Design and leakage assessment of side channel attack resistant binary edwards Elliptic Curve digital signature algorithm architectures

摘要

Considering that Elliptic Curve Digital Signature Algorithm (ECDSA) implementations need to be efficient, flexible and Side Channel Attack (SCA) resistant, in this paper, a design approach and architecture for ECDSA and the underlined scalar multiplication operation is proposed for GF(2(k)), satisfying the above three directives. To achieve that, in the paper, Binary Edwards Curves (BECs) are adopted as an alternative to traditional Weierstrass Elliptic Curves (ECs) for GF(2(k)) since they offer intrinsic SCA resistance against simple attacks due to their uniformity, operation regularity and completeness. To achieve high performance and flexibility, we propose a hardware/software ECDSA codesign approach where scalar multiplication is implemented in hardware and integrated in the ECDSA functionality through appropriate drivers of an ECDSA software stack. To increase BEC scalar multiplier performance and introduce SCA resistance we adopt and expand a parallelism design strategy/methodology where GF(2(k)) operations of a scalar multiplier round for both point operations performed in this round are reordered and assigned into parallelism layer in order to be executed concurrently. Within this strategy we include hardware and software based SCA countermeasures that rely on masking/randomization and hiding. While scalar randomization is realized by the ECDSA software stack in an easy way, in order to achieve resistance using hardware means, we propose and introduce in every scalar multiplier round, within the parallelism layers, projective coordinates randomization of all the round's output points. So, in our approach, considering that with the proposed parallelism plan in every scalar multiplier round BEC point operations are performed in parallel and that the round's output points are randomized with a different number in each round, we manage to achieve maximum SCA resistance. To validate this resistance, we introduce and realize a leakage assessment process on BEC scalar multipliers for the first time in research literature. This process is based on real measurements collected from a controlled SAKURA X environment with a GF(2(233)) based scalar multiplier implementation. Using Welch's t-test we investigate possible information leakage of the multiplier's input point and scalar and after an extended analysis we find trivial leakage. Finally, we validate the ECDSA architecture and its scalar multiplier efficiency by implementing it on a Zynq 7000 series FPGA Avnet Zedboard and collecting very promising, well balanced, results on speed and hardware resources in comparison with other works. (C) 2018 Elsevier B.V. All rights reserved.