A Side-Channel Attack Using Order 8 Rational Points against Curve25519 on an 8-Bit Microcontroller

Yoshinori Uetake; Keiji Yoshimoto; Yuta Kodera; Leo Weissbart; Takuya Kusaka; Yasuyuki Nogami

doi:10.1109/CANDAR.2019.00037

A Side-Channel Attack Using Order 8 Rational Points against Curve25519 on an 8-Bit Microcontroller

Yoshinori Uetake, Keiji Yoshimoto, Yuta Kodera, Leo Weissbart, Takuya Kusaka, Yasuyuki Nogami

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Abstract

Among the increasing evolution of IoT devices, practical applications need reliable secure protocols to communicate with each other. A major issue for modern cryptosystems is an implementation of secure and trustworthy mechanisms to rely on. A side-channel attack against these cryptosystems may overturn the guarantee of security against conventional cyber-attacks. Elliptic curve cryptography is public-key cryptography based on elliptic curves, and one of the well-known curves is Curve25519 which is used for TLS protocols as a recommended curve. This curve is mainly implemented on limited resource devices such as microcontrollers. However, this curve poses a weakness for low-order points during a Diffie-Hellman key exchange is employed. This research demonstrates possible exploitation of a threat of order 8 rational points of Curve25519 and shows results of the side-channel attacks using order 8 rational points on an embedded system. The results indicate the order 8 rational points might be applied to key extraction as attacker sides.

Original language	English
Title of host publication	Proceedings - 2019 7th International Symposium on Computing and Networking, CANDAR 2019
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	225-231
Number of pages	7
ISBN (Electronic)	9781728147253
DOIs	https://doi.org/10.1109/CANDAR.2019.00037
Publication status	Published - Nov 2019
Event	7th International Symposium on Computing and Networking, CANDAR 2019 - Nagasaki, Japan Duration: Nov 26 2019 → Nov 29 2019

Publication series

Name	Proceedings - 2019 7th International Symposium on Computing and Networking, CANDAR 2019

Conference

Conference	7th International Symposium on Computing and Networking, CANDAR 2019
Country	Japan
City	Nagasaki
Period	11/26/19 → 11/29/19

Fingerprint

Keywords

Curve25519
microcontroller
order 8 rational point
side-channel attack

ASJC Scopus subject areas

Computer Science Applications
Computer Networks and Communications
Hardware and Architecture
Signal Processing

Cite this

Uetake, Y., Yoshimoto, K., Kodera, Y., Weissbart, L., Kusaka, T., & Nogami, Y. (2019). A Side-Channel Attack Using Order 8 Rational Points against Curve25519 on an 8-Bit Microcontroller. In Proceedings - 2019 7th International Symposium on Computing and Networking, CANDAR 2019 (pp. 225-231). [8958444] (Proceedings - 2019 7th International Symposium on Computing and Networking, CANDAR 2019). Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/CANDAR.2019.00037

A Side-Channel Attack Using Order 8 Rational Points against Curve25519 on an 8-Bit Microcontroller. / Uetake, Yoshinori; Yoshimoto, Keiji; Kodera, Yuta; Weissbart, Leo; Kusaka, Takuya ; Nogami, Yasuyuki.

Proceedings - 2019 7th International Symposium on Computing and Networking, CANDAR 2019. Institute of Electrical and Electronics Engineers Inc., 2019. p. 225-231 8958444 (Proceedings - 2019 7th International Symposium on Computing and Networking, CANDAR 2019).

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution

Uetake, Y, Yoshimoto, K, Kodera, Y, Weissbart, L, Kusaka, T & Nogami, Y 2019, A Side-Channel Attack Using Order 8 Rational Points against Curve25519 on an 8-Bit Microcontroller. in Proceedings - 2019 7th International Symposium on Computing and Networking, CANDAR 2019., 8958444, Proceedings - 2019 7th International Symposium on Computing and Networking, CANDAR 2019, Institute of Electrical and Electronics Engineers Inc., pp. 225-231, 7th International Symposium on Computing and Networking, CANDAR 2019, Nagasaki, Japan, 11/26/19. https://doi.org/10.1109/CANDAR.2019.00037

Uetake Y, Yoshimoto K, Kodera Y, Weissbart L, Kusaka T , Nogami Y. A Side-Channel Attack Using Order 8 Rational Points against Curve25519 on an 8-Bit Microcontroller. In Proceedings - 2019 7th International Symposium on Computing and Networking, CANDAR 2019. Institute of Electrical and Electronics Engineers Inc. 2019. p. 225-231. 8958444. (Proceedings - 2019 7th International Symposium on Computing and Networking, CANDAR 2019). https://doi.org/10.1109/CANDAR.2019.00037

Uetake, Yoshinori ; Yoshimoto, Keiji ; Kodera, Yuta ; Weissbart, Leo ; Kusaka, Takuya ; Nogami, Yasuyuki. / A Side-Channel Attack Using Order 8 Rational Points against Curve25519 on an 8-Bit Microcontroller. Proceedings - 2019 7th International Symposium on Computing and Networking, CANDAR 2019. Institute of Electrical and Electronics Engineers Inc., 2019. pp. 225-231 (Proceedings - 2019 7th International Symposium on Computing and Networking, CANDAR 2019).

@inproceedings{92b2913722ea4b38b95c8724812b6eb3,

title = "A Side-Channel Attack Using Order 8 Rational Points against Curve25519 on an 8-Bit Microcontroller",

abstract = "Among the increasing evolution of IoT devices, practical applications need reliable secure protocols to communicate with each other. A major issue for modern cryptosystems is an implementation of secure and trustworthy mechanisms to rely on. A side-channel attack against these cryptosystems may overturn the guarantee of security against conventional cyber-attacks. Elliptic curve cryptography is public-key cryptography based on elliptic curves, and one of the well-known curves is Curve25519 which is used for TLS protocols as a recommended curve. This curve is mainly implemented on limited resource devices such as microcontrollers. However, this curve poses a weakness for low-order points during a Diffie-Hellman key exchange is employed. This research demonstrates possible exploitation of a threat of order 8 rational points of Curve25519 and shows results of the side-channel attacks using order 8 rational points on an embedded system. The results indicate the order 8 rational points might be applied to key extraction as attacker sides.",

keywords = "Curve25519, microcontroller, order 8 rational point, side-channel attack",

author = "Yoshinori Uetake and Keiji Yoshimoto and Yuta Kodera and Leo Weissbart and Takuya Kusaka and Yasuyuki Nogami",

year = "2019",

month = nov

doi = "10.1109/CANDAR.2019.00037",

language = "English",

series = "Proceedings - 2019 7th International Symposium on Computing and Networking, CANDAR 2019",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

pages = "225--231",

booktitle = "Proceedings - 2019 7th International Symposium on Computing and Networking, CANDAR 2019",

note = "7th International Symposium on Computing and Networking, CANDAR 2019 ; Conference date: 26-11-2019 Through 29-11-2019",

}

TY - GEN

T1 - A Side-Channel Attack Using Order 8 Rational Points against Curve25519 on an 8-Bit Microcontroller

AU - Uetake, Yoshinori

AU - Yoshimoto, Keiji

AU - Kodera, Yuta

AU - Weissbart, Leo

AU - Kusaka, Takuya

AU - Nogami, Yasuyuki

PY - 2019/11

Y1 - 2019/11

N2 - Among the increasing evolution of IoT devices, practical applications need reliable secure protocols to communicate with each other. A major issue for modern cryptosystems is an implementation of secure and trustworthy mechanisms to rely on. A side-channel attack against these cryptosystems may overturn the guarantee of security against conventional cyber-attacks. Elliptic curve cryptography is public-key cryptography based on elliptic curves, and one of the well-known curves is Curve25519 which is used for TLS protocols as a recommended curve. This curve is mainly implemented on limited resource devices such as microcontrollers. However, this curve poses a weakness for low-order points during a Diffie-Hellman key exchange is employed. This research demonstrates possible exploitation of a threat of order 8 rational points of Curve25519 and shows results of the side-channel attacks using order 8 rational points on an embedded system. The results indicate the order 8 rational points might be applied to key extraction as attacker sides.

AB - Among the increasing evolution of IoT devices, practical applications need reliable secure protocols to communicate with each other. A major issue for modern cryptosystems is an implementation of secure and trustworthy mechanisms to rely on. A side-channel attack against these cryptosystems may overturn the guarantee of security against conventional cyber-attacks. Elliptic curve cryptography is public-key cryptography based on elliptic curves, and one of the well-known curves is Curve25519 which is used for TLS protocols as a recommended curve. This curve is mainly implemented on limited resource devices such as microcontrollers. However, this curve poses a weakness for low-order points during a Diffie-Hellman key exchange is employed. This research demonstrates possible exploitation of a threat of order 8 rational points of Curve25519 and shows results of the side-channel attacks using order 8 rational points on an embedded system. The results indicate the order 8 rational points might be applied to key extraction as attacker sides.

KW - Curve25519

KW - microcontroller

KW - order 8 rational point

KW - side-channel attack

UR - http://www.scopus.com/inward/record.url?scp=85078919718&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85078919718&partnerID=8YFLogxK

U2 - 10.1109/CANDAR.2019.00037

DO - 10.1109/CANDAR.2019.00037

M3 - Conference contribution

AN - SCOPUS:85078919718

T3 - Proceedings - 2019 7th International Symposium on Computing and Networking, CANDAR 2019

SP - 225

EP - 231

BT - Proceedings - 2019 7th International Symposium on Computing and Networking, CANDAR 2019

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 7th International Symposium on Computing and Networking, CANDAR 2019

Y2 - 26 November 2019 through 29 November 2019

ER -

Access to Document

10.1109/CANDAR.2019.00037