TY - GEN
T1 - Evaluating a Side-Channel Resistance against Order 4 Rational Points in Arduino Cryptography Library
AU - Yoshimoto, Keiji
AU - Uetake, Yoshinori
AU - Kodera, Yuta
AU - Kusaka, Takuya
AU - Nogami, Yasuyuki
N1 - Funding Information:
VI. ACKNOWLEDGMENT This work is partially supported by a JSPS KAKENHI Challenging Research (Pioneering) 19H05579.
PY - 2019/11
Y1 - 2019/11
N2 - Curve25519 has been used in various security protocols for its efficiency and rapidity. However, Curve25519 is known to have rational points whose orders are 2, 4, and 8. In this research, the authors focus on rational points of order 4 and demonstrate a side-channel attack (SCA) against a scalar multiplication algorithm for Curve25519. It purposes to compare two scalar multiplication algorithms in terms of the difficulty of estimating a secret key via the SCA, where the algorithms are differentiated whether it uses a conditional swap function or not. Furthermore, we examine to attack an open-source library for Arduino UNO which includes the scalar multiplication algorithm using a conditional swap function in practice. Since this library takes a countermeasure against the SCA during key exchange, we can use this secure library as a protocol tool. However, there is a threat when we implement a scalar multiplication by using some functions in this library without considering the SCA.
AB - Curve25519 has been used in various security protocols for its efficiency and rapidity. However, Curve25519 is known to have rational points whose orders are 2, 4, and 8. In this research, the authors focus on rational points of order 4 and demonstrate a side-channel attack (SCA) against a scalar multiplication algorithm for Curve25519. It purposes to compare two scalar multiplication algorithms in terms of the difficulty of estimating a secret key via the SCA, where the algorithms are differentiated whether it uses a conditional swap function or not. Furthermore, we examine to attack an open-source library for Arduino UNO which includes the scalar multiplication algorithm using a conditional swap function in practice. Since this library takes a countermeasure against the SCA during key exchange, we can use this secure library as a protocol tool. However, there is a threat when we implement a scalar multiplication by using some functions in this library without considering the SCA.
KW - Arduino Cryptography Library
KW - Curve25519
KW - order 4 rational point
UR - http://www.scopus.com/inward/record.url?scp=85078918843&partnerID=8YFLogxK
UR - http://www.scopus.com/inward/citedby.url?scp=85078918843&partnerID=8YFLogxK
U2 - 10.1109/CANDAR.2019.00040
DO - 10.1109/CANDAR.2019.00040
M3 - Conference contribution
AN - SCOPUS:85078918843
T3 - Proceedings - 2019 7th International Symposium on Computing and Networking, CANDAR 2019
SP - 245
EP - 250
BT - Proceedings - 2019 7th International Symposium on Computing and Networking, CANDAR 2019
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 7th International Symposium on Computing and Networking, CANDAR 2019
Y2 - 26 November 2019 through 29 November 2019
ER -