EC P-256: Successful Simple Power Analysis
This exposes a critical security flaw in widely used cryptographic implementations, particularly for hardware, making it significant for cryptographers and security engineers.
The paper demonstrates that atomic pattern algorithms for elliptic curve point multiplication are vulnerable to simple side channel analysis attacks due to key-dependent register addressing, revealing the key in practice.
In this work we discuss the resistance of atomic pattern algorithms for elliptic curve point multiplication against simple side channel analysis attacks using our own implementation as an example. The idea of the atomicity principle is to make kP implementations resistant against simple side channel analysis attacks. One of the assumptions, on which the atomicity principle is based, is the indistinguishability of register operations, i.e. two write-to-register operations cannot be distinguished if their old and new data values are the same. But before the data can be stored to a register/block, this register/block has to be addressed for storing the data. Different registers/blocks have different addresses. In praxis, this different and key dependent addressing can be used to reveal the key, even by running simple SCA attacks. The key dependent addressing of registers/blocks allows to reveal the key and is an inherent feature of the binary kP algorithms. This means that the assumption, that addressing of different registers/blocks is an indistinguishable operation, may no longer be applied when realizing kP implementations, at least not for hardware implementations.