Arithmetic Level Countermeasures for ECC Coprocessor

Arnaud Tisserand 1, * Thomas Chabrier 1 Danuta Pamula 1, 2
* Auteur correspondant
1 CAIRN - Energy Efficient Computing ArchItectures with Embedded Reconfigurable Resources
Inria Rennes – Bretagne Atlantique , IRISA-D3 - ARCHITECTURE
Abstract : Arithmetic algorithms and number representations play a key role in computations in cryptographic circuits. They widely impact the speed, silicon area and power consumption. But designing high-performance and low-cost arithmetic operators is not sufficient in mordern cryptosystems. The robustness against physical attacks is another important parameter. Very efficient side channel and fault injection attacks have been proposed. Then secured and efficient arithmetic operators have to be designed. In elliptic curve cryptography (ECC), a lot of additions, multiplications, divisions, inversions are computed on 160 to 600 bits numbers in finite fields GF(2^m) or GF(p). Choosing an efficient representation for the field elements and arithmetic algorithms is not a simple task. There is a complex trade-off between: - the number system(s) used to represent the data (width, number coding...); - the algorithm used to compute the mathematical operations (evaluation methods, speed/area trade-offs, fused operations...); - the characteristics of data (signal activity, space/time correlations...); - and some circuit constraints (specific cells in the standard library, logic style...). In the ECC coprocessor designed in the CAIRN at IRISA, we use various representations of numbers as countermeasures against side-channel attacks (SCA). During the scalar multiplication Q=[k]P, the representation of the scalar k is modified in a reconfigurable architecture. The mathematical value of k is always the same, but its representation changes overtime the time. This should increase the immunity against SCA. We use various redundant number systems. In a redundant number system, some numbers have several distinct representations. This property is used in some number systems to allow constant time addition (the addition time does not depend on the number of digits). Here the various distinct representations of a scalar k are used to procude a variable set of computations (type and amount) during the scalar multiplication. Arithmetic recodings of some values using various number systems are frequent in cryptography. For instance, Non-Adjacent Forms (NAF and w-NAF) are widely used in ECC scalar multiplication and RSA exponentiation. But those recodings are static. We propose to use dynamic recodings. In this talk, we will present the number systems we use for the recodings and the hardware implementation of dynamic recoding architecture. We also discuss the cost and security issues of the dynamic recoding mechanism.
Type de document :
Communication dans un congrès
Claude Shannon Institute Workshop onCoding & Cryptography, May 2010, Cork, Ireland. 2010
Liste complète des métadonnées
Contributeur : Arnaud Tisserand <>
Soumis le : mercredi 19 mai 2010 - 08:54:52
Dernière modification le : mardi 16 janvier 2018 - 15:54:13


  • HAL Id : inria-00484758, version 1


Arnaud Tisserand, Thomas Chabrier, Danuta Pamula. Arithmetic Level Countermeasures for ECC Coprocessor. Claude Shannon Institute Workshop onCoding & Cryptography, May 2010, Cork, Ireland. 2010. 〈inria-00484758〉



Consultations de la notice