An Efficient DPA Countermeasure With Randomized Montgomery Operations for DF-ECC Processor

• Published in: IEEE transactions on circuits and systems. II, Express briefs Vol. 59; no. 5; pp. 287 - 291
• Main Authors: Lee, Jen-Wei, Hsiao, Ju-Hung, Chang, Hsie-Chia, Lee, Chen-Yi
• Format: Journal Article
• Language: English
• Published: New York IEEE 01.05.2012; The Institute of Electrical and Electronics Engineers, Inc. (IEEE)
• Subjects: Algorithm design and analysis; Correlation; Dual fields; elliptic curve (EC) cryptography (ECC); Elliptic curve cryptography; Field programmable gate arrays; Hardware; power-analysis attacks; Resistance; security system
• ISSN: 1549-7747; 1558-3791
• DOI: 10.1109/TCSII.2012.2190857

Nowadays, differential power-analysis (DPA) attacks are a serious threat for cryptographic systems due to the inherent existence of data-dependent power consumption. Hiding power consumption of encryption circuit or applying key-blinded techniques can increase the security against DPA attacks, but they result in a large overhead for hardware cost, execution time, and energy dissipation. In this brief, a new DPA countermeasure performing all field operations in a randomized Montgomery domain is proposed to eliminate the correlation between target and reference power traces. After implemented in 90-nm CMOS process, our protected 521-bit dual-field elliptic curve (EC) cryptographic processor can perform one EC scalar multiplication in 8.08 ms over and 4.65 ms over , respectively, with 4.3% area and 5.2% power overhead. Experiments from a field-programmable gate array evaluation board demonstrate that the private key of unprotected device will be revealed within power traces, whereas the same attacks on our proposal cannot successfully extract the key value even after measurements.