Subscribe
Issue No.03 - July-September (2009 vol.6)
pp: 175-187
Agustín Domínguez-Oviedo , University of Waterloo, Waterloo
M. Anwar Hasan , University of Waterloo, Waterloo
ABSTRACT
For some applications, elliptic curve cryptography (ECC) is an attractive choice because it achieves the same level of security with a much smaller key size in comparison with other schemes such as those that are based on integer factorization or discrete logarithm. For security reasons, especially to provide resistance against fault-based attacks, it is very important to verify the correctness of computations in ECC applications. In this paper, error-detecting and fault-tolerant elliptic curve cryptosystems are considered. Error detection may be a sufficient countermeasure for many security applications; however, fault-tolerant characteristic enables a system to perform its normal operation in spite of faults. For the purpose of detecting errors due to faults, a number of schemes and hardware structures are presented based on recomputation or parallel computation. It is shown that these structures can be used for detecting errors with a very high probability during the computation of the elliptic curve scalar multiplication (ECSM). Additionally, we show that using parallel computation along with either PV or recomputation, it is possible to have fault-tolerant structures for the ECSM. If certain conditions are met, these schemes are more efficient than others such as the well-known triple modular redundancy. Prototypes of the proposed structures for error detection and fault tolerance have been implemented, and experimental results have been presented.
INDEX TERMS
Elliptic curve cryptography, scalar multiplication, fault-based attacks, error detection, fault tolerance.
CITATION
Agustín Domínguez-Oviedo, M. Anwar Hasan, "Error Detection and Fault Tolerance in ECSM Using Input Randomization", IEEE Transactions on Dependable and Secure Computing, vol.6, no. 3, pp. 175-187, July-September 2009, doi:10.1109/TDSC.2008.21
REFERENCES
 [1] W. Diffie and M. Hellman, “New Directions in Cryptography,” IEEE Trans. Information Theory, vol. 22, no. 6, pp. 644-654, 1976. [2] P. Kocher, “Timing Attacks on Implementations of Diffie-Hellman,” Proc. Advances in Cryptology (CRYPTO '96), pp. 104-113, 1996. [3] P. Kocher, J. Jaffe, and B. Jun, “Differential Power Analysis,” Proc. Advances in Cryptology (CRYPTO '99), pp. 388-397, 1999. [4] D. Agrawal, B. Archambeault, J. Rao, and P. Rohatgi, “The EM Side-Channel(s),” Proc. Cryptographic Hardware and Embedded Systems (CHES '02), pp. 29-45, 2002. [5] D. Boneh, R. DeMillo, and R. Lipton, “On the Importance of Eliminating Errors in Cryptographic Computations,” J. Cryptology, vol. 14, no. 2, pp. 101-119, 2001. [6] I. Biehl, B. Meyer, and V. Müller, “Differential Fault Attacks on Elliptic Curve Cryptosystems,” Proc. Advances in Cryptology (CRYPTO '00), pp. 131-146, 2000. [7] M. Ciet and M. Joye, “Elliptic Curve Cryptosystems in the Presence of Permanent and Transient Faults,” Designs, Codes and Cryptography, vol. 36, no. 1, pp. 33-43, 2005. [8] A. Antipa, D. Brown, A. Menezes, R. Struik, and S. Vanstone, “Validation of Elliptic Curve Public Keys,” Proc. Public Key Cryptography (PKC '03), pp. 211-223, 2003. [9] J. Blömer, M. Otto, and J. Seifert, “Sign Change Attacks on Elliptic Curve Cryptosystems,” Proc. Fault Diagnosis and Tolerance in Cryptography (FDTC '05), pp. 36-42, 2006. [10] P. Montgomery, “Speeding the Pollard and Elliptic Curve Methods of Factorization,” Math. Computation, vol. 48, pp. 243-264, 1987. [11] J. Coron, “Resistance against Differential Power Analysis for Elliptic Curve Cryptosystems,” Proc. Cryptographic Hardware and Embedded Systems (CHES '99), pp. 292-302, 1999. [12] L. Washington, Elliptic Curves, Number Theory and Cryptography. CRC Press, 2003. [13] IEEE Standard Specifications for Public Key Cryptography, IEEE P1363, IEEE, 2000. [14] J. López and R. Dahab, “Improved Algorithms for Elliptic Curve Arithmetic in $GF(2^{n})$ ,” Proc. Selected Areas in Cryptography (SAC '98), pp. 201-212, 1998. [15] D. Hankerson, A. Menezes, and S. Vanstone, Guide to Elliptic Curve Cryptography. Springer-Verlag, 2003. [16] Handbook of Elliptic and Hyperelliptic Curve Cryptography, H. Cohen and G. Frey, eds. CRC Press, 2005. [17] D. Raynolds and G. Metze, “Fault Detection Capabilities of Alternating Logic,” IEEE Trans. Computers, vol. 27, no. 12, pp. 1093-1098, Dec. 1978. [18] J. Patel and L. Fung, “Concurrent Error Detection in ALUs by Recomputing with Shifted Operands,” IEEE Trans. Computers, vol. 31, no. 7, pp. 589-595, July 1982. [19] B. Johnson, “Fault-Tolerant Microprocessor-Based Systems,” IEEE Micro, vol. 4, no. 6, pp. 6-21, 1984. [20] “FIPS 186-2 Digital Signature Standard (DSS),” Federal Information Processing Standards Publication 186-2, Nat'l Inst. for Standards and Tech nology, 2000. [21] M. Joye and C. Tymen, “Protections against Differential Analysis for Elliptic Curve Cryptography—An Algebraic Approach,” Proc. Cryptographic Hardware and Embedded Systems (CHES '01), pp. 377-390, 2001. [22] N. Ebeid and A. Hasan, “On Randomizing Private Keys to Counteract DPA Attacks,” Proc. Selected Areas in Cryptography (SAC '03), pp. 58-722, 2003. [23] N. Meloni, “Fast and Secure Elliptic Curve Scalar Multiplication over Prime Fields Using Special Addition Chains,” Cryptology ePrint Archive, Report 2006/216, 2006. [24] The Reliability Design Handbook. Rome Air Development Center, Grifiss Air Force Base, 1976. [25] M. Shooman, Reliability of Computer Systems and Networks. Wiley, 2002. [26] P. Lala, Self-Checking and Fault-Tolerant Digital Design. Morgan Kaufmann, 2001. [27] J. Lutz and A. Hasan, “High Performance FPGA Based Elliptic Curve Cryptographic Co-Processor,” Proc. Information Technology Coding and Computing (ITCC '04), vol. 2, pp. 486-492, 2004. [28] D. Hankerson, J. López, and A. Menezes, “Software Implementation of Elliptic Curve Cryptography over Binary Fields,” Proc. Cryptographic Hardware and Embedded Systems (CHES '00), pp. 1-24, 2000. [29] H. Zarandi, S. Miremadi, and A. Ejlali, “Dependability Analysis Using a Fault Injection Tool Based on Synthesizability of HDL Models,” DFT 2003: Defect and Fault Tolerance in VLSI Systems. pp. 485-492, 2003.