Breaking a fully Balanced ASIC Coprocessor Implementing Complete   Addition Formulas on Weierstrass Elliptic Curves

Ievgen Kabin; Zoya Dyka; Dan Klann; Nele Mentens; Lejla Batina and; Peter Langendoerfer

arXiv:2201.01158·cs.CR·January 5, 2022

Breaking a fully Balanced ASIC Coprocessor Implementing Complete Addition Formulas on Weierstrass Elliptic Curves

Ievgen Kabin, Zoya Dyka, Dan Klann, Nele Mentens, Lejla Batina and, Peter Langendoerfer

PDF

TL;DR

This paper demonstrates successful side-channel attacks on two open-source elliptic curve cryptography hardware accelerators that use complete addition formulas, despite countermeasures like operation randomization.

Contribution

It provides an analysis of the security vulnerabilities of complete addition formula implementations in hardware ECC accelerators and evaluates the effectiveness of countermeasures.

Findings

01

Successful key extraction with 100% correctness

02

Countermeasures like operation randomization are insufficient

03

Side-channel attacks can compromise complete addition formula implementations

Abstract

In this paper we report on the results of selected horizontal SCA attacks against two open-source designs that implement hardware accelerators for elliptic curve cryptography. Both designs use the complete addition formula to make the point addition and point doubling operations indistinguishable. One of the designs uses in addition means to randomize the operation sequence as a countermeasure. We used the comparison to the mean and an automated SPA to attack both designs. Despite all these countermeasures, we were able to extract the keys processed with a correctness of 100%.

Peer Reviews

No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.

Videos

No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.