The first official information on SCA dates from 1956 [94]. It is recorded in [129], how Peter Wright helped the British secret services to break a rotor machine by listening to the clicking sound with a microphone. In the past few decades there has been a lot of commotion about the electromagnetic emanation of video screens [130]. In the mid 1990s the academic research has examined three new types of SCAs, namely, execution time [38], computational faults [131] and power consumption [132, 39]. An attacker here does not focus on the flows of the algorithm, but tries to break the system by exploiting weaknesses in the implementation of the algorithm. e.g., measuring the elapsed time or the power consumption of operations that depends on analysing the VLSI implementation of the crypto-algorithm.
Of all the types of SCAs in PK based schemes, the power analysis attacks (or power side attack) is the common type. Two main classes of power analysis attacks were presented by Kocher et al. in [132, 39]. These are simple and differential power analysis attacks. Both of them are based on monitoring the power consumption of a cryptographic token while execut- ing an algorithm that manipulates the secret key. The traces of the measured power are then analysed to obtain significant information about the key. In ECC crypto-system, power anal- 19 To solve the irregularity in the execution of the window based method, a special consideration must be
made to avoid the zero-digits in the scalark[1].
20 Two secured window based methods proposed in [63, 64] that will be provided and discussed in Chapter
2.6. PowerAnalysisAttacks 29
ysis attack can reveal large features of the algorithm such as identifying the DBL and ADD operations being executed in the iterations of the loop [40]. Thus, the ECSM algorithm should be implemented using a fixed sequence of EC-point operations that does not depend on the value of a particular scalarkibit. Furthermore, to thwart differential side-channel analysis, the inputs of the scalar multiplication algorithm, namely, the base pointPand the scalark, should be randomized.
2.6.1
The Secured ECSM Schemes
Designing secure implementations requires taking into account the physical attacks. These at- tacks include power analysis that may infer information on a secret key by monitoring how it interacts with its environment, and fault analysis in which an adversary can disturb the normal functioning of a device with obtain the same goal. From Algorithms 1 and 2, it clearly appears that the formulas for doubling a point or for adding two (distinct) points on Weierstraß elliptic curve model are different. So, for example, from the distinction between the two point arith- metic operations, i.e., ADD and DBL, a SSCA using power traces, allows revealing the value of the secret kin the scalar multiplication algorithm. To counter the power attack, the power consumption of a crypto-algorithm has to be independent of the performed operations and the processed data values. Hence, it should have one of the following two properties [133]:
• The device consumes random amount of power in each clock cycle. • The device consumes equal amount of power in each clock cycle.
For the former type of counter property, the randomize is achieved by performing methods, such as a randomized projective coordinate method [40], a random double base number system (DBNS) representation [134], and a randomized curve method proposed in [135]. For various randomization techniques, comprehensive references are [1, 93, 136].
In order to withstand SSCAs, one must regularly execute the scalar multiplication, such that it performs a constant operation flow whatever the scalar value. This can be done by one of the following three basic approaches:
• The first approach is to use a unified addition (or indistinguishable addition) formulae, i.e., formulas using for both point arithmetic ADD and DBL are the same. Such formulae exist for standard Weierstraß elliptic curves [137, 138]; however, an implementation of these two formulas would suffer from huge area complexity and low speed computation. In addition, other unified addition formulas for special elliptic curve models are available
in the literature, for instance, the Edwards elliptic curve model over odd characteristic fields [76, 139], and for binary Edwards curves [140], the inverted Edwards model [141], the twisted Edwards model [37], the Huffmodel [77], the Hessian model over odd char- acteristic fields [75], and for binary Hessian models [142], and the Jacobi elliptic curve model [143, 78, 144].
• The second approach is to split both point arithmetic operations into small homogeneous blocks of basic field arithmetic operations. If both ADD and DBL are carefully im- plemented in an atomic block structure, it becomes impossible to distinguish between the atomic blocks that come from either of the two point arithmetic operations. This ap- proach was first proposed in [145]. Different atomic block structures were later presented in [81, 83, 146, 147].
• The third one which covers the case we are addressing in this thesis, i.e., when both ADD and DBL operations are different. The only way to make an ECSM algorithm SSCA aware is to use a regular structure scalar multiplication scheme; which evaluates the point arithmetic operations in a uniform sequence.