Ievgen Kabin

Gerald Isheanesu Matungamire, Alkistis Aikaterini Sigourou, Gerrit Schrock et al.

Scalar multiplication kP is the operation most frequently targeted in Elliptic Curve (EC) cryptosystems. To protect against single-trace Side-Channel Analysis (SCA) attacks, the atomicity principle and various atomic block patterns have been proposed in the past. In this work we use our software and hardware implementations to demonstrate that binary right-to left and left-to-right kP algorithms, when implemented with Chevallier-Mames atomic block patterns, are still vulnerable to single-trace SCA attacks. The vulnerability remains true for the left-to-right kP algorithm with projective coordinate randomization.

Ievgen Kabin, Zoya Dyka, Dan Klann et al.

In this paper we report on the results of selected horizontal SCA attacks against two open-source designs that implement hardware accelerators for elliptic curve cryptography. Both designs use the complete addition formula to make the point addition and point doubling operations indistinguishable. One of the designs uses in addition means to randomize the operation sequence as a countermeasure. We used the comparison to the mean and an automated SPA to attack both designs. Despite all these countermeasures, we were able to extract the keys processed with a correctness of 100%.

Alkistis Aikaterini Sigourou, Zoya Dyka, Peter Langendoerfer et al.

Scalar multiplication kP is a critical operation in Elliptic Curve Cryptosystems (ECC), often targeted by Side-Channel Analysis (SCA). Despite strategies based on atomic patterns to enhance security, the binary kP algorithms remain susceptible to simple SCA due to energy consumption variations in field multipliers during passing two different or two identical operands. This vulnerability arises independent of the multiplication method used. We implemented and analysed two mitigation techniques: one involving data redirection and another focusing on bus reloading.

Dmytro Petryk, Ievgen Kabin, Peter Langendoerfer et al.

Devices employing cryptographic approaches have to be resistant to physical attacks. Side-Channel Analysis (SCA) and Fault Injection (FI) attacks are frequently used to reveal cryptographic keys. In this paper, we present a combined SCA and laser illumination attack against an Elliptic Curve Scalar Multiplication accelerator using a differential probe from Teledyne LeCroy. Our experiments show that laser illumination increases the power consumption of the chip, especially its static power consumption but the success of the horizontal power analysis attacks was changed insignificantly. We assume that using a laser with a high laser beam power and concentrating on measuring and analysing only static current can improve the attack success significantly. The horizontal attacks against public key cryptosystems exploiting the Static Consumption under Laser Illumination (SCuLI attacks) are novel and their potential is not investigated yet. These attacks can be especially dangerous against cryptographic chips manufactured in scaled technologies. If such attacks are feasible, appropriate countermeasures have to be proposed in the future.

Ievgen Kabin, Zoya Dyka, Dan Klann et al.

In this paper we discuss the difficulties of mounting successful attack against crypto implementations when essential information is missing. We start with a detailed description of our attack against our own design, to highlight which information is needed to increase the success of an attack, i.e. we use it as a blueprint to the following attack against commercially available crypto chips. We would like to stress that our attack against our own design is very similar to what happens during certification e.g. according to Common Criteria Standard as in those cases the manufacturer needs to provide detailed information. When attacking the commercial designs without signing NDAs, we needed to intensively search the Internet for information about the designs. We cannot to reveal the private keys used by the attacked commercial authentication chips 100% correctly. Moreover, the missing knowledge of the used keys does not allow us to evaluate the success of our attack. We were able to reveal information on the processing sequence during the authentication process even as detailed as identifying the clock cycles in which the individual key bits are processed. To summarize the effort of such an attack is significantly higher than the one of attacking a well-known implementation.

Oxana Shamilyan, Ievgen Kabin, Zoya Dyka et al.

Octopus is an invertebrate belonging to the class of Cephalopoda. The body of an Octopus lacks any morphological joints and rigid parts. Their arms, skin and the complex nervous system are investigated by a several researchers all over the world. Octopuses are the object of inspiration for my scientists in different areas, including AI. Soft- and hardware are developed based on octopus features. Soft-robotics octopus-inspired arms are the most common type of developments. There are a lot of different variants of this solution, each of them is different from the other. In this paper, we describe the most remarkable octopus features, show solutions inspired by octopus and provide new ideas for further work and investigations in combination of AI and bioinspired soft-robotics areas.

Ievgen Kabin, Zoya Dyka, Dan Klann et al.

In this paper we analyse the impact of different compile options on the success rate of side-channel analysis attacks. We run horizontal differential side-channel attacks against simulated power traces for the same $kP$ design synthesized using two different compile options after synthesis and after layout. As we are interested in the effect on the produced ASIC we also run the same attack against measured power traces after manufacturing the ASIC. We found that the compile_ultra option reduces the success rate significantly from 5 key candidates with a correctness of between 75 and 90 per cent down to 3 key candidates with a maximum success rate of 72 per cent compared to the simple compile option. Also the success rate after layout shows a very high correlation with the one obtained attacking the measured power and electromagnetic traces, i.e. the simulations are a good indicator of the resistance of the ASIC.

Ievgen Kabin, Zoya Dyka, Dan Klann et al.

Due to the nature of applications such as critical infrastructure and the Internet of Things etc. side channel analysis attacks are becoming a serious threat. Side channel analysis attacks take advantage from the fact that the behavior of crypto implementations can be observed and provides hints that simplify revealing keys. A new type of SCA are the so called horizontal SCAs. Well known randomization based countermeasures are effective means against vertical DPA attacks but they are not effective against horizontal DPA attacks. In this paper we investigate how the formula used to implement the multiplication of $GF(2^n)$-elements influences the results of horizontal DPA attacks against a Montgomery kP implementation. We implemented 5 designs with different partial multipliers, i.e. based on different multiplication formulae. We used two different technologies, i.e. a 130 and a 250 nm technology, to simulate power traces for our analysis. We show that the implemented multiplication formula influences the success of horizontal attacks significantly, but we also learned that its impact differs from technology to technology. Our analysis also reveals that the use of different multiplication formulae as the single countermeasure is not sufficient to protect cryptographic designs against horizontal DPA attacks.

Ievgen Kabin, Zoya Dyka, Dan Kreiser et al.

Side-channel analysis attacks, especially horizontal DPA and DEMA attacks, are significant threats for cryptographic designs. In this paper we investigate to which extend different multiplication formulae and randomization of the field multiplier increase the resistance of an ECC design against horizontal attacks. We implemented a randomized sequence of the calculation of partial products for the field multiplication in order to increase the security features of the field multiplier. Additionally, we use the partial polynomial multiplier itself as a kind of countermeasure against DPA attacks. We demonstrate that the implemented classical multiplication formula can increase the inherent resistance of the whole ECC design. We also investigate the impact of the combination of these two approaches. For the evaluation we synthesized all these designs for a 250 nm gate library technologies, and analysed the simulated power traces. All investigated protection means help to decrease the success rate of attacks significantly: the correctness of the revealed key was decreased from 99% to 69%.

Zoya Dyka, Dan Kreiser, Ievgen Kabin et al.

In this paper we describe our flexible ECDSA design for elliptic curve over binary extended fields GF(2l). We investigated its resistance against Horizontal Collision Correlation Attacks (HCCA). Due to the fact that our design is based on the Montgomery kP algorithm using Lopez-Dahab projective coordinates the scalar k cannot be successful revealed using HCCA, but this kind of attacks can be helpful to divide the measured traces into parts that correspond to processing of a single bit of the scalar k. The most important contribution of this paper is that our flexible field multiplier is resistant against horizontal attacks. This inherent resistance makes it a valuable building block for designing unified field multipliers.

Marcin Aftowicz, Ievgen Kabin, Zoya Dyka et al.

Evaluation of the resistance of implemented cryptographic algorithms against SCA attacks, as well as detecting of SCA leakage sources at an early stage of the design process, is important for an efficient re-design of the implementation. Thus, effective SCA methods that do not depend on the key processed in the cryptographic operations are beneficially and can be a part of the efficient design methodology for implementing cryptographic approaches. In this work we compare two different methods that are used to analyse power traces of elliptic curve point multiplications. The first method the comparison to the mean is a simple method based on statistical analysis. The second one is K-means - the mostly used unsupervised machine learning algorithm for data clustering. The results of our early work showed that the machine learning algorithm was not superior to the simple approach. In this work we concentrate on the comparison of the attack results using both analysis methods with the goal to understand their benefits and drawbacks. Our results show that the comparison to the mean works properly only if the scalar processed during the attacked kP execution is balanced, i.e. if the number of '1' in the scalar k is about as high as the number of '0'. In contrast to this, K-means is effective also if the scalar is highly unbalanced. It is still effective even if the scalar k contains only a very small number of '0' bits.

Marcin Aftowicz, Ievgen Kabin, Dan Klann et al.

Side Channel Analysis attacks take advantage of the information leaked from the implementations of cryptographic algorithms. In this paper we describe two key revealing methods which are based on machine learning algorithms: K-means and PCA. We performed the attacks against ECDSA implementations without any prior knowledge about the key and achieved 100% accuracy for an implementation without any countermeasures against horizontal attacks and 88.7% accuracy for an implementation with bus address sequencing. In the scenario where the kP operation inputs are controlled by the attacker (as during signature verification), we achieved 98.3% accuracy for the implementation with countermeasures.

Ievgen Kabin, Alejandro Sosa, Zoya Dyka et al.

This paper reports about the impact of compiler options on the resistance of cryptographic implementations against side channel analysis attacks. We evaluated four compiler option for six different FPGAs from Intel and Xilinx. In order to ensure fair assessment we synthesized always the same VHDL code, kept the measurement setup and statistical analysis method etc. constant. Our analysis clearly shows that the compiler options have an impact on the success of attacks but also that the impact is unpredictable not only between different FPGAs but also for an individual FPGA.

Ievgen Kabin, Zoya Dyka, Dan Kreiser et al.

In this paper we introduce a unified field multiplier for the EC kP operation in two different types of Galois fields. The most important contributions of this paper are that the multiplier is based on the 4-segment Karatsuba multiplication method and that it is inherent resistant against selected horizontal attacks.

Ievgen Kabin, Zoya Dyka, Dan Klann et al.

In this work we discuss the resistance of atomic pattern algorithms for elliptic curve point multiplication against simple side channel analysis attacks using our own implementation as an example. The idea of the atomicity principle is to make kP implementations resistant against simple side channel analysis attacks. One of the assumptions, on which the atomicity principle is based, is the indistinguishability of register operations, i.e. two write-to-register operations cannot be distinguished if their old and new data values are the same. But before the data can be stored to a register/block, this register/block has to be addressed for storing the data. Different registers/blocks have different addresses. In praxis, this different and key dependent addressing can be used to reveal the key, even by running simple SCA attacks. The key dependent addressing of registers/blocks allows to reveal the key and is an inherent feature of the binary kP algorithms. This means that the assumption, that addressing of different registers/blocks is an indistinguishable operation, may no longer be applied when realizing kP implementations, at least not for hardware implementations.

Dmytro Petryk, Zoya Dyka, Eduardo Perez et al.

Resistive Random Access Memory (RRAM) is a type of Non-Volatile Memory (NVM). In this paper we investigate the sensitivity of the TiN/Ti/Al:HfO2/TiN-based 1T-1R RRAM cells implemented in a 250 nm CMOS IHP technology to the laser irradiation in detail. Experimental results show the feasibility to influence the state of the cells under laser irradiation, i.e. successful optical Fault Injection. We focus on the selection of the parameters of the laser station and their influence on the success of optical Fault Injections.