SoK: SCA-secure ECC in software – mission impossible?
Identifikátory výsledku
Kód výsledku v IS VaVaI
<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F23%3A00134761" target="_blank" >RIV/00216224:14330/23:00134761 - isvavai.cz</a>
Výsledek na webu
<a href="http://dx.doi.org/10.46586/tches.v2023.i1.557-589" target="_blank" >http://dx.doi.org/10.46586/tches.v2023.i1.557-589</a>
DOI - Digital Object Identifier
<a href="http://dx.doi.org/10.46586/tches.v2023.i1.557-589" target="_blank" >10.46586/tches.v2023.i1.557-589</a>
Alternativní jazyky
Jazyk výsledku
angličtina
Název v původním jazyce
SoK: SCA-secure ECC in software – mission impossible?
Popis výsledku v původním jazyce
This paper describes an ECC implementation computing the X25519 keyexchange protocol on the Arm Cortex-M4 microcontroller. For providing protections against various side-channel and fault attacks we first review known attacks and countermeasures, then we provide software implementations that come with extensive mitigations, and finally we present a preliminary side-channel evaluation. To our best knowledge, this is the first public software claiming affordable protection against multiple classes of attacks that are motivated by distinct real-world application scenarios. We distinguish between X25519 with ephemeral keys and X25519 with static keys and show that the overhead to our baseline unprotected implementation is about 37% and 243%, respectively. While this might seem to be a high price to pay for security, we also show that even our (most protected) static implementation is at least as efficient as widely-deployed ECC cryptographic libraries, which offer much less protection.
Název v anglickém jazyce
SoK: SCA-secure ECC in software – mission impossible?
Popis výsledku anglicky
This paper describes an ECC implementation computing the X25519 keyexchange protocol on the Arm Cortex-M4 microcontroller. For providing protections against various side-channel and fault attacks we first review known attacks and countermeasures, then we provide software implementations that come with extensive mitigations, and finally we present a preliminary side-channel evaluation. To our best knowledge, this is the first public software claiming affordable protection against multiple classes of attacks that are motivated by distinct real-world application scenarios. We distinguish between X25519 with ephemeral keys and X25519 with static keys and show that the overhead to our baseline unprotected implementation is about 37% and 243%, respectively. While this might seem to be a high price to pay for security, we also show that even our (most protected) static implementation is at least as efficient as widely-deployed ECC cryptographic libraries, which offer much less protection.
Klasifikace
Druh
D - Stať ve sborníku
CEP obor
—
OECD FORD obor
10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)
Návaznosti výsledku
Projekt
—
Návaznosti
I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace
Ostatní
Rok uplatnění
2023
Kód důvěrnosti údajů
S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů
Údaje specifické pro druh výsledku
Název statě ve sborníku
IACR Transactions on Cryptographic Hardware and Embedded Systems, Volume 2023, Issue 1
ISBN
—
ISSN
2569-2925
e-ISSN
—
Počet stran výsledku
33
Strana od-do
557-589
Název nakladatele
Ruhr-University of Bochum
Místo vydání
Germany
Místo konání akce
Conference on Cryptographic Hardware and Embedde
Datum konání akce
1. 1. 2023
Typ akce podle státní příslušnosti
CST - Celostátní akce
Kód UT WoS článku
—