Home Computer Science Hardware Security and Trust: Design and Deployment of Integrated Circuits in a Threatened Environment

# Countermeasures

To prevent first-order DPA attacks [1, 4], it is not sufficient to make the operations time-constant and the power traces indistinguishable. The most common countermeasure applied in ECC implementations is randomization of the secret values. In this way, developers make it more difficult to extract useful information from secret values. This section first covers different types of randomization. Further, we focus specifically on countermeasures against OTA attacks.

## Randomization Countermeasures

Scalar randomization Instead of a point multiplication with the scalar к, the blinded scalar к' is used, which is computed as follows:

Here, #E is the number of points on the curve and r is a random number [31]. Because kP and к' P always result in the same point on the elliptic curve, this method is effective against first-order DPA attacks when the random number is changed for every execution of the point multiplication.

Projective coordinate randomization In addition to scalar randomization, another countermeasure against DPA attacks on elliptic curve point multiplication is projective coordinate randomization. This countermeasure exploits the fact that the Z-coordinate can be chosen randomly when using projective coordinates [31]. This comes down to choosing a different Z-coordinate for each point multiplication during the conversion of the input point P to projective coordinates.

Base point splitting Using this technique, the scalar multiplication is not performed on the point P, but on the point P + R, where R is a random point on the curve. After the point multiplication к(P + R), the value kR is subtracted from the result. Elliptic curve isomorphism randomization The idea to protect scalar multiplication by transforming a curve through various random morphisms, was initially proposed by Joye and Tymen in [72]. Assume that ф is a random isomorphism from EK ^ E'K, which maps P e EK ^ P' e E'K. Multiplying P' with к will give Q = [к]? ' e E'K. With the inverse map ф-1 we can get back to Q = [к]P. An attacker needs to know the internal representation of the point in order to perform a successful attack, so if P' is on a curve that the adversary does not know, he cannot create input points in the correct representation.

## OTA Countermeasures

Given that an attacker needs to predict the intermediate state of an algorithm at a given point in time, we can assume that the countermeasures that are used to prevent DPA will also have an effect on the OTA. There are methods for changing the representation of a point, which can prevent OTA and make the result unpredictable to the attacker. Most notably those countermeasures are randomizing the projective representation of points and randomizing the coordinates through a random field isomorphism as described in [73]. However, inserting a point in affine coordinates and changing to (deterministic) projective coordinates during the execution of the scalar multiplication (compressing and decompressing of a point), does not affect the OTA type of attack, as it is shown with practical experiments in [65].

Found a mistake? Please highlight the word and press Shift + Enter

Subjects