Revisiting Atomic Patterns for Elliptic Curve Scalar Multiplication Revealing Inherent Vulnerability to Simple SCA

TL;DR

This paper reveals that atomic patterns used in elliptic curve scalar multiplication, intended as countermeasures against side-channel attacks, have an inherent vulnerability that can be exploited to reveal secret scalars.

Contribution

The study demonstrates that atomic patterns in hardware implementations of elliptic curve scalar multiplication are inherently vulnerable to simple side-channel analysis, challenging their effectiveness.

Findings

Field squaring operations are distinguishable from multiplications in power traces.

Atomic patterns can be exploited to recover the secret scalar k.

Vulnerability persists despite atomic pattern countermeasures.

Abstract

Elliptic Curve Scalar Multiplication denoted as kP operation is the basic operation in all Elliptic Curve based cryptographic protocols. The atomicity principle and different atomic patterns for kP algorithms were proposed in the past as countermeasures against simple side-channel analysis. In this work, we investigated the resistance of a kP algorithm implemented in hardware using Longa's atomic patterns. We analysed its simulated power trace. We show in the example of our kP implementation for the NIST EC P-256 that the field squaring operations are distinguishable from the field multiplications even if they are performed by the same field multiplier, due to the addressing of the second multiplicand. This inherent vulnerability of atomic patterns can be successfully exploited for revealing the scalar k.