TY - GEN
T1 - A Side-Channel Attack Using Order 8 Rational Points against Curve25519 on an 8-Bit Microcontroller
AU - Uetake, Yoshinori
AU - Yoshimoto, Keiji
AU - Kodera, Yuta
AU - Weissbart, Leo
AU - Kusaka, Takuya
AU - Nogami, Yasuyuki
N1 - Funding Information:
This work was partially supported by the JSPS KAKENHI Challenging Research (Pioneering) 19H05579.
PY - 2019/11
Y1 - 2019/11
N2 - Among the increasing evolution of IoT devices, practical applications need reliable secure protocols to communicate with each other. A major issue for modern cryptosystems is an implementation of secure and trustworthy mechanisms to rely on. A side-channel attack against these cryptosystems may overturn the guarantee of security against conventional cyber-attacks. Elliptic curve cryptography is public-key cryptography based on elliptic curves, and one of the well-known curves is Curve25519 which is used for TLS protocols as a recommended curve. This curve is mainly implemented on limited resource devices such as microcontrollers. However, this curve poses a weakness for low-order points during a Diffie-Hellman key exchange is employed. This research demonstrates possible exploitation of a threat of order 8 rational points of Curve25519 and shows results of the side-channel attacks using order 8 rational points on an embedded system. The results indicate the order 8 rational points might be applied to key extraction as attacker sides.
AB - Among the increasing evolution of IoT devices, practical applications need reliable secure protocols to communicate with each other. A major issue for modern cryptosystems is an implementation of secure and trustworthy mechanisms to rely on. A side-channel attack against these cryptosystems may overturn the guarantee of security against conventional cyber-attacks. Elliptic curve cryptography is public-key cryptography based on elliptic curves, and one of the well-known curves is Curve25519 which is used for TLS protocols as a recommended curve. This curve is mainly implemented on limited resource devices such as microcontrollers. However, this curve poses a weakness for low-order points during a Diffie-Hellman key exchange is employed. This research demonstrates possible exploitation of a threat of order 8 rational points of Curve25519 and shows results of the side-channel attacks using order 8 rational points on an embedded system. The results indicate the order 8 rational points might be applied to key extraction as attacker sides.
KW - Curve25519
KW - microcontroller
KW - order 8 rational point
KW - side-channel attack
UR - http://www.scopus.com/inward/record.url?scp=85078919718&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85078919718&partnerID=8YFLogxK
U2 - 10.1109/CANDAR.2019.00037
DO - 10.1109/CANDAR.2019.00037
M3 - Conference contribution
AN - SCOPUS:85078919718
T3 - Proceedings - 2019 7th International Symposium on Computing and Networking, CANDAR 2019
SP - 225
EP - 231
BT - Proceedings - 2019 7th International Symposium on Computing and Networking, CANDAR 2019
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 7th International Symposium on Computing and Networking, CANDAR 2019
Y2 - 26 November 2019 through 29 November 2019
ER -