SoK: SCA-secure ECC in software – mission impossible?

Kód výsledku v IS VaVaI

<a href="https://www.isvavai.cz/riv?ss=detail&h=RIV%2F00216224%3A14330%2F23%3A00134761" target="_blank" >RIV/00216224:14330/23:00134761 - isvavai.cz</a>

Výsledek na webu

<a href="http://dx.doi.org/10.46586/tches.v2023.i1.557-589" target="_blank" >http://dx.doi.org/10.46586/tches.v2023.i1.557-589</a>

DOI - Digital Object Identifier

<a href="http://dx.doi.org/10.46586/tches.v2023.i1.557-589" target="_blank" >10.46586/tches.v2023.i1.557-589</a>

Jazyk výsledku

angličtina

Název v původním jazyce

SoK: SCA-secure ECC in software – mission impossible?

Popis výsledku v původním jazyce

This paper describes an ECC implementation computing the X25519 keyexchange protocol on the Arm Cortex-M4 microcontroller. For providing protections against various side-channel and fault attacks we first review known attacks and countermeasures, then we provide software implementations that come with extensive mitigations, and finally we present a preliminary side-channel evaluation. To our best knowledge, this is the first public software claiming affordable protection against multiple classes of attacks that are motivated by distinct real-world application scenarios. We distinguish between X25519 with ephemeral keys and X25519 with static keys and show that the overhead to our baseline unprotected implementation is about 37% and 243%, respectively. While this might seem to be a high price to pay for security, we also show that even our (most protected) static implementation is at least as efficient as widely-deployed ECC cryptographic libraries, which offer much less protection.

Název v anglickém jazyce

SoK: SCA-secure ECC in software – mission impossible?

Popis výsledku anglicky

This paper describes an ECC implementation computing the X25519 keyexchange protocol on the Arm Cortex-M4 microcontroller. For providing protections against various side-channel and fault attacks we first review known attacks and countermeasures, then we provide software implementations that come with extensive mitigations, and finally we present a preliminary side-channel evaluation. To our best knowledge, this is the first public software claiming affordable protection against multiple classes of attacks that are motivated by distinct real-world application scenarios. We distinguish between X25519 with ephemeral keys and X25519 with static keys and show that the overhead to our baseline unprotected implementation is about 37% and 243%, respectively. While this might seem to be a high price to pay for security, we also show that even our (most protected) static implementation is at least as efficient as widely-deployed ECC cryptographic libraries, which offer much less protection.

Druh

D - Stať ve sborníku

CEP obor

—

OECD FORD obor

10201 - Computer sciences, information science, bioinformathics (hardware development to be 2.2, social aspect to be 5.8)

Projekt

—

Návaznosti

I - Institucionalni podpora na dlouhodoby koncepcni rozvoj vyzkumne organizace

Rok uplatnění

2023

Kód důvěrnosti údajů

S - Úplné a pravdivé údaje o projektu nepodléhají ochraně podle zvláštních právních předpisů

Název statě ve sborníku

IACR Transactions on Cryptographic Hardware and Embedded Systems, Volume 2023, Issue 1

ISBN

—

ISSN

2569-2925

e-ISSN

—

Počet stran výsledku

33

Strana od-do

557-589

Název nakladatele

Ruhr-University of Bochum

Místo vydání

Germany

Místo konání akce

Conference on Cryptographic Hardware and Embedde

Datum konání akce

1. 1. 2023

Typ akce podle státní příslušnosti

CST - Celostátní akce

Kód UT WoS článku

—