TY - GEN

T1 - Evaluating a Side-Channel Resistance against Order 4 Rational Points in Arduino Cryptography Library

AU - Yoshimoto, Keiji

AU - Uetake, Yoshinori

AU - Kodera, Yuta

AU - Kusaka, Takuya

AU - Nogami, Yasuyuki

N1 - Funding Information:
VI. ACKNOWLEDGMENT This work is partially supported by a JSPS KAKENHI Challenging Research (Pioneering) 19H05579.

PY - 2019/11

Y1 - 2019/11

N2 - Curve25519 has been used in various security protocols for its efficiency and rapidity. However, Curve25519 is known to have rational points whose orders are 2, 4, and 8. In this research, the authors focus on rational points of order 4 and demonstrate a side-channel attack (SCA) against a scalar multiplication algorithm for Curve25519. It purposes to compare two scalar multiplication algorithms in terms of the difficulty of estimating a secret key via the SCA, where the algorithms are differentiated whether it uses a conditional swap function or not. Furthermore, we examine to attack an open-source library for Arduino UNO which includes the scalar multiplication algorithm using a conditional swap function in practice. Since this library takes a countermeasure against the SCA during key exchange, we can use this secure library as a protocol tool. However, there is a threat when we implement a scalar multiplication by using some functions in this library without considering the SCA.

AB - Curve25519 has been used in various security protocols for its efficiency and rapidity. However, Curve25519 is known to have rational points whose orders are 2, 4, and 8. In this research, the authors focus on rational points of order 4 and demonstrate a side-channel attack (SCA) against a scalar multiplication algorithm for Curve25519. It purposes to compare two scalar multiplication algorithms in terms of the difficulty of estimating a secret key via the SCA, where the algorithms are differentiated whether it uses a conditional swap function or not. Furthermore, we examine to attack an open-source library for Arduino UNO which includes the scalar multiplication algorithm using a conditional swap function in practice. Since this library takes a countermeasure against the SCA during key exchange, we can use this secure library as a protocol tool. However, there is a threat when we implement a scalar multiplication by using some functions in this library without considering the SCA.

KW - Arduino Cryptography Library

KW - Curve25519

KW - order 4 rational point

UR - http://www.scopus.com/inward/record.url?scp=85078918843&partnerID=8YFLogxK

UR - http://www.scopus.com/inward/citedby.url?scp=85078918843&partnerID=8YFLogxK

U2 - 10.1109/CANDAR.2019.00040

DO - 10.1109/CANDAR.2019.00040

M3 - Conference contribution

AN - SCOPUS:85078918843

T3 - Proceedings - 2019 7th International Symposium on Computing and Networking, CANDAR 2019

SP - 245

EP - 250

BT - Proceedings - 2019 7th International Symposium on Computing and Networking, CANDAR 2019

PB - Institute of Electrical and Electronics Engineers Inc.

T2 - 7th International Symposium on Computing and Networking, CANDAR 2019

Y2 - 26 November 2019 through 29 November 2019

ER -