1 / 23

Catherine H. Gebotys 1 , Robert J. Gebotys 2 Department of Electrical and Computer Engineering,

Secure Elliptic Curve Implementations : An Analysis of Resistance to Power-Attacks in a DSP Processor. Catherine H. Gebotys 1 , Robert J. Gebotys 2 Department of Electrical and Computer Engineering, University of Waterloo 1 , Wilfrid Laurier University 2 , Waterloo, Ontario Canada

scott
Download Presentation

Catherine H. Gebotys 1 , Robert J. Gebotys 2 Department of Electrical and Computer Engineering,

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Secure Elliptic Curve Implementations : An Analysis of Resistance to Power-Attacks in a DSP Processor Catherine H. Gebotys1, Robert J. Gebotys2 Department of Electrical and Computer Engineering, University of Waterloo1, Wilfrid Laurier University2, Waterloo, Ontario Canada cgebotys@optimal.vlsi.uwaterloo.ca

  2. Outline • Motivation • Previous Research • Methodology and ISI index • Experimental Results • Conclusions

  3. Motivation • Wireless Communications • Highly Cost Sensitive • Low Energy Dissipation • High Security (data, audio, video) • Secure against Power-Attacks • Security At all layers

  4. Previous Research • Power / EM / Timing Attacks • SPA, DPA, [Kocher 96,99] • SW-DPA [Clavier& 00], IPA [Fahn& 99], nthDPA [Messerges 00],… • DPA extension for ECC [Coron 99] • DSP processors [Dusse 90][Itoh 99]

  5. Problem Definition • Methodology for Design of Secure Embedded Processors • Secure against power-attacks • Energy efficient • Throughput constraints

  6. Methodology • Point Doubling, Adding • Timing and Power Traces identical through adding redundant operations • Point Multiplication • Timing and Power Traces identical through looping and switching

  7. Experimental Results • Elliptic Curve Cryptography • Weierstrass (projective coordinates) • Jacobi form of curve • 192-bit prime fields • DSP processor core at 100MHz

  8. Research Setup

  9. Star*core Architecture HIGHBW POWERFUL

  10. Cycle Counts

  11. SUM 2hs = h ^2 om = j ^2al = th * hs __th=y2<<3la = h * hsth = la * ix3 = om - al___be=al + omz3 = ga * h___al=hs<<1___be=z3<<1___om=be+z3___ga=hs<<2la = hs * g___al=la<<1___be=om*omom = la –x3___ga=om-alal = om * jy3 = al - th DOUBLE b1 = y ^2 e1 = z ^2b2 = b1 * b1 b = b2<<3__z2=y2 * x2z31 = y * ze2 = x - e1e3 = x + e1e = e2 * e3z12 = z31<<1c1 = e<<1c = c1 + ef1 = b1<<2a = f1 * xf3 = a<<1d1 = c * cx12 = d1 - f3y31 = a - x3y32 = y31 * cy12 = y32 - b SUM 1z2s = z2 ^2 z1s = z1 ^2z2c = z2s * z2 __al=y2<<3f = z1s * x2g = z2s * x1___th=x1-z1s ___ga=x1+z1sz1c  =  z1s * z1___om=g<<1___ga=z1c<<1th = f + g___al=z2s<<2ga = z1 * z2___la=ga<<1i = y1 * z2c___al=i-lah = f - gom = y2 * z1cj = om - i

  12. Power Traces PA-resistant ECC Code Original ECC Code

  13. Power Traces – timing shifts

  14. (1) Implementation Security Index Incorporates Variance into Difference of Means

  15. ISIS,D(t)-1 vs DPA

  16. Sum–Double Power Traces

  17. ISIDS,SD(t)-1 vs DPA

  18. Memory Stalls : Power

  19. Comparison to SW-DPA

  20. Jacobi Form of Curve

  21. ISIS,D(t)-1 : Jacobi Curve

  22. Energy – Performance Comparison

  23. Conclusions • Security against Power-Attack • ISI Metric for software development • ISI : Variances plus Difference of Means • Timing Shifts , Parallelism • Complex Processor Cores

More Related