju Hung Hsiao, Hsie-Chia Chang, Chen-Yi Lee

^*Corresponding author for this work

Department of Electronics Engineering

Research output: Contribution to journal › Article › peer-review

22 Scopus citations

Abstract

Nowadays, differential power-analysis (DPA) attacks are a serious threat for cryptographic systems due to the inherent existence of data-dependent power consumption. Hiding power consumption of encryption circuit or applying key-blinded techniques can increase the security against DPA attacks, but they result in a large overhead for hardware cost, execution time, and energy dissipation. In this brief, a new DPA countermeasure performing all field operations in a randomized Montgomery domain is proposed to eliminate the correlation between target and reference power traces. After implemented in 90-nm CMOS process, our protected 521-bit dual-field elliptic curve (EC) cryptographic processor can perform one EC scalar multiplication in 8.08 ms over GF(p521) and 4.65 ms over GF(2 ⁴⁰⁹), respectively, with 4.3% area and 5.2% power overhead. Experiments from a field-programmable gate array evaluation board demonstrate that the private key of unprotected device will be revealed within 10 ³ power traces, whereas the same attacks on our proposal cannot successfully extract the key value even after 10 ⁶ measurements.

Original language	English
Article number	6187713
Pages (from-to)	287-291
Number of pages	5
Journal	IEEE Transactions on Circuits and Systems I: Regular Papers
Volume	59
Issue number	5
DOIs	https://doi.org/10.1109/TCSII.2012.2190857
State	Published - 1 May 2012

Keywords

Dual fields
elliptic curve (EC) cryptography (ECC)
power-analysis attacks
security system

Access to Document

10.1109/TCSII.2012.2190857

Fingerprint Dive into the research topics of 'An efficient DPA countermeasure with randomized montgomery operations for DF-ECC processor'. Together they form a unique fingerprint.

Cite this

@article{5752b14a14b749d58ff9a7840165d71c,

title = "An efficient DPA countermeasure with randomized montgomery operations for DF-ECC processor",

abstract = "Nowadays, differential power-analysis (DPA) attacks are a serious threat for cryptographic systems due to the inherent existence of data-dependent power consumption. Hiding power consumption of encryption circuit or applying key-blinded techniques can increase the security against DPA attacks, but they result in a large overhead for hardware cost, execution time, and energy dissipation. In this brief, a new DPA countermeasure performing all field operations in a randomized Montgomery domain is proposed to eliminate the correlation between target and reference power traces. After implemented in 90-nm CMOS process, our protected 521-bit dual-field elliptic curve (EC) cryptographic processor can perform one EC scalar multiplication in 8.08 ms over GF(p521) and 4.65 ms over GF(2 409), respectively, with 4.3% area and 5.2% power overhead. Experiments from a field-programmable gate array evaluation board demonstrate that the private key of unprotected device will be revealed within 10 3 power traces, whereas the same attacks on our proposal cannot successfully extract the key value even after 10 6 measurements.",

keywords = "Dual fields, elliptic curve (EC) cryptography (ECC), power-analysis attacks, security system",

author = "Lee, {Jen Wei} and Hsiao, {Ju Hung} and Hsie-Chia Chang and Chen-Yi Lee",

year = "2012",

month = may,

day = "1",

doi = "10.1109/TCSII.2012.2190857",

language = "English",

volume = "59",

pages = "287--291",

journal = "IEEE Transactions on Circuits and Systems I: Regular Papers",

issn = "1549-8328",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

number = "5",

}

TY - JOUR

T1 - An efficient DPA countermeasure with randomized montgomery operations for DF-ECC processor

AU - Lee, Jen Wei

AU - Hsiao, Ju Hung

AU - Chang, Hsie-Chia

AU - Lee, Chen-Yi

PY - 2012/5/1

Y1 - 2012/5/1

N2 - Nowadays, differential power-analysis (DPA) attacks are a serious threat for cryptographic systems due to the inherent existence of data-dependent power consumption. Hiding power consumption of encryption circuit or applying key-blinded techniques can increase the security against DPA attacks, but they result in a large overhead for hardware cost, execution time, and energy dissipation. In this brief, a new DPA countermeasure performing all field operations in a randomized Montgomery domain is proposed to eliminate the correlation between target and reference power traces. After implemented in 90-nm CMOS process, our protected 521-bit dual-field elliptic curve (EC) cryptographic processor can perform one EC scalar multiplication in 8.08 ms over GF(p521) and 4.65 ms over GF(2 409), respectively, with 4.3% area and 5.2% power overhead. Experiments from a field-programmable gate array evaluation board demonstrate that the private key of unprotected device will be revealed within 10 3 power traces, whereas the same attacks on our proposal cannot successfully extract the key value even after 10 6 measurements.

AB - Nowadays, differential power-analysis (DPA) attacks are a serious threat for cryptographic systems due to the inherent existence of data-dependent power consumption. Hiding power consumption of encryption circuit or applying key-blinded techniques can increase the security against DPA attacks, but they result in a large overhead for hardware cost, execution time, and energy dissipation. In this brief, a new DPA countermeasure performing all field operations in a randomized Montgomery domain is proposed to eliminate the correlation between target and reference power traces. After implemented in 90-nm CMOS process, our protected 521-bit dual-field elliptic curve (EC) cryptographic processor can perform one EC scalar multiplication in 8.08 ms over GF(p521) and 4.65 ms over GF(2 409), respectively, with 4.3% area and 5.2% power overhead. Experiments from a field-programmable gate array evaluation board demonstrate that the private key of unprotected device will be revealed within 10 3 power traces, whereas the same attacks on our proposal cannot successfully extract the key value even after 10 6 measurements.

KW - Dual fields

KW - elliptic curve (EC) cryptography (ECC)

KW - power-analysis attacks

KW - security system

UR - http://www.scopus.com/inward/record.url?scp=84861194602&partnerID=8YFLogxK

U2 - 10.1109/TCSII.2012.2190857

DO - 10.1109/TCSII.2012.2190857

M3 - Article

AN - SCOPUS:84861194602

VL - 59

SP - 287

EP - 291

JO - IEEE Transactions on Circuits and Systems I: Regular Papers

JF - IEEE Transactions on Circuits and Systems I: Regular Papers

SN - 1549-8328

IS - 5

M1 - 6187713

ER -