A. Technical Field
The present invention relates to secure systems and, more particularly, to secure systems and methods for Elliptic Curve Cryptosystems (ECCs) designed as countermeasure to side-channel attacks aimed at uncovering secret information from operations performed by electric circuitry.
B. Background of the Invention
Elliptic Curve Cryptosystem (ECC) implementations are increasingly replacing RSA for use in asymmetric cryptographic schemes, such as Diffie-Hellman key exchange or authentication, due to the exponential increase in key length requirements for RSA that makes improvements in security relatively difficult compared to ECCs, for which improvements in security require only a linear increase in key length. As an example, the security level of a 128-bit symmetric system, for which RSA requires a key length of 3,072 bits, can be converted into a 256-bit symmetric system by increasing the RSA key length five-fold to 15,360 bits. In comparison, the key length required to improve an equivalent 128-bit ECC symmetric system into a 256-bit symmetric system increases linearly, i.e., two-fold, from 256-283 bits to 512-571 bits. As a result, upgrading the security level of an RSA product drastically decreases system performance in terms of time, power consumption, and cost when compared to an ECC secured circuit.
Like other cryptosystems, ECCs use standard, non-proprietary algorithms to encrypt confidential data to protect against theft of secret information. Most encryption methods, however, do not prevent determined adversaries from circumventing the cryptosystem and unveiling critical keying material as data is being processed by the encryption circuit during encryption and decryption of confidential data. Well-known weaknesses in cryptosystems include leakage of information in the form of timing, power consumption, and electro-magnetic radiation information detectable during computations and subject to analysis even without physical tampering. Additionally, information may leak when the cryptosystem is subjected to fault insertion.
Side-channel attacks are one type of attack frequently employed to extract encryption keys, passwords, and other cryptographic data from a secure system (e.g., payment terminals, smart cards, security modules, mobile phones) by taking advantage of the fact that circuit properties are closely associated with and reflect the physical implementation of the encryption engine and the operations performed on the data processed by the particular encryption algorithm. In a differential side-channel attack, for example, a skilled attacker may perform numerous calls to a function in the secure system that the attacker attempts to break by performing statistical analysis on characteristic circuit properties, including electromagnetic emissions profiles of current and voltage transitions, power consumption profiles, and timing patters of generated signals. Since different instructions have different power consumption profiles, after monitoring a circuit under investigation, collecting sufficient data, and filtering out noise by statistical means, details of the system behavior can be inferred from the obtained information and, ultimately, the sought after secret data can be reconstructed.
For example, the implementation of a standard algorithm into a secure system causes current to flow through a given logic circuit from which knowledge about the circuit and the data processed by logic circuitry is inadvertently revealed to the surroundings of the circuit. In a circuit with a fixed number of gates and fixed location the data and current associated with that data travel through logic gates, which makes logic operations within the circuit prone to being probed for the purpose of tracing and extracting secret information, thereby, rendering the security of the cryptosystem vulnerable.
Several approaches exist aimed at protecting the security of a circuit by increasing the level of difficulty of carrying out this type of non-intrusive attack and prevent the leakage of observable, compromising information from a circuit to its surroundings. One such approach relies on modifying the encryption algorithm in such a manner as to perform security-related operations on both the actual bits of a secret key as well as the inverse thereof.
Other types of attack on a circuit include the method of fault injection. Using this approach, in preparation of carrying out an attack, an adversary manipulates a circuit that normally undergoes random operations and forces the circuit to deviate from regular cryptographic operations to switch into a more deterministic mode of operation. For example, by purposefully raising a voltage applied to the circuit, the attacker may trigger a certain circuit response that, in effect, reduces the randomness of operations, thereby, allowing the attacker to gain control of a more predictable circuit behavior and making it easier to successfully carry out an attack.
What is needed are tools for secure systems designers to overcome the above-described limitations while taking advantage of the benefits ECC provides to secured circuits.