Protecting Elliptic Curve Cryptography Against Fault Injection Attacks

Context. A fault injection attack consists in modifying an intermediate value of a computation (using an electromagnetic pulse or by acting on the power supply of the circuit) and exploiting the faulted final result to gather information about the computation that would not be accessible in a correct final result. For instance, did you know that due to the simplicity of the arithmetic behind RSA, injecting a single fault in an RSA computation makes it possible to easily extract the secret key? [2] The state of the art of countermeasures consists in defining attack conditions [1] (states of the computation which lead to a faulted result exploitable by an attacker) and proving that implementations do not verify these conditions, even when faulted. Currently, there exists a bunch of different ad-hoc countermeasures of which few have been formalized (or proved). However, no systematic approaches have been developed. In the particular case of CRT-RSA, we have recently shown that existing countermeasures are effective against not only one but an arbitrary number of fault injections (up to a trivial adaptation) [4]. Some of these countermeasures were also able to thwart fault attacks that have been discovered after their publication. The particularity of these countermeasures is that they attempt to verify the integrity of the computation, in order to return the final result if and only if it is correct, thus avoiding any information leakage. The global idea behind these countermeasures is to achieve a verification in two different structures, one of which being entangled with the functional computation [3]. Therefore, an inconsistency in the redundant structure hints at a perturbation. Moreover, the mathematics employed by these protection techniques are not specific to the algorithm they protect, thus these countermeasures strategies can be applied to other cryptographic algorithms which also rely on arithmetic.