Template Attacks against ECC : practical implementation against Curve25519
Abstract
This paper introduces a new profiling attack that targets elliptic curves-based cryptographic implementations. This attack exploits leakages from the conditional swap operation used in implementations using the Montgomery Ladder as a scalar multiplication method for calculating kP in constant time. In addition, our attack requires only one attack trace. This paper shows how the attack is performed on the mbedTLS Curve25519 function and why conventional coordinates randomization countermeasures do not prevent this type of attack. Then, a new countermeasure that is efficient against the presented attack will be proposed and tested. This work was carried out on the implementation of mbedTLS from Curve25519.
Origin : Files produced by the author(s)